期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于Libra爬虫技术的Web漏洞检测方法研究 被引量:2

Research on Web vulnerability detection method based on Libra crawler technology
下载PDF
导出
摘要 在互联网时代,Web服务涉及到用户生活、工作及学习等各个领域,如果不能够有效检测和修补漏洞,广大用户将面临多类潜在安全威胁。在讨论Libra爬虫技术优点的基础上,对如何运用该技术检测Web漏洞进行分析,结果表明:通过构建完善URL列表以及攻击向量生成库,爬取效率和准确率都可得到保障;Libra爬虫技术可以对Web操作行为进行动态抓取,从而改善漏洞检测效果。对改善Web漏洞修补效率、提升Web产品用户体验有一定参考价值。 In the Internet era,Web services related to the user's life,work and learning and other fields,if it in effectively detect and repair vulnerabilities,the majority of users will face many potential security threats. Based on discussing the Libra crawler technology advantages,on how to use the Web vulnerability detection technology is analyzed,the results show that the URL list and construct perfect attack vectors database, crawling efficiency and accuracy can be guaranteed; the Libra crawler technology can dynamically grab the Web operation,so as to improve the detection effect of vulnerability.It improves the efficiency of Web patch repair,enhances the user experience for Web products,which have a certain reference value.
作者 梁志宏 欧阳可萃
机构地区 中国南方电网有限责任公司 北京启明星辰信息安全技术有限公司
出处 《信息技术》 2018年第1期33-35,41,共4页 Information Technology
基金 南方电网公司科技项目(ZB2014-2-0012)
关键词 Web漏洞 浏览安全 Libra爬虫技术 跨站脚本攻击 Web vulnerability browsing safety Libra crawler technology XSS attack
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献7

二级参考文献136

  • 1陈火旺,王戟,董威.高可信软件工程技术[J].电子学报,2003,31(z1):1933-1938. 被引量:115
  • 2Chinotec Technologies Company. Paros--for Web Application Security Assessment[EB/OL]. (2008-08-15). http://www, parosproxy. org/index,shtml.
  • 3OWASE OWASP Testing Project[EB/OL]. (2008-08-10). http:// www.owasp.org/.
  • 4Klein A. DOM Based Cross Site Scripting or XSS of the Third Kind[EB/OL]. (2008-07-28). http://www, Webappsec.org/projeets/ articles/071105.html,.
  • 5Fortify Software Inc.. Cross-site Scripting(XSS)[EB/OL]. (2008-04- 07). http://www.owasp.org/index.php/Cross-site Scripting_(XSS).
  • 6Ismail O, Etoh M, Kadobayashi Y. A Proposal and Implementation of Automatic Detection/Collection System for Cross-site Scripting Vulnerability[C]//Proc. of the 18th International Conference on Advanced Information Networking and Applications. Washington D C., USA: IEEE Computer Society. 2004.
  • 7Johns M, Engelmann B, Posegga J. XSSDS: server-side detection of cross-site scripting attacks[C-I,//Proceedings of Computer Security Applications Conference. IS. 1. ] : IEEE, 2008..335 - 344.
  • 8Klein A. DOM based cross site scripting or XSS of the third kind[-JT. Web Application Security Consortium, 2005,4:59 - 64.
  • 9Jovanovic N, Kruegel C, Kirda E. Pixy.. a static analysis tool for detecting Web application vulnerabilities [J-]. IEEE, 2006,126..258-263.
  • 10Artzi S, Kiezun A, Dolby J, et al. Finding bugs in dynamic web applications E C ff Proceedings of the 2008 International Symposium on Software Testing and Analysis. [-S. 1. 1: ACM, 2008:261 -272.

共引文献123

同被引文献13

引证文献2

二级引证文献4

信息技术
2018年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部