摘要
在Web应用程序中,跨站脚本漏洞是一种十分常见的安全性漏洞,其促使恶意用户把代码注入合法用户使用的页面上,以进行XSS攻击。XSS漏洞在攻击Web应用程序、获取用户隐私数据等方面十分常见,传统XSS漏洞检测工具,尚未实现对AJAX Web应用程序的针对检测,精确度也相对较差。对此,笔者对以网络爬虫与页面代码行为为基础的XSS漏洞动态检测方法进行了详细分析,实践表明,其不仅可以大大节约时间与人力成本,还能够在很大程度上提高漏洞动态检测的准确性。
In web applications,cross-site scripting vulnerabilities are a very common security vulnerability that encourages malicious users to inject code into pages used by legitimate users for XSS attacks.XSS vulnerabilities are very common in attacking web applications and obtaining user privacy data.Traditional XSS vulnerability detection tools have not yet implemented detection for AJAX web applications,and the accuracy is relatively poor.In this regard,the author analyzes the dynamic detection method of XSS vulnerability based on web crawler and page code behavior.The practice shows that it can not only save time and labor cost,but also improve vulnerability dynamic detection to a large extent.accuracy.
作者
闫飞
Yan Fei(Xi'an Fanyi University,Xi'an Shaanxi 710105,China)
出处
《信息与电脑》
2018年第15期29-31,共3页
Information & Computer
