| 王丹,刘源,赵文兵,付利华,杜晓林.基于用户行为模拟的XSS漏洞检测[J].,2017,57(3):302-307 |
| 基于用户行为模拟的XSS漏洞检测 |
| XSS vulnerability detection based on user′s behavior simulation |
|
| DOI:10.7511/dllgxb201703013 |
| 中文关键词:XSS漏洞检测Headless浏览器Ghost.py |
| 英文关键词:XSS vulnerabilitydetectionHeadless browserGhost.py |
| 基金项目:国家自然科学基金重大研究计划培育项目(91546111);北京市自然科学基金资助项目(4173072) |
|
| 摘要点击次数:1105 |
| 全文下载次数:1231 |
| 中文摘要: |
| 为改进XSS漏洞检测系统中对复杂网页漏洞注入点发现不够充分、动态地分析目标站点的响应信息不足等问题,改善XSS漏洞检测系统的注入点提取、攻击测试向量生成和响应分析等,提出了基于用户行为模拟的XSS漏洞检测方法.通过分析网页结构找到多种非格式化注入点,并通过综合考虑字符串长度、字符种类等因素对攻击向量进行了优化,以绕过服务器的过滤函数,缩短漏洞测试所用的时间.测试结果表明所提方法提高了漏洞注入点的检测覆盖率,提升了XSS漏洞的检测效果. |
| 英文摘要: |
| To deal with the problems, such as low coverage of found vulnerability injection points in complex web page, lacking of dynamical analysis for response message from target website faced by the detection system of XSS vulnerability, a method to detect XSS vulnerability based on user′s behavior simulation is proposed to make improvement for the detection system of XSS vulnerability on extracting injection points, generating attack test vector and analyzing response results. By searching for a variety of the unformatted injection points through analyzing web page structure as well as taking into consideration the length of the string and the type of the character, the attack test vector is optimized and it can bypass the server filter function and shorten the vulnerability detection time. Test results show that the proposed method can improve the detection coverage rate of the injection point and the detection effect of XSS vulnerability. |
| 查看全文查看/发表评论下载PDF阅读器 |
| --> | 关闭 |
优惠券领取后72小时内有效,10万种最新考研考试考证类电子打印资料任你选。涵盖全国500余所院校考研专业课、200多种职业资格考试、1100多种经典教材,产品类型包含电子书、题库、全套资料以及视频,无论您是考研复习、考证刷题,还是考前冲刺等,不同类型的产品可满足您学习上的不同需求。 ...考试优惠券 本站小编 Free壹佰分学习网 2022-09-19