基于风险数据追踪的存储型XSS漏洞检测技术

计算机科学 ›› 2014, Vol. 41 ›› Issue (Z11): 241-244.

基于风险数据追踪的存储型XSS漏洞检测技术

李亚威,刘梓溪,丁士俊

四川大学电子信息学院成都610065;四川大学电子信息学院成都610065;四川大学电子信息学院成都610065

出版日期:2018-11-14 发布日期:2018-11-14

Technique for Discovering Stored XSS Vulnerability Based on Tracing Risky Data

LI Ya-wei,LIU Zi-xi and DING Shi-jun

Online:2018-11-14 Published:2018-11-14

摘要/Abstract

摘要： 为解决存储型XSS漏洞的自动化黑盒检测问题,提出基于风险数据追踪的存储型XSS漏洞检测方法。依此技术可以对Web应用程序上存在的存储型XSS漏洞进行快速、深入的自动化挖掘。简要介绍了为实现该技术而需编写的自动化辅助软件的设计与实现,并用实验证明了该检测技术的有效性。

关键词: 存储型XSS,Web安全

Abstract: To discover stored XSS vulnerability with black-box testing,we put forward a new technique which is based on tracing risky data.This technology can discover stored XSS vulnerability automatically on Web application quickly and deeply.This paper introduced how to design the assisted software for this technique birefly as well as prove the effectiveness of this technique.

Key words: Stored XSS,Web security

李亚威,刘梓溪,丁士俊. 基于风险数据追踪的存储型XSS漏洞检测技术[J]. 计算机科学, 2014, 41(Z11): 241-244. https://doi.org/

LI Ya-wei,LIU Zi-xi and DING Shi-jun. Technique for Discovering Stored XSS Vulnerability Based on Tracing Risky Data[J]. Computer Science, 2014, 41(Z11): 241-244. https://doi.org/

参考文献

[1] 黄玮,崔宝江,胡正名.Web应用程序客户端恶意代码技术研究与进展[J].电信科学,2009(2):72-79
[2] OWASP.OWASP Top Ten Project[R]
[3] 吴子敬,张宪忠,管磊,等.基于反过滤规则集和自动爬虫XSS漏洞深度挖掘技术[J].北京理工大学学报,2012(4):396-400

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed