计算机应用与软件2013,Vol.30Issue(3):17-21,5.DOI:10.3969/j.issn.1000-386x.2013.03.005
Stored-XSS漏洞检测的研究与设计
STUDY AND DESIGN OF Stored-XSS VULNERABILITY DETECTION
摘要
Abstract
Cross-site scripting ( XSS) vulnerability has become the Web security problem for most websites, effective prevention and detection of XSS vulnerability favour the improvement in Web security. In the paper, we analyse the attacking principle of XSS vulnerability, and point out the inadequacy of existing dynamic analysis methods in detecting stored-XSS vulnerability. An effective dynamic detection method for stored-XSS vulnerability is proposed, moreover we also design and implement a dynamic detection model for the stored-XSS vulnerability, as well as carry out testing and evaluation on this model in practical scenario. Experiments prove that the method proposed in the paper can detect stored-XSS vulnerability effectively.关键词
XSS漏洞/Web安全/存储型XSS漏洞/动态检测Key words
XSS vulnerability/ Web security/ Stored-XSS vulnerability /Dynamic analysis分类
信息技术与安全科学引用本文复制引用
李冰,赵逢禹..Stored-XSS漏洞检测的研究与设计[J].计算机应用与软件,2013,30(3):17-21,5.基金项目
国家自然科学基金委员会与中国民航空局联合资助项目(60979011). (60979011)
