作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2009, Vol. 35 ›› Issue (21): 151-154. doi: 10.3969/j.issn.1000-3428.2009.21.049

• 安全技术 • 上一篇    下一篇

基于爬虫的XSS漏洞检测工具设计与实现

沈寿忠1,2,张玉清2   

  1. (1. 西安电子科技大学计算机网络与信息安全教育部重点实验室,西安 710071; 2. 中国科学院研究生院国家计算机网络入侵防范中心,北京 100043)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-11-05 发布日期:2009-11-05

Design and Implementation of XSS Vulnerability Detection Tool Based on Crawler

SHEN Shou-zhong1,2, ZHANG Yu-qing2   

  1. (1. Key Lab of Computer Networks and Information Security, Ministry of Education, Xidian University, Xi’an 710071; 2. National Computer Network Intrusion Protection Center, Graduate University of Chinese Academy of Sciences, Beijing 100043)
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-11-05 Published:2009-11-05

摘要: 通过对XSS漏洞的研究,剖析其产生、利用的方式,在此基础上针对XSS漏洞的检测机制进行进一步的分析和完善。结合网络爬虫的技术,研究设计并实现了一款XSS漏洞的检测工具(XSS-Scan),并与当前比较流行的一些软件做了分析比较,证明利用该工具可以对Web网站进行安全审计,检测其是否存在XSS漏洞。

关键词: XSS漏洞, Web安全, 漏洞, 网络爬虫

Abstract: Through the deep study and analysis of the Cross Site Scripting(XSS) vulnerability, this paper knows that how the XSS vulnerability produces and to be used. Further analysis and improvement are made about the XSS vulnerability’s detection mechanism. This paper realizes an XSS vulnerability detection tools(XSS-Scan) based on Crawler’s technology, and does the analysis and comparison with some popular softwares. This tool can be used to audit the Web site’s safety and detect the existence of XSS vulnerability in it.

Key words: XSS vulnerability, Web security, vulnerability, Crawler

中图分类号: