摘要: 通过对XSS漏洞的研究,剖析其产生、利用的方式,在此基础上针对XSS漏洞的检测机制进行进一步的分析和完善。结合网络爬虫的技术,研究设计并实现了一款XSS漏洞的检测工具(XSS-Scan),并与当前比较流行的一些软件做了分析比较,证明利用该工具可以对Web网站进行安全审计,检测其是否存在XSS漏洞。
关键词:
XSS漏洞,
Web安全,
漏洞,
网络爬虫
Abstract: Through the deep study and analysis of the Cross Site Scripting(XSS) vulnerability, this paper knows that how the XSS vulnerability produces and to be used. Further analysis and improvement are made about the XSS vulnerability’s detection mechanism. This paper realizes an XSS vulnerability detection tools(XSS-Scan) based on Crawler’s technology, and does the analysis and comparison with some popular softwares. This tool can be used to audit the Web site’s safety and detect the existence of XSS vulnerability in it.
Key words:
XSS vulnerability,
Web security,
vulnerability,
Crawler
中图分类号:
沈寿忠;张玉清. 基于爬虫的XSS漏洞检测工具设计与实现[J]. 计算机工程, 2009, 35(21): 151-154.
SHEN Shou-zhong; ZHANG Yu-qing. Design and Implementation of XSS Vulnerability Detection Tool Based on Crawler[J]. Computer Engineering, 2009, 35(21): 151-154.