摘要: 在网络应用的链接中注入恶意代码,以此欺骗用户浏览器,当用户访问这些网站时便会受到跨站脚本攻击。为此,提出基于服务器端-客户端协作的跨站脚本攻击防御方法。利用规则文件、文档对象模型完整性测试和脚本混淆监测等方法,提高脚本的检测效率和准确性。实验结果表明,该方法能获得良好的攻击防御效果。
关键词:
跨站脚本攻击,
文档对象模型完整性,
规则文件,
脚本混淆
Abstract: Cross-site Scripting(XSS) attack can attack a user’s Web browser when the user visits Web applications which evil scripting code is injected into. According to the problem proposed above, this paper makes a research on the server-client cooperation XSS defense method. When uses methods such as policy file, Document Object Model(DOM) integrity test and scripting obfuscation monitor, it can ehance the detection efficiency and accuracy. Experimental results show that, this method can get good attack defense effect.
Key words:
Cross-site Scripting(XSS) attack,
Document Object Model(DOM) integrity,
rule file,
scripting obfuscation
中图分类号:
许思远, 郑滔. 服务器-客户端协作的跨站脚本攻击防御方法[J]. 计算机工程, 2011, 37(18): 154-156.
HU Sai-Yuan, ZHENG Tao. Cross-site Scripting Attack Defense Method of Server-client Cooperation[J]. Computer Engineering, 2011, 37(18): 154-156.