作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2011, Vol. 37 ›› Issue (18): 154-156. doi: 10.3969/j.issn.1000-3428.2011.18.051

• 安全技术 • 上一篇    下一篇

服务器-客户端协作的跨站脚本攻击防御方法

许思远,郑 滔   

  1. (南京大学软件学院,南京 210093)
  • 收稿日期:2011-03-14 出版日期:2011-09-20 发布日期:2011-09-20
  • 作者简介:许思远(1986-),男,硕士研究生,主研方向:网络安全;郑 滔,教授
  • 基金资助:
    国家自然科学基金资助项目(60773171);国家“863”计划基金资助重点项目(2007AA01Z448)

Cross-site Scripting Attack Defense Method of Server-client Cooperation

XU Si-yuan, ZHENG Tao   

  1. (Software Institute, Nanjing University, Nanjing 210093, China)
  • Received:2011-03-14 Online:2011-09-20 Published:2011-09-20

摘要: 在网络应用的链接中注入恶意代码,以此欺骗用户浏览器,当用户访问这些网站时便会受到跨站脚本攻击。为此,提出基于服务器端-客户端协作的跨站脚本攻击防御方法。利用规则文件、文档对象模型完整性测试和脚本混淆监测等方法,提高脚本的检测效率和准确性。实验结果表明,该方法能获得良好的攻击防御效果。

关键词: 跨站脚本攻击, 文档对象模型完整性, 规则文件, 脚本混淆

Abstract: Cross-site Scripting(XSS) attack can attack a user’s Web browser when the user visits Web applications which evil scripting code is injected into. According to the problem proposed above, this paper makes a research on the server-client cooperation XSS defense method. When uses methods such as policy file, Document Object Model(DOM) integrity test and scripting obfuscation monitor, it can ehance the detection efficiency and accuracy. Experimental results show that, this method can get good attack defense effect.

Key words: Cross-site Scripting(XSS) attack, Document Object Model(DOM) integrity, rule file, scripting obfuscation

中图分类号: