作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2010, Vol. 36 ›› Issue (06): 152-154. doi: 10.3969/j.issn.1000-3428.2010.06.051

• 安全技术 • 上一篇    下一篇

Web跨站脚本漏洞检测工具的设计与实现

陈建青,张玉清   

  1. (中国科学院研究生院国家计算机网络入侵防范中心,北京 100049)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2010-03-20 发布日期:2010-03-20

Design and Realization of Web Cross-site Scripting Vulnerability Detection Tool

CHEN Jian-qing, ZHANG Yu-qing   

  1. (National Computer Network Intrusion Protection Center, Graduate University of Chinese Academy of Sciences, Beijing 100049)
  • Received:1900-01-01 Revised:1900-01-01 Online:2010-03-20 Published:2010-03-20

摘要: 分析跨站脚本漏洞的形成原因,提出从攻击作用位置角度对跨站脚本漏洞进行分类的方法,在此基础上完善跨站脚本漏洞检测模型,实现动态的漏洞检测工具,弥补现有工具的缺陷,检测结果更为完整。实验证明,该工具能有效检测Web应用程序中的跨站脚本漏洞,较同类工具更具优越性。

关键词: Web应用, 跨站脚本, 漏洞

Abstract: This paper analyzes Cross-Site Scripting(XSS) vulnerability, proposes an XSS vulnerability classification method, optimizes the XSS detecting model, and accomplishes a dynamic auto-detecting tool. It remedies the shortage of the original tool, and carries out a better result. Experiments show its feasibility and advantages compared with similar products.

Key words: Web application, Cross-Site Scripting(XSS), vulnerability

中图分类号: