Abstract:
This paper analyzes Cross-Site Scripting(XSS) vulnerability, proposes an XSS vulnerability classification method, optimizes the XSS detecting model, and accomplishes a dynamic auto-detecting tool. It remedies the shortage of the original tool, and carries out a better result. Experiments show its feasibility and advantages compared with similar products.
Key words:
Web application,
Cross-Site Scripting(XSS),
vulnerability
摘要: 分析跨站脚本漏洞的形成原因,提出从攻击作用位置角度对跨站脚本漏洞进行分类的方法,在此基础上完善跨站脚本漏洞检测模型,实现动态的漏洞检测工具,弥补现有工具的缺陷,检测结果更为完整。实验证明,该工具能有效检测Web应用程序中的跨站脚本漏洞,较同类工具更具优越性。
关键词:
Web应用,
跨站脚本,
漏洞
CLC Number:
CHEN Jian-qing; ZHANG Yu-qing. Design and Realization of Web Cross-site Scripting Vulnerability Detection Tool[J]. Computer Engineering, 2010, 36(06): 152-154.
陈建青;张玉清. Web跨站脚本漏洞检测工具的设计与实现[J]. 计算机工程, 2010, 36(06): 152-154.