| 基于爬虫的XSS漏洞检测工具设计与实现 |
| |
| 引用本文: | 沈寿忠,张玉清. 基于爬虫的XSS漏洞检测工具设计与实现[J]. 计算机工程, 2009, 35(21): 151-154 |
| |
| 作者姓名: | 沈寿忠 张玉清 |
| |
| 作者单位: | 西安电子科技大学计算机网络与信息安全教育部霞点实验室,西安,710071;中国科学院研究生院国家计算机网络入侵防范中心,北京,100043;中国科学院研究生院国家计算机网络入侵防范中心,北京,100043 |
| |
| 基金项目: | 国家自然科学基金资助项目,国家"863"计划基金资助项目 |
| |
| 摘 要: | 通过对XSS漏洞的研究,剖析其产生、利用的方式,在此基础上针对XSS漏洞的检测机制进行进一步的分析和完善。结合网络爬虫的技术,研究设计并实现了一款XSS漏洞的检测工具(XSS-Scan),并与当前比较流行的一些软件做了分析比较,证明利用该工具可以对Web网站进行安全审计,检测其是否存在XSS漏洞。
|
| 关 键 词: | XSS漏洞 Web安全 漏洞 网络爬虫 |
| 修稿时间: | |
Design and Implementation of XSS Vulnerability Detection Tool Based on Crawler |
| |
| SHEN Shou-zhong,ZHANG Yu-qing. Design and Implementation of XSS Vulnerability Detection Tool Based on Crawler[J]. Computer Engineering, 2009, 35(21): 151-154 |
| |
| Authors: | SHEN Shou-zhong ZHANG Yu-qing |
| |
| Affiliation: | (1. Key Lab of Computer Networks and Information Security, Ministry of Education, Xidian University, Xi’an 710071; 2. National Computer Network Intrusion Protection Center, Graduate University of Chinese Academy of Sciences, Beijing 100043) |
| |
| Abstract: | Through the deep study and analysis oftbe Cross Site Scripting(XSS) vulnerability, this paper knows that how the XSS vulnerability produces and to be used. Further analysis and improvement are made about the XSS vulnerability's detection mechanism. This paper realizes an XSS vulnerability detection tools(XSS-Scan) based on Crawler's technology, and does the analysis and comparison with some popular soRwares. This tool can be used to audit the Web site's safety and detect the existence of XSS vulnerability in it. |
| |
| Keywords: | XSS vulnerability Web security vulnerability Crawler |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
