检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
出 处:《计算机应用与软件》2016年第7期278-281,298,共5页Computer Applications and Software
基 金:国家自然科学基金项目(61202074)
摘 要:跨站脚本(XSS)漏洞是近年来较为流行的一种漏洞,随着Ajax技术的广泛应用,其危害性及快速的传播能力也越来越强。现有的漏洞检测技术没有充分对该类漏洞的漏洞注入点进行研究,使用的漏洞检测技术也没有充分考虑测试请求后响应的页面,导致漏洞检测率相对较低。针对现有漏洞检测技术的不足之处,加强对隐含页面的DOM结构分析,提出基于DOM状态改变的方式查找漏洞注入点的方法。在此基础上提出基于页面交互点相关的漏洞检测方法,设计并实现了漏洞检测原型系统。实验证明,该原型系统能够找到更多的漏洞注入点,能有效地提高漏洞检测率。Cross-site scripting( XSS) vulnerability is the one more popular in recent years,along with the wide use of Ajax technology,its harmfulness and rapid dissemination capability are getting increasingly serious. Existing vulnerability detection techniques do not sufficiently focus on studying the vulnerability injection points of XSS vulnerability,and the vulnerability detection techniques used do not fully consider the response pages after requesting the tests as well,which leads to the relatively low vulnerability detection rate. For the shortcomings mentioned above,we enhanced the analysis of DOM structure of the hidden webpage,and proposed the method to search vulnerability injection points based on the way of DOM status changing. According to that we also proposed a new vulnerability detection method which is based on the correlation of webpage interaction points,and designed and implemented the vulnerability detection prototype system. Experimental results showed that this prototype system could effectively find more vulnerability injection points and could effectively improve vulnerability detection rate.
分 类 号:TP391[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.43