检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]南京邮电大学计算机学院,江苏南京210003
出 处:《计算机技术与发展》2017年第9期101-105,共5页Computer Technology and Development
基 金:国家自然科学基金资助项目(11501302)
摘 要:随着Web技术的普及,Web漏洞对网络安全的威胁越来越大。由于很多网站对用户的输入输出内容过滤不严,导致各大网站中普遍存在跨站脚本漏洞,而现有的Web漏洞检测方案及工具存在着效率低、漏检率高、误报率高等缺陷。为解决上述问题,设计并实现了一种Web应用中的跨站脚本漏洞检测系统。该系统在现有Web漏洞检测工具的基础上,添加了模拟用户登陆功能和验证码识别功能,解决了检测期间需要输入验证码或用户登陆后才可向服务器提交数据的问题,并根据现有Web漏洞检测工具的不足,对系统的网络爬虫、漏洞检测模块进行改进,同时根据XSS Filter过滤规则,构造出更多能够绕过XSS Filter的测试用例。实验结果表明,所构建的系统具有低漏检率、低误报率和较高的效率。With the popularity of Web technology, Web vulnembilities become a growing threat for network security. Because many sites fdter the user' s input and output contents not strictly, there exists cross-site scripting vulnerability in the Web sites while the existing Web vulnerability detection programs and tools contain many defects that result in low efficiency ,high missed rate and false alarm rate. In order to solve these problems, a vulnerability detection system for cross-site scripting in Web application is designed and implemented. It is based on the existing vulnerability detection tools,adding function of simulated user login and recognizing verification code,solving the problem that the relevant data need to be submitted to the server after security codes have been inputted or login has been completed in the process of detection. According to the lack of existing web vulnerability detection tool, the Web crawler system and vulnerability detection module have been modified while most test cases have been generated, which can bypass XSS filter base with rules of XSS filter. Experimental results show that it has low detection rate and false alarm rate,and high efficiency.
分 类 号:TP302[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.117