检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]北京工业大学计算机学院,北京
出 处:《计算机科学与应用》2016年第6期340-346,共7页Computer Science and Application
基 金:国家自然科学基金项目(61272500)。
摘 要:随着Web应用不断的发展,随之而产生的包括XSS在内的各种安全漏洞也越来越多。今天,XSS传统防御技术的缺陷已经越来越多地显现,例如防御种类单一、防御强度低、防御手段落后等,这就迫切需要不断提高和完善防御的方法和手段。针对此问题,提出了一种基于Scrapy的爬虫框架的Web应用程序漏洞检测方法。通过框架提供的便利条件对页面进行提取分析,根据不同的攻击方式生成特有的攻击向量,最后使页面注入点与攻击向量组合达到测试是否具有漏洞的目的。实验结果表明,这种漏洞检测方法在爬取页面以及漏洞检测的效率上都有了很大的提高。With the continuous development of Web applications, a variety of security vulnerabilities, in-cluding XSS, also generate more and more. Today, the defects of the traditional XSS defense tech-nology have been more and more appear, such as a single type of defense, defense strength low, defense means backward. There is an urgent need to continuously improve and perfect the me-thods and means of defense. Aiming at this problem, this paper proposes a Web application vul-nerability detection method based on Scrapy. Through the framework to provide convenient con-ditions to the page for extraction and analysis, specific attack vector is generated according to the different ways of attacks. Finally, we make the combination of page injection points and attack vector to achieve the objective to test whether it is vulnerable. Experimental results show that this vulnerability detection method has a great improvement in the efficiency of crawling pages and vulnerability detection.
分 类 号:TP39[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.217.35.130