摘要
Web应用程序的复杂性和交互性导致其漏洞可能带来更加危险的安全隐患。黑客利用其特点对Web的攻击呈逐年上升趋势,这将会为服务提供商和用户带来巨大损失。Web前端攻击技术主要涉及跨站脚本(XSS)、跨站请求伪造(CSRF)、界面操作劫持(IOH)这三个方面.通过对最普遍且高发的XSS攻击技术的研究,利用Fuzzing技术设计了一种具有针对性的漏洞发掘框架,并对核心模块加以实现。通过对所生成的实验数据分析,所设计的系统漏报率为0%,误报率为0.4%,针对XSS漏洞攻击,系统能够保障对Web应用程序的高效安全防护。
The complexity and interactivity of Web applications could trigger its vulnerability to bring some more security risks. Webs attacked by hackers by using these characteristics of Web were showed an upward trend year by year. It would bring significant losses to the service providers and the users. The attack technology of the client of Web mainly includes three categories as follows : Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Interface Operation Hijack (IOH). The XSS is the one of the most com- mon and highest incidence. This paper designs an efficient vulnerability discovery framework based on Fuzzing technology, and realizes the core - module. The experimental results show that the rate of missing report is 0% and the rate of false positives is 0.4%. So the system ensures the efficient safety protection and security of Web application from the attack of the vulnerability in XSS.
出处
《网络新媒体技术》
2016年第1期11-18,共8页
Network New Media Technology
基金
国家自然科学基金资助项目(61462009)
广西高等学校优秀中青年骨干教师培养工程项目(GXQG012013014)
关键词
跨站脚本
模糊测试
漏洞挖掘
漏洞检测
攻击向量
XSS, fuzzing, vulnerability mining, vulnerability detection, attack vector
