Cross-site script vulnerability detection method based on percolation test

A technology of cross-site scripting and penetration testing, which is applied in the field of cross-site scripting vulnerability detection based on penetration testing, which can solve the problems of low detection efficiency, reduce the number of interactions, avoid in-depth detection, and narrow the detection range.

Inactive Publication Date: 2012-12-12
NORTHWESTERN POLYTECHNICAL UNIV
View PDF4 Cites 43 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In order to overcome the low detection efficiency of existing cross-site scripting vulnerability detection methods, the present invention provides a cross-site scripting vulnerability detection method based on penetration testing

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cross-site script vulnerability detection method based on percolation test
  • Cross-site script vulnerability detection method based on percolation test
  • Cross-site script vulnerability detection method based on percolation test

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] The following examples refer to Figure 1~3 .

[0020] The cross-site scripting vulnerability detection method based on the penetration test of the present invention is aimed at the actual Web application system, and detects the XSS vulnerability. Specific steps are as follows:

[0021] 1. Page fetching.

[0022] Take out a URL link from the URL queue according to the queue priority, obtain the corresponding Web page according to the URL link, obtain all the URL links of the page, and put the obtained URL links into different queues according to the order of priority. When extracting the URL link, it is checked against the HashTable, and if a duplicate URL is found, it is discarded to avoid repeatedly obtaining the same page. If the obtained URL depth is greater than the maximum depth, the URL is discarded. If the URL queue is empty, the detection ends.

[0023] 2. Form information extraction.

[0024] Extract the form information from the page obtained in step 1....

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a cross-site script vulnerability detection method based on a percolation test. According to the cross-site script vulnerability detection method, the technical problem of low detection efficiency in a traditional cross-site script vulnerability detection method is solved. The technical scheme provided by the invention is that the cross-site script vulnerability detection method comprises the following steps of: firstly, acquiring a page; secondly, extracting form information and carrying out the percolation test on the extracted form; and finally, carrying out session retaining and redirection tracking. Due to the adoption of a session retaining and redirection tracking method, the conditions that the analysis for Web pages is incomprehensive are reduced, all pages of a Web site are analyzed and detected and further the automatic detection capability is improved. According to a percolation test strategy, the detection range of the XSS (Cross-Site Script) is gradually narrowed and the depth detection for the safe pages is avoided. While test statements are injected, test statements for closing HTML (Hypertext Markup Language) statements are actively constructed according to the returned page information, so that interaction frequencies with a server are reduced and the detection efficiency of the XXS vulnerabilities of large complex Websites is improved.

Description

technical field [0001] The invention relates to a method for detecting a cross-site scripting vulnerability, in particular to a method for detecting a cross-site scripting vulnerability based on a penetration test. Background technique [0002] Cross-Site Scripting (Cross-Site Scripting, XSS) vulnerabilities have become the most serious security holes on the Internet. According to statistics from relevant international information security organizations, among the most threatening web application security vulnerabilities, XSS vulnerabilities are always at the forefront, such as the fourth place in 2004, the first place in 2007, and the second place in 2010. This shows the seriousness of the XSS vulnerability. [0003] The XSS vulnerability means that an attacker inserts malicious HTML code into a Web page. When a normal user browses the page, the malicious HTML code embedded in the Web page is executed, thereby achieving the purpose of attacking normal users. The reason fo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F11/36
Inventor 蔡皖东王强姚烨
Owner NORTHWESTERN POLYTECHNICAL UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap