Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

State transition diagram based XSS (cross-site scripting) vulnerability detection method

A state transition diagram and vulnerability detection technology, which is applied in the direction of instrumentation, electrical digital data processing, platform integrity maintenance, etc., can solve problems such as insufficient injection point capabilities

Inactive Publication Date: 2017-06-13
BEIJING UNIV OF TECH
View PDF4 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to propose a XSS vulnerability detection method based on a state transition diagram to solve the problem that the current XSS vulnerability detection tool has insufficient ability to find injection points. Application model, which well represents various states of a web application and improves the search ability for injection points of web applications, especially hidden injection points

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • State transition diagram based XSS (cross-site scripting) vulnerability detection method
  • State transition diagram based XSS (cross-site scripting) vulnerability detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The principle of this system is to call the Selenium API to test the black box of the Web server. It consists of three modules: Crawler module, Fuzzing module and Report module. System architecture such as figure 1 shown.

[0023] Crawler module

[0024] The Crawler module implements the functions of building state diagrams and mining injection points. The algorithm creates state diagrams in a depth-first manner. The algorithm description is shown in Algorithm 1.

[0025] Algorithm 1. Constructing state diagram and mining injection point algorithm

[0026] Input: Start Website URL

[0027] Output: state diagram and list of injection points

[0028] 0. Initialize an empty url_list, add url to url_list

[0029] 1. If there is no unprocessed url in url_list, otherwise skip to step 10

[0030] 2. Take out an unprocessed url, analyze whether the url has parameters, if the url does not jump out of the domain and the marked resource is not a picture, file, etc., reques...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a state transition diagram based XSS (cross-site scripting) vulnerability detection method. A Crawler module, a Fuzzing module, a Report module and a browser operation encapsulation Browser layer are adopted. The Browser layer is used for further encapsulation of Selenium API and is called by the other three modules to realize functions of page execution actions, script execution, page state judgment and the like. The Crawler module realizes dynamic construction of a state transition diagram of a Web application and injection point mining, and higher coverage rate is achieved as compared with that of a traditional mining method. The Fuzzing module adopts a vector of attack for simulated attack of the injection point and realizes dynamic determination of attack results. The Report module collects result information and summarizes into a vulnerability report. A system developed by java language has advantages of high transportability, high maintainability and the like, and significant values in research of XSS vulnerability scanning and even website crawling are achieved.

Description

technical field [0001] The invention relates to an XSS loophole detection method based on a state transition diagram, belonging to the field of computer software. Background technique [0002] The rapid development of Internet technology connects people's life and work together. In a society where information technology is becoming more and more developed, people experience unprecedented convenience and speed. People purchase goods through the Internet, send emails, bank transfers, visit social networking sites and other behaviors that require a large amount of data interaction with Web applications. It is these large amounts of data interactions that cause many Web security issues. Among them, the cross-site scripting (Cross-Site Scripting, XSS) vulnerability has been widely concerned by people, but it has been banned repeatedly. In the Top 10 vulnerability ranking released by the authoritative Web security organization Open Web Application Security Project (OSWAP) in 201...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/034
Inventor 王丹刘立家付利华杜晓林苏航赵文兵
Owner BEIJING UNIV OF TECH
Features
  • Generate Ideas
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com