Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

A web application reverse analysis method for xss vulnerability detection

A vulnerability detection and reverse analysis technology, applied in special data processing applications, network data retrieval, other database retrieval, etc., can solve the problems of insufficient Web application function expression ability, redundant information, and no navigation information.

Active Publication Date: 2020-07-07
NANJING UNIV OF AERONAUTICS & ASTRONAUTICS
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Most of the existing web application model derivation methods for XSS vulnerability detection are based on the traditional finite state machine model. The model does not include navigation information, which is insufficient in the expression ability of web application functions, and there are many redundant information.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A web application reverse analysis method for xss vulnerability detection
  • A web application reverse analysis method for xss vulnerability detection
  • A web application reverse analysis method for xss vulnerability detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0060] The present invention is described in further detail below through specific examples, the following examples are only descriptive, not limiting, and cannot In this way, the protection scope of the present invention is limited.

[0061] It can be understood by those skilled in the art that unless otherwise defined, all terms used herein have the same general understanding as those of ordinary skill in the art to which the present invention belongs meaning. It should also be understood that terms such as those defined in commonly used dictionaries should be understood to have a meaning consistent with the meaning in the context of the prior art, and will not be interpreted in an idealized or overly formal sense unless defined as herein explain.

[0062]The derivation process of the Web application model is a process of continuously increasing and revising the macro state. The model derivation process will maintain a global access list and a global page model to facilitate th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a web application reverse analysis method oriented to XSS (Cross Site Scripting) vulnerability detection. A microscopic state is added into a Web application model to express a navigation relationship in the Web application; in a Web application model deduction process, a state change detection algorithm and a navigation function are adopted to finish initial Web application model construction; a page clustering algorithm and a state reduction algorithm are adopted to simplify the Web application model; and finally, an experiment proves that the model is favorable for improving the effect and the efficiency of the XSS vulnerability detection. According to the method, an existing Web application model is improved, the concept of the microscopic state is added, a hierarchical Web application model representing method is put forward, so that the hierarchical Web application model representing method can describe a transition relationship between Web application states, and the navigation relationship in the Web application can be presented.

Description

technical field [0001] The invention relates to an automatic reverse analysis method of a Web application model oriented to XSS loophole detection, and belongs to the field of computer information security. Background technique [0002] With the continuous growth of Internet users and the number of websites, Web applications have been widely used in various fields, such as e-commerce, social networking, and online payment. In 2015, the total number of domain names in my country reached 31.02 million. At the same time, the security issues of Web application systems are becoming more and more prominent. According to the statistics of the China Vulnerability Database, in 2015, among the security vulnerabilities included in the China Vulnerability Database, the number of web application vulnerabilities ranked second. Among them, the XSS vulnerability is one of the most influential web application vulnerabilities, ranking among the top three in the latest ranking of web applica...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57G06F16/951
CPCG06F16/951G06F21/577G06F2221/034
Inventor 薛明富栾俊超王箭
Owner NANJING UNIV OF AERONAUTICS & ASTRONAUTICS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com