Detection method and system for interactive XSS (Cross-Site Scripting) vulnerability

A detection method and detection system technology, which are applied in the field of detection methods and systems for interactive XSS vulnerabilities, can solve problems such as failure to detect XSS vulnerabilities, and achieve the effect of successful detection.
CN107085686AInactive Publication Date: 2017-08-22深圳市九州安域科技有限公司 +2
5 Cites 4 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
深圳市九州安域科技有限公司
Publication Date
2017-08-22
Estimated Expiration
Not applicable · inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention is suitable for the field of Web program applications, and provides a detection method and system for interactive XSS (Cross-Site Scripting) vulnerability. The method comprises the following steps that: sending a constructed detection request with a feature value to a Web server, and receiving a response page returned from the Web server; analyzing a DOM (Document Object Model) monitor injected into the response page in advance, then, analyzing an intelligent event simulator injected to the response page in advance, and finding and automatically triggering the event on a DOM structure of the response page through the intelligent event simulator; and according to the monitoring result of the DOM monitor, judging whether the XSS vulnerability is in the presence or not. Through the above method, through the execution of the intelligent event simulator, an effect on identifying and simulating user interaction is achieved, and therefore, an XSS detection tool obtains an integral DOM structure. Through the DOM monitor, the real-time monitoring of the DOM structure change situation of the response page is realized so as to realize the successful detection of the interactive XSS vulnerability of the response page.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The embodiments of the invention belong to the field of web program application, and in particular relate to a method and a system for detecting an interactive XSS vulnerability. Background technique

[0002] With the widespread use of web applications, web security issues have become increasingly prominent. Cross-site scripting (XSS) is an attack by an attacker injecting a specific script into a page of a web application. When a user browses the page, the attacker The injected script will be executed to achieve the purpose of the attack. XSS has become one of the most common vulnerabilities in web applications, and automatic detection of XSS vulnerabilities has also become an important technology. With the development of Web 2.0 technology, the pages of Web applications can not only display static content, but also have more and more interactive functions with users. These interactive functions are often implemented by embedding JavaScript and CSS sc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More