Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Program analysis and variation input-based cross-site script attack detection method

A cross-site scripting attack and program analysis technology, applied in the fields of instruments, electrical digital data processing, platform integrity maintenance, etc., can solve the problems of false positives, high cost and false negatives.

Inactive Publication Date: 2018-03-27
NANJING UNIV
View PDF4 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Dynamic analysis refers to the execution of the program in a real environment or a virtual simulator to analyze the running status of the program. The advantage is that the analysis results are accurate, and the disadvantage is that the cost is high and there will be false positives.
Static analysis refers to analyzing the source code of the program to obtain the information that needs attention without running the program. The advantage is that the analysis results are comprehensive, and the disadvantage is that there will be false positives.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Program analysis and variation input-based cross-site script attack detection method
  • Program analysis and variation input-based cross-site script attack detection method
  • Program analysis and variation input-based cross-site script attack detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The present invention adopts the input method based on mutation to detect the XSS loophole existing in the Web application, that is: use htmlparser2 to analyze the Web page, obtain the DOM structure of the Web page; write a specific algorithm to traverse the DOM structure, and find all the input in the Web page The tags of these input points are mainly input tags and textarea tags; then the basic input is mutated according to the designed 10 kinds of mutation operators; finally, the obtained mutated input is passed to the Web page by using Selenium, an automatic test framework. Enter the test, and judge whether the Web page has an XSS vulnerability according to the running result.

[0044] Process flow of the present invention such as figure 1 As shown, it specifically includes the following four steps.

[0045] The first step: first convert the Web page into a DOM structure. The present invention uses htmlparser2 to convert Web pages into DOM structures. The resulti...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a program analysis and variation input-based cross-site script attack detection method. The method comprises the steps of firstly, analyzing a crawled webpage by using htmlparser2 to obtain a DOM structure of the webpage; secondly, finding all possible input points in a website by traversing the DOM structure, and recording IDs of the input points; thirdly, generating possible user inputs in combination with a variation operator; and finally, automatically running a test script by using a tool Selenium, and mining possibly existent XSS vulnerabilities in the website.

Description

technical field [0001] The invention belongs to the technical field of computers, especially the technical field of software engineering. The present invention adopts a method based on mutation input to detect the cross-site scripting attack (Cross Site Scripting, XSS for short) existing in the Web application, through this method, the XSS loophole in the Web application can be detected simply and effectively, and the Web application is guaranteed The quality of the application. Background technique [0002] With the continuous development of society, Web applications have become an indispensable part of our daily life. Today's Web applications involve a wide range of fields, including shopping, social networking, and entertainment. While Web applications bring convenience to users, they also bring many problems, especially security issues. The most critical 10 web application security risks (Top 10 for short) statistics reports given by the Open Web Application Security ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/562
Inventor 许蕾汪睿李言辉徐宝文
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com