本文探讨了作为下一代Web应用技术标准的HTML5,由于新引入的标签和属性可能导致XSS攻击。现有的XSS测试工具存在攻击向量不完整、不支持HTML5检测等问题。为此,提出了一种基于HTML5的XSS漏洞检测模型,该模型利用模糊测试技术和攻击向量优化算法来有效检测由HTML5新特性引起的XSS漏洞,提升了漏洞检测的效率和全面性。
Research on XSS detection technology based on HTML5
Wu Liu
1
吴柳(1992-),女,北京邮电大学硕士生,主要研究方向:网络与信息安全,Web安全。
Ma Zhaofeng
1
马兆丰(1974-),男,讲师,主要研究方向:信息安全,数字水印。
1、Information?Security?Center,?Beijing University of Posts and Telecommunications, Beijing 100876
Abstract:As the next generation of Web application technology standards,If there is no strict filtering, the new labels and new attributes introduced by HTML5 are very easy to bypass the existing filtering rules and become the carrier of XSS,. Because there exist many problems in the existing XSS testing tools, such as incomplete attack vector, lack of support for the detection of HTML5, etc, The detection model of XSS vulnerability based on HTML5 is proposed in this paper. The model detect the XSS vulnerability by using fuzzy testing technology and attack vector optimization algorithm. Experiments show that the model proposed in this paper can effectively detect the XSS vulnerability caused by the new features of the HTML5 and improve the effectiveness and comprehensiveness of vulnerability detection.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
