Research On Client-side Detection Method For Cross-Site Scripting Vulnerability And Attack

In recent years, WEB vulnerability has become one of the most serious security risks in the Internet. Numerous cases of WEB injection attacks have happened due to the increasing of this vulnerability. Cross-site scripting attack is one kind of this attack which has the most extensive and the heaviest impact. The vulnerability was listed on the top ten WEB vulnerabilities since 2006. Therefore, developmenting an effective detection method for cross site scripting attack is particularly important.Based on the deep research of the characteristics of cross-site scripting attack, we propose a novel cross-site scripting attack detection method based on sequence matching. This method can identify the variant forms of the parameters strings and mining the server-side filtering omissions effectively. For this kind of method might be unable to detect some stored f cross-site scripting attacks, we propose another vulnerability detection method based on Fuzzing test.. By combining the two detection methods, we designed a cross site scripting detection system. Experiments show that our detection system can effectively detect the vast majority of real-world cross-site vulnerabilities and attacks.The main work of this thesis includes the following four parts:The first part analyzes the characteristics of cross site scripting, in-depth study of the domestic and international cross site scripting attack detection methods and existing problems of current methods, describle the future trends.PartⅡand PartⅢdescribes the design of this cross site scripting attack and vulnerability detection methods.The second part describes the cross-site scripting attack detection methods based on sequence matching in detail, including extracting the HTTP request parameters and untrust string in the HTTP response information, matching the two parts. The method expresses the parameters injected by users in the form of DFA, so as to identify the combination of different parts of the parameters, then match the untrusted HTTP response message with the DFA sequences to find those strings that appear in both, check the keywords and malicious sites in these strings.The third part, discusses another cross-site scripting attack detection method based on Fuzzing test specifically, analyzing the characteristics of the links, constructing the entire site by a crawler, identifying the point to inject accurately, designing the test string to inject, finally finding the XSS vulnerability by observed the response information.The fourth part, describes the design and implementation of the cross site scripting detection system.