Research On XSS Vulnerability Detection Method Based On Dynamic Analysis

With the rapid development of the Internet,many things can be done on the Internet,and the Internet has been integrated into people's daily life.Web applications widely used in all walks of life facilitate people's use,but they also bring some security problems.Strengthening the defense of Web application security is conducive to maintaining a good network environment.According to OWASP vulnerability classification,XSS(Cross Site Scripting)has long been in the top ten of the major vulnerabilities list.XSS attack means that an attacker writes malicious scripts into a Web application and executes them in a client browser.Attackers can use XSS vulnerabilities to obtain user's privacy information and even cause property damage.To solve these problems,this paper studies the XSS vulnerability detection methods.In order to reduce the false alarm rate in XSS vulnerability detection,we need to test a large number of attack loads,which results in low detection efficiency.This paper improves the methods of de-duplication and XSS vulnerability detection,and designs a XSS vulnerability detection system based on dynamic analysis.The specific work of the whole paper is as follows:1.The research background and significance of XSS vulnerability detection are elaborated,and the research status of XSS vulnerability detection methods by predecessors is introduced.2.The existing XSS detection technology and crawler-related technology are studied.The classification,utilization,detection technology and defense measures of XSS vulnerabilities are analyzed in detail.The concept,types and related technologies of crawler are introduced.3.Research and analysis of existing web page de-duplication algorithms.According to the characteristics of XSS detection system and combined with Bloom Filter,an improved method of web page de-duplication is designed.In addition to removing the duplication of the URL,we also extract the eigenvalues from the Form,and remove the duplication of the test points according to the eigenvalues.4.The XSS vulnerability detection technology based on dynamic testing and AppScan(V8.6)are studied,and improved on the basis of the detection method in AppScan(V8.6).The method of generating and assembling load units is designed.The load cell is precoded and the load units are introduced.The load units are screened by probes and bypass strategies.The load units are tested separately and in combination to realize the detection of test points.5.The XSS vulnerability detection system based on dynamic analysis is implemented using the above improved method,and the key modules are analyzed and explained in detail.The test results show that the system designed in this paper can effectively detect XSS vulnerabilities.