| This paper based on the application of the Cross-site scripting attack, and reference to a large number of domestic and foreign literature and information, carried on an in-depth study and practice of the techniques and defense of the Cross-site scripting attack. We give a detailed description of the production of Cross-site scripting attack, how to discover and use it, and how to defense in all respects. And based on copious practical applications, we built environment of the demo system, and give many demos of the operations and technique appears in this paper.This paper research and analysis the background of the current network security, and make detailed description and analysis of research background of Cross-site scripting attacks. This paper introduces the concept and basic processes of cross-site scripting, introduced pre-knowledge related to cross-site scripting attacks, such as the JavaScript scripting language, similarities and differences between traditional and other network attacks etc. And this paper introduces the cross-site scripting attacks to challenge the major Web security model, including Same Origin Policy, Cookie security model. And this paper describes the classification and discovering of cross-site scripting vulnerabilities. Introduced the three types of cross-site scripting, trigger mechanism and discover technique of cross-site scripting. And this paper describes the various uses method and implementation of cross-site scripting. Include the theft of sensitive information, phishing attacks, worm attacks and other attacks, and gives demos. At the end, this paper propose a more detailed ways and means of prevention of the defense of cross-site scripting attack., describes in two two angles,both web application itself and the user. In the last part of this paper, major achievable outcomes by researching are summarized. |
PDF Full Text Request