| With the fast development of internet, applications based on web environment become more and more popular due to their advantages, such as rich functionalities and practical applicability. As a result, the quantity of attacks focusing on Web applications has been substantially increased. How to detect security vulnerabilities of web applications becomes a hotspot of the research of web security. This paper does a research on XSS vulnerabilities and its detection techniques, and the main contributions of the paper are summarized as follows.1) This paper summarizes and analyzes the current situation of web security and the popular detection techniques, such as manual analysis, Fuzzing, patch comparison, static analysis and dynamic analysis;2) This paper gives a deep research on all aspects of XSS vulnerability, including the principle, danger, trigger mechanism, exploitation and corresponding countermeasures of this vulnerability;3) This paper analyzes and contrasts several web vulnerability detection tools. A detailed analysis of Paros, one of the most famous detection tools, is also given, which points out its advantages and disadvantages.4) This paper also designs and develops a plugin of Paros, which solves the problem that Paros can’t detect the storage type of XSS vulnerabilities;5) This paper designs and develops an obfuscator, then adds it into the XSS detection module of Paros, which improves the efficiency of the XSS detection module of Paros dramatically.The innovation of this paper is that first the detection of storage XSS vulnerability is realized on Paros. Second, the efficiency of detections of all kinds of XSS vulnerabilities is improved dramatically. |
PDF Full Text Request