Research And Design A XSS Vulnerability Detection System Based On Network Crawler

In recent years, with the growing popularity of the Internet, Web applications have become an indispensable part of people’s lives, but at the same time people have to face to more and more information security problems in the internet.In many network security incidents, Web security has become a yearly event upward trend, a kind of Web security hazards huge attack is cross-site scripting attacks, It does this by injecting malicious scripts into Web applications, and eventually executed in the client browser. Moreover, the attacker can also exploit the vulnerability to implement further attacks in conjunction with other means of attack, resulting in leakage of user privacy, or even loss of property and so on. Therefore, early detection of cross-site scripting vulnerabilities that may exist in the Web application can be avoided, and vulnerability scanning system as an important complementary tool, developers can effectively reduce unnecessary workload, so this study is necessary.The main work includes the following aspects:1.Summarized cross-site scripting vulnerabilities’ principle and classification, and pointed out that the research status cross-site scripting vulnerability detection,then studying on predecessors’research, gives a comparative analysis.2. Through the web crawler web crawling process to analyze the problems,this paper designs and implement an efficient network of reptiles, and then through the study of the current cross-site scripting attacks this paper designs the attack vector generation scheme. 3. Carried on the detailed design to the system, including for the entire system processes and systems of the various functional sub-module design.Aiming at the need to attack vector is used in the system,this paper designs the basic attack vector completion rule and deformation rule. And creatively put forward test and updating rules and add gravity variation rules attribute way to improve the efficiency of the system detection.4. This paper detects the system’s operating efficiency and false alarm rate test, show that the system can indeed efficient and accurate detection of the presence of a Web page cross-site scripting vulnerabilities.