Design And Implementation Of XSS Vulnerability Detection Based On Crawler And Fuzzing Test

Before 2003, in the Web1.0 era, users only use browser to get web server information, so it is unusual to see the XSS vulnerabilities. Now in the Web 2.0 era, Web servers pay more attention to the user interaction, the popularity of dynamic web technologies and AJAX technologies. Thus, XSS vulnerabilities are in a growth spurt. In 2013, The Open Web Application Security Project Committee analyzed the top 10 web security vulnerabilities and XSS vulnerabilities ranked the third. Compared to the traditional Buffer overflow vulnerabilities, XSS vulnerabilities are more harmful because they only require simple script environment. On account of the current situation mentioned above, this article is going to design and implement XSS vulnerability checking tool based on general purpose web crawler and fuzzy tests of vulnerability database.This article will analyze XXS vulnerabilities’ creation principle, utilization and classification through a deep research. In addition, by analyzing and comparing the advantage and disadvantage among general purpose web crawler technology, topical web crawler technology and deep web crawler technology, this article will choose a web crawler more suitable for this system and use breadth fist search algorithm as the crawl page algorithm. Besides, this article also analyzes and compares the merits and faults among pure fuzzy test technology, fuzzy test technology based on vulnerability database and fuzzy test technology based on environment. Given a general consideration of this system’s characteristics, fuzzy test technology based on vulnerability database is chosen and example test of XXS vulnerability as well as method of fuzzy test are shown. The high-performance Oracle database is chosen and the explicit description of database architecture optimization and schema optimization are given. Visual Studio 2008 from Microsoft and C sharp programming language is used. Combining all the basic knowledge and research mentioned above, the article will design and implement XSS vulnerability checking tool. And show the XSS vulnerability checking tool is effective and accurate through website XSS vulnerability.