| The rapid development of Web applications has been providing convenience for people's work and life,but it has also brought an increasing number of security threats.Cross-site scripting attack is one of the most harmful Web security threats.Attackers can use the XSS vulnerabilities to control the logic of the target host's client,and can also combine it with other means of attack to implement further attacks,so that the security of users' privacy and property are facing a serious threat.Detecting the existence of XSS security vulnerabilities in web applications efficiently is particularly important.According to analysis,the most effective way to detect this vulnerability is to carry out artificial code audit,but the process is so costly and cumbersome;at present,most of the automated detection technologies use a lot of payloads to do black box tests,but the black box tests can not traverse all the logic and lead to a large number of false reports and a low accuracy;and static code audit technology can not detect the DOM XSS security vulnerabilities effectively,this method is lack of compatibility.Aiming at the above problems,this thesis has studied and designed the gray box detection scheme "XSScan",which is used to detect the reflection type,storage type and DOM based XSS vulnerabilities under the premise of having the source code of the protected target website.The main results of the study is:1.For the reflective and storage XSS,the method has used the compiler theory to build the abstract syntax tree of source code and the control flow diagram,reviewed all the called sensitive function,then tracked and analyzed the sensitive parameters' data flow of the above function,and finally dynamically verified those results of the above to check for the existence of XSS vulnerabilities.It can not only effectively find all the possible vulnerabilities,but also reduce the system's false alarm rate through the dynamic black box verification.It significantly improves the efficiency of the audit work.2.For the DOM based XSS,this method has used the powerful function of Phantom JS(a headless browser for automation)during the execution of JavaScript,it has propagated the polluted signal to crack the JavaScript engine and WebKit rendering engine and detected whether the polluted signal is executed at all DOM output points.This method has significantly reduced the false positive rate and false negative rate of DOM XSS detection,which makes up the deficiency of DOM based XSS of the gray-box scheme above.The thesis has implemented the XSS detection system.The test results show that the system can be more efficient and accurate on the discovery of the existence of the XSS vulnerabilities.Comparing with similar XSS detection tools,operating efficiency has improved.Moreover,false positives and false negatives also have a certain degree of reduction. |
PDF Full Text Request