| With the development of Web, the security focus of Web application was changed from server security to client security comprehensively. Web front-end security problem has become an important part of the Web application security field in the Internet. If the Web front-end security vulnerabilities are used by attackers, then the user's massive privacy data will suffer a great challenge.In this paper, the attack principle and security technology of cross-site scripting XSS attack and cross-site request forgery CSRF attack were studied. A Web front-end security protection model was proposed based on the existing defense strategies.The overall architecture of the security model and the functions of each part were designed and implemented.The defensive performance of Web front-end security model was evaluated.The research contents and achievements were as follows:(1)The Web security policies related to Web front-end security were analyzed. The attack type and the attack principle of XSS and CSRF were elaborated in detail.The defense technologies of these two kinds of attacks were explained in detail.(2)A Web front-end security defense model for CSRF attack and XSS attack was proposed, which was based on J2EE development platform, the servlet filter was used to intercept the request.After the intercept, the user input would be filtered and the Token would be injected and verified.According to the legitimacy of the request to determine whether CSRF attack and XSS attack occurred.(3)The Web front end security model was designed and implemented,including the client defense, listener, filter, Token generation, Token authentication and so on.(4)The defensive performance of Web front-end security defense model was evaluated. The experiments show that the Web front-end security model which was proposed in this paper could prevent CSRF attack and XSS attack effectively. |
PDF Full Text Request