Study On The Detection And Defense Technology Of Cross-site Scripting Vulnerabilities

With the promotion of the concept of Web2.0,the practicability and friendliness of Web application make Web application more and more recognized by developers and users.The extensive application of script technology(such as JavaScript and VBScript)in Web application brings convenience to users,but also brings new security threats to the network.In the field of network security,Cross Site Scripting is one of the most destructive security problems.Attackers mainly put malicious script into a web page through the vulnerabilities of the web application.Based on a large number of domestic and foreign related literature on safety,detection and prevention of XSS vulnerability is studied.In order to improve the detection efficiency,this paper proposes an improved approach based on reversed code auditing and static analysis to detect and extract the XSS vulnerabilities in the source code of the web application.The algorithm defines an output node as a potential risk node and scans it backward,and then determines whether the output node references the tainted data.We can also find the location of the vulnerabilities and data sources for vulnerabilities by the data link generated by the algorithm.It is convenient for testers and development teams to fix vulnerabilities in Web applications in a timely manner.The experiment results show that the proposed algorithm can not only effectively detect XSS vulnerabilities in source code,but also greatly improve the detection efficiency of XSS vulnerabilities.In addition,this paper puts forward a kind of XSS defense framework based on agent after an in-depth study of XSS attack mode.The framework is deployed between the client and the server,and the framework analyzes and filters the data by intercepting the communication data between the client and the server.It can not only effectively defense against XSS attacks,but also provide a good experience for the user through the release of legitimate tags.The defense framework consists of an analysis engine and a processing engine.Among them,the analysis engine is divided into the recoding module,removing the interference character module and sorting the label module.And the processing engine is divided into the processing of illegal tags module,the handling of illegal events module and the handling of illegal reference sub module.Through in-depth analysis of external data,the defense framework can accurately identify whether the label is legitimate,whether there is script in the data and wheher the data is security.Experiments show that the framework has good defense effect for the current popular XSS attacks,including reflected XSS,stored XSS and DOM XSS.However,there is a delay in the response time of client and server.Moreover,we try to improve the defense framework and propose a framework based on task automatic processor aiming at the problem that the defense framework which is presented by this paper increases response time between client and server.The framework consists of two parts:data scanning and data processing.All external data stored in the database will be marked as "Untreated”which will not be used by the server.The task of data scanning scans all data with "Untreated" flag and changes the data flag as "In-Processing" to wait for the task of data processing to be processed.The task of data scanning uses the defense algorithm proposed in this paper to process the scanned data according to the priority.If the data is processed successfully,the value of the original data will be updated and the data flag will be changed as"Solved".At this point,the data with "Solved" flag can be used by the server.This paper also tests the validity and performance of the framework.The experimental results show that the framework can effectively reduce the server's pressure and reduce the response time between the client and the server.Finally,this paper makes a detailed summary of conclusions and research of detection and defense of cross site scripting.