Research And Implementation The Detection Of Cross Site Scripting Attack Based On HTML5

As a cornerstone of the open platform of the Web network, HTML5 has rich multimedia content, good cross platform and cross terminal features,which not only brings great changes to the Web application, but also makes HTML5 gradually becoming the mainstream of the next generation mobile Internet application. While the new features promote the development of the Internet, but also bring the corresponding security issues. As one of the common attacks on Web applications, Cross-site scripting attacks has flexible way and rich form of attack , which will cause serious harm to the application.If the new features introduced by HTML5 have not been rigorously filtered,They will become the carrier of the cross-site scripting attack, and cause XSS attacks.A detection model of XSS attack was proposed by this paper by analyzing the new mode of attack caused by the new features introduced by HTML5. The main research contents and innovations of this paper were as follows:(1)The XSS vulnerabilities based on HTML5 was studied in this paper.the basic principle, classification,utilization and detection methods of XSS were studied in this paper. Combined with the new features of HTML5, the XSS vulnerability based on HTML5 was studied deeply in this paper.(2) The detection model of XSS attack based on HTML5 was proposed in this paper, which consists of three layer, which are the layer of data display,the layer of function module and the layer of data storage. The design of each sub function in the functional layer was studied and analyzed in this paper,including the Injection point analysis, the attack vector generation , the simulation attack, the vulnerability analysis and so on.(3) The attack vector generation algorithm of XSS based on genetic algorithm was designed and implemented. Based on the idea of genetic algorithm, oriented seed attack vector of XSS were generated in this paper by selection and crossover operation that accord with biological heredity. Then the attack vector of XSS for HTML5 were generated in this paper by the optimization of deformation and coding to seed vector.(4) Implementation and Evaluation of the detection model of XSS attack based. By comparing the result with the current popular vulnerability scanning tools and the detection by this paper, the experiment show that the detection model which was proposed in this paper is feasible, effective and extensible .