Research And Implementation Of Cross-Site Scripting Detection Technology Based On Taint Analysis

Cross-Site Scripting(XSS),which is a high impact representative of client-side security issues.Currently,the vast majority of web application developers take the method of purifying or filtering client input against such attacks,but such static analysis has a strong limitation,it still needs the help of vulnerability detection or other detection means.Existing vulnerability detection tool can only detect a partial cross-site scripting vulnerabilities,comprehensive detection techniques need to be improved.In view of the present research status and technology development situation,this paper creatively presents a complete testing and validation mechanism of cross-site scripting vulnerabilities.This mechanism is based on analysis of tainted value,using the ideas of penetration testing,and then implements in Chromium Browser.The work of this paper is mainly focused on the following four aspects:First,this paper discusses the research background and significance,research status and organizational structure of the paper.Besides,the paper introduces Web application technologies and browser-core technology,which both are closely related to the proposed testing and validation mechanism.Second,this paper puts forward a complete XSS exploit generation strategy.After introducing the three types of XSS and analyzing the main form of XSS exploit of injecting a web application,this paper summarizes the general structure and the general law of XSS exploit.Based on the idea of penetration testing,generating XSS exploit and starting the non-malicious attack experiment,so as to verify the effectiveness of the defense framework that put forward below.Third,this paper presents a new defense framework against XSS exploit.Instead of complementing or emulating the client-side behavior to build analytical processes,we chose to integrate our techniques directly into the open-source Chromium browser.More precisely,for vulnerability detection,we utilize a modified browsing engine that supports dynamic,byte-level taint tracking of suspicious flows.Through directly altering the engine's string type implementation,we achieve complete coverage of all JavaScript language features and the full DOM API.In grammatical analysis stage,according to the rules of the tainted value to mark sensitive information.After getting the abstract syntax tree,realizing the spread of the tainted value with the help of the static constraints analysis method and dynamic analysis method.After the execution of native code,to judge and detect the taint values.Besides,we make the use of Chromium extension to report potential client-side vulnerabilities to the user.Fourth,the paper designs a complete test program and describes the experimental procedure in detail.Finally,the test successfully demonstrates the effectiveness and feasibility of the proposed XSS detection framework.