Research On Automatic Detection Of XSS Vulnerability Based On State Transition Graph

With the rapid development of Internet,web applications become more and more complex.People's lives and work are more and more closely related to web applications.However,with this development,web security issues become increasingly prominent.In many web security issues,XSS vulnerability occupies a large proportion.XSS vulnerability detection is widely concerned by Chinese and foreign scholars.Especially since entering the Web2.0 era,the structure of web page is more complex and the data interaction is more frequent.Before the Web2.0 era,XSS vulnerability detection method of static Website is mature.By detecting injection points,injecting attack vectors,analysis of response information and judging the results,we can find the known types of XSS vulnerabilities.However,due to the arrival of the Web2.0 era,many Web applications use such as AJAX and other technologies to generate dynamic pages,resulting in XSS vulnerability detection still has a lot of problems.In order to improve the common XSS vulnerability detection methods,this paper mainly includes the following contents.(1)Aiming at the problem that low coverage of found injection points,the DOM state is used as the node and the browser event is used as the edge to construct the state graph model for the Web application,search XSS vulnerability injection points when constructing the graph.The coverage of the Web application is more comprehensive,and the coverage rate of the injection point is improved,and the problem that the discovery of the hidden injection point is not sufficient when more than one state have the same URL is solved.(2)In order to improve the accuracy of injection point determination,proposes a method based on page analysis and agent technology to judge the injection point of XSS vulnerability.The method firstly analyzes the URL with parameters and Forms in the page,and then tries to trigger the browser events of the page elements,and then detects whether there is a data request to determine whether the current page contains the injection point.The probe vector technique is used to test the suspected injection point.Finally,according to the output position of the probe vector,the injection points are classified and saved.(3)Aiming at the problem that determining the response results of XSS vulnerability is complex,a dynamic method is proposed to determine the XSS vulnerability.Firstly,based on the mutation and filtering and escape technology,convert XSS Filter Evasion Cheat Sheet,use the higher success rate of attack vector for attack test,and then based on different positions of the response,to classify the attack vector,and then according to the classification of attack results,design different response analysis method to analyze the presence of XSS vulnerabilities.Finally,based on the XSS vulnerability detection method proposed in this paper,we design and implement an efficient and available XSS vulnerability detection system,and compare it with the current mainstream XSS vulnerability detection tools.