Research On XSS Vulnerability Mining And Prevention

In recent years,with the rapid development of Web applications,security events due to Web application vulnerabilities have occurred frequently.Web application vulnerabilities have become more and more threatening to network security.Cross-site scripting(XSS)vulnerabilities are the most common among the Web application,and these vulnerabilities allow an attacker to use cross-site scripting vulnerabilities to steal information from users,hold sessions,and phish scams.However,the existing Web vulnerability detection solutions and tools are not perfect,and they have some defects such as low efficiency,high missed detection rate,and high false alarm rate.Therefore,the detection and defense technologies of XSS vulnerabilities need further research.This paper analyzes the principle of XSS vulnerability and the current detection mitigation techniques,and proposes an improved XSS vulnerability mining method.A system for mining cross-site scripting exploits is designed and implemented.In addition,an XSS attack defense scheme based on server-side reverse proxy is proposed for existing XSS attacks.Due to the defects of existing methods for dynamic detection of XSS vulnerabilities,an improved penetration testing method is proposed.Based on the traditional crawler,the hook technology is used to obtain dynamic links in web pages,and a non-injection point and URLs of web pages and resources are filtered out by constructing a preprocessing module about web page.Apart from this,there are also some other methods including: inpouring a probe algorithm to mark out the page injection points,corresponding output points,obtaining the smallest object where the sprite vector output points are located,and classifying and marking the smallest objects of the injection points with the help of this method called equivalence class division.According to the classification of the smallest object,each type of attack vector library is generated.At the same time,according to the defense mechanism of the detection object,the attack vector library is subjected to corresponding mutation processing,thereby avoiding the test of invalid attack vectors.An XSS defense scheme based on server-side reverse proxy is proposed.It is used to normalize the decoding of user request data,and then detected through the black and white list filter rules.Finally,the output data is matched and filtered;the proposed defense scheme is applied to the service.Meanwhile,End-to-end XSS attacks have a high detection rate.According to the proposed method,an XSS vulnerability mining system is designed and implemented.Through testing of real case,the proposed detection method is effective in improving the efficiency of detecting XSS vulnerabilities.At the same time,the proposed defense system is used to test the proposed defense method.In addition,the results show that the defensive method has a significant effect in preventing XSS attacks.