| Cross site scripting(XSS) is one of the primary threat to modern Web applicationsecurity. It can bring great harms to both the websites and the users.In the reflected XSS,the attacker encapsulates the malicious scripting code in theUniform Resource Locator(URL),then tempts the users to click on it.If the server ofWeb application dosn’t properly sanitize the request message from the client side,thensends the response message to the cliet.The malicious code exutes in the client sidebrowser.So it can bring great help for preveting XSS to analyse the XSS informationsin the URLs.First we summarize some techniques of scripting code injection, including how tobreak out the Web application’s constrains,how to encapsulate the scripting code andclassifying the real XSS vector into certain types. Second we mine the XSS attackprofile with the malicious URLs as language materials. We apply Apriori algorithm toget frequent items which are unordered. In order to achieve mining ordered frequentitems, we present a PrioriMerge algorithm. Using this algorithm we get the XSSattack profile. Then we combine the XSS profile and other features of the URLs,suchas PageRank,the programming language of the websites and so on to get thecorresponding attack profile’s distribution of all kinds of features. At last,according tothe above analysis,we put forward some suggestion on how to defense XSS attack. |
PDF Full Text Request