| Cross-site scripting attacks always ranked the top three in the computer network security vulnerabilities in recent years . Due to the storage of a large number of user information in computer network, XSS vulnerability attacks has caused serious harm to the network users , how to deal with XSS attacks is becoming the most concerned problem .This paper summarized the client script security technology, and researched on the XSS attack detection principle and safety protection technology, Then designed the XSS detection system, researched on the XSS vulnerability detection algorithm, and improved the vulnerability of suspicious points extraction algorithm and XSS vulnerability detection algorithm. Implemented the XSS detection system, and finally evaluated and tested the system. The main achievements of this paper are as follows:(1) The current situation of Web front end security technology at home and abroad and the principle of XSS vulnerability attack and the defense methods of XSS were studied, and then deeply analyzed the detection mechanism of XSS.(2) XSS vulnerability detection model based on crawler algorithm was proposed in this paper. The overall architecture of the system was designed, and the uniformity and extensibility of the system was improved. The design method of the module was proposed, which includes link extraction, vulnerability locating, attack vector library and simulation attack.(3) Researched XSS vulnerability detection algorithm , vulnerability suspicious point positioning based on the XSS website link extraction BFS algorithm and XSS attack detection algorithm based on attack injection point classification were proposed to improve the efficiency and accuracy of XSS vulnerability detection .(4) Implemented and tested the XSS vulnerability detection system.The XSS vulnerability detection system was implemented,including the extraction of the link, the location of the vulnerability, the dynamic generation of the attack vector and the injection simulation attack of the vulnerability, and finally realized the visualization of the system.Through testing the specific website, the results of the experiments showed that it can work very well, and through analysis of those experiments, the XSS vulnerability detection model verified that it can detect cross site vulnerabilities accurately and efficiently.This paper proposed an efficient and accurate cross-site scripting vulnerability detection scheme for cross-site scripting vulnerability detection with low accuracy and inefficiency. This method improved the traditional cross - site vulnerability detection algorithm, adopted the Crawler Web crawler algorithm to locate the XSS vulnerabilities, and then dynamically generated the specific attack vector library according to the different websites and vulnerabilities. Then the attack vector library was used to simulate the attack. Experimental results showed that the scheme improved the efficiency of cross-site script detection and can detect more XSS vulnerabilities. |
PDF Full Text Request