Research on Client-side Defense Techniques of Cross-Site Scripting Attack | |
Wang, Xuyang; Xu, Mingyang | |
2017 | |
关键词 | Cross-site scripting Browser security Dynamic data tainting Static data tainting JavaScript engine |
卷号 | 59 |
页码 | 315-320 |
英文摘要 | The Cross-site scripting (XSS) is among the most serious and common threat in Web application today. The main purpose of XSS is to steal the user's sensitive information, as its behavior is to send user's sensitive information to a third party without the user's authorization, we can get the XSS attack detection results by analyzing the situation of user's accessing sensitive information in current page. The detection technique presented in this paper adopts the idea of protecting user information in client-side of the Web browser. By analyzing its JavaScript engine, we extend its handle process in each phase. Our approach employs dynamic analysis techniques in general, and an auxiliary static analysis technique when necessary to analyze the situation of sensitive information in current page. By handling and judging the analysis result, we can prevent the suspicious XSS attack. If sensitive information is about to transferred to a third party, the user can decide id this should be permitted or not. The result of our experiment has demonstrated that the behavior-based XSS detection technique proposed in this paper is feasible in practice model. |
会议录 | PROCEEDINGS OF THE 2016 7TH INTERNATIONAL CONFERENCE ON EDUCATION, MANAGEMENT, COMPUTER AND MEDICINE (EMCM 2016)
![]() |
会议录出版者 | ATLANTIS PRESS |
会议录出版地 | 29 AVENUE LAVMIERE, PARIS, 75019, FRANCE |
语种 | 英语 |
WOS研究方向 | Business & Economics ; Computer Science ; Education & Educational Research |
WOS记录号 | WOS:000429718100061 |
内容类型 | 会议论文 |
源URL | [http://119.78.100.223/handle/2XXMBERH/36231] ![]() |
专题 | 兰州理工大学 |
通讯作者 | Wang, Xuyang |
作者单位 | Lanzhou Univ Technol, Sch Comp & Commun, Lanzhou 730050, Gansu, Peoples R China |
推荐引用方式 GB/T 7714 | Wang, Xuyang,Xu, Mingyang. Research on Client-side Defense Techniques of Cross-Site Scripting Attack[C]. 见:. |
个性服务 |
查看访问统计 |
相关权益政策 |
暂无数据 |
收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论