{"title":"基于爬虫的跨站脚本攻击漏洞检测方法","authors":"Haocheng Guan, Dongcheng Li, Hui Li, Man Zhao","doi":"10.1109/QRS-C57518.2022.00103","DOIUrl":null,"url":null,"abstract":"Cross-site scripting attacks, as a means of attack against Web applications, are widely used in phishing, information theft and other fields by unscrupulous people because of their wide targeting and hidden implementation methods. Nevertheless, cross-site scripting vulnerability detection is still in its infancy, with plenty of challenges not yet fully explored. In this paper, we propose Crawler-based Cross Site Scripting Detector, a tool based on crawler technology that can effectively detect stored Cross Site Scripting vulnerabilities and reflected Cross Site Scripting vulnerabilities. Subsequently, in order to verify the effectiveness of the tool, we experim ented this tool with existing tools such as XSSer and Burp Suite by selecting 100 vulnerable websites for the tool's efficiency, false alarm rate and underreporting rate. The results show that our tool can effectively detect Cross Site Scripting vulnerabilities.","PeriodicalId":183728,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability, and Security Companion (QRS-C)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Crawler-Based Vulnerability Detection Method for Cross-Site Scripting Attacks\",\"authors\":\"Haocheng Guan, Dongcheng Li, Hui Li, Man Zhao\",\"doi\":\"10.1109/QRS-C57518.2022.00103\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cross-site scripting attacks, as a means of attack against Web applications, are widely used in phishing, information theft and other fields by unscrupulous people because of their wide targeting and hidden implementation methods. Nevertheless, cross-site scripting vulnerability detection is still in its infancy, with plenty of challenges not yet fully explored. In this paper, we propose Crawler-based Cross Site Scripting Detector, a tool based on crawler technology that can effectively detect stored Cross Site Scripting vulnerabilities and reflected Cross Site Scripting vulnerabilities. Subsequently, in order to verify the effectiveness of the tool, we experim ented this tool with existing tools such as XSSer and Burp Suite by selecting 100 vulnerable websites for the tool's efficiency, false alarm rate and underreporting rate. The results show that our tool can effectively detect Cross Site Scripting vulnerabilities.\",\"PeriodicalId\":183728,\"journal\":{\"name\":\"2022 IEEE 22nd International Conference on Software Quality, Reliability, and Security Companion (QRS-C)\",\"volume\":\"10 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE 22nd International Conference on Software Quality, Reliability, and Security Companion (QRS-C)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/QRS-C57518.2022.00103\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 22nd International Conference on Software Quality, Reliability, and Security Companion (QRS-C)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS-C57518.2022.00103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Crawler-Based Vulnerability Detection Method for Cross-Site Scripting Attacks
Cross-site scripting attacks, as a means of attack against Web applications, are widely used in phishing, information theft and other fields by unscrupulous people because of their wide targeting and hidden implementation methods. Nevertheless, cross-site scripting vulnerability detection is still in its infancy, with plenty of challenges not yet fully explored. In this paper, we propose Crawler-based Cross Site Scripting Detector, a tool based on crawler technology that can effectively detect stored Cross Site Scripting vulnerabilities and reflected Cross Site Scripting vulnerabilities. Subsequently, in order to verify the effectiveness of the tool, we experim ented this tool with existing tools such as XSSer and Burp Suite by selecting 100 vulnerable websites for the tool's efficiency, false alarm rate and underreporting rate. The results show that our tool can effectively detect Cross Site Scripting vulnerabilities.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
