Research on XSS detection technology based on HTML5
Wu Liu
1
吴柳(1992-),女,北京邮电大学硕士生,主要研究方向:网络与信息安全,Web安全。
Ma Zhaofeng
1
马兆丰(1974-),男,讲师,主要研究方向:信息安全,数字水印。
1、Information?Security?Center,?Beijing University of Posts and Telecommunications, Beijing 100876
Abstract:As the next generation of Web application technology standards,If there is no strict filtering, the new labels and new attributes introduced by HTML5 are very easy to bypass the existing filtering rules and become the carrier of XSS,. Because there exist many problems in the existing XSS testing tools, such as incomplete attack vector, lack of support for the detection of HTML5, etc, The detection model of XSS vulnerability based on HTML5 is proposed in this paper. The model detect the XSS vulnerability by using fuzzy testing technology and attack vector optimization algorithm. Experiments show that the model proposed in this paper can effectively detect the XSS vulnerability caused by the new features of the HTML5 and improve the effectiveness and comprehensiveness of vulnerability detection.