一种XSS漏洞检测系统分析与设计
|
摘要
近年来跨站脚本(XSS)漏洞占据十大计算机网络安全漏洞第3名位置,对互联网安全形成严重威胁。目前大多数检测方案无法兼顾反射型、存储型和基于文档对象模型的XSS漏洞。为提高检测准确率,设计一种结合黑盒测试与动态污点分析技术的XSS漏洞检测方案并优化XSS攻击向量选择策略。该策略首先筛选XSS攻击向量模版,检测时对应不同注入点实时生成不同XSS攻击向量,并根据过滤规则集测试结果进行反过滤变换。对比实验表明,该方案可以提高XSS漏洞检测能力,同时检测时间开销较小。
Cross-site scripting(XSS)vulnerabilities has ranked the third in the top 10 web security vulnerabilities in recent years,posing a serious threat to Internet security. Currently,most of the detection schemes cannot take into account of all XSS types,including reflective XSS vulnerabilities,storage XSS vulnerabilities and vulnerabilities based on the document object model(DOM). In order to improve the detection accuracy,based on previous research,an XSS vulnerabilities detection scheme combining black box testing and dynamic taint analysis is given,which optimizes the selection strategy of XSS attack vectors. In the scheme,the XSS attack vector templates are screened,and inverse filtering transformation is performed according to the result of the filter rule set test. The comparison experiment shows that this scheme can improve the detection ability of XSS vulnerability and it takes much shorter time than usual.
Cross-site scripting(XSS)vulnerabilities has ranked the third in the top 10 web security vulnerabilities in recent years,posing a serious threat to Internet security. Currently,most of the detection schemes cannot take into account of all XSS types,including reflective XSS vulnerabilities,storage XSS vulnerabilities and vulnerabilities based on the document object model(DOM). In order to improve the detection accuracy,based on previous research,an XSS vulnerabilities detection scheme combining black box testing and dynamic taint analysis is given,which optimizes the selection strategy of XSS attack vectors. In the scheme,the XSS attack vector templates are screened,and inverse filtering transformation is performed according to the result of the filter rule set test. The comparison experiment shows that this scheme can improve the detection ability of XSS vulnerability and it takes much shorter time than usual.
引文
[1]O'REILLY T.What is Web 2.0:design patterns and business models for the next generation of software[J].Communications&Strategies,2007,97(7):253-259.
[2]SHANMUGAM J,PONNAVAIKKO M.XSS application worms:New internet infestation and optimized protective measures[C].Eighth ACIS International Conference on Software Engineering,Artificial Intelligence,Networking,and Parallel/Distributed Computing,2007:1164-1169.
[3]WANG X,ZHANG W.Cross-site scripting attacks procedure and prevention strategies[C].MATEC Web of Conferences,2016:1-3.
[4]WASSERMANN G.Static detection of cross-site scripting vulnerabilities[C].ACM/IEEE International Conference on Software Engineering,2008:171-180.
[5]HOLM H.Performance of automated network vulnerability scanning at remediating security issues[J].Computers&Security,2012,31(2):164-175.
[6]王希忠,黄俊强.漏洞挖掘技术研究[J].信息安全与技术,2014(6):32-35.
[7]GUPTA S,GUPTA B B.PHP-sensor:a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications[C].Proceedings of the 12th ACM International Conference on Computing Frontiers,2015:1-8.
[8]LIU Y,ZHAO W,WANG D,et al.A XSS vulnerability detection approach based on simulating browser behavior[C].International Conference on Information Science and Security,2015:1-4.
[9]李洁,俞研,吴家顺.基于动态污点分析的DOM XSS漏洞检测算法[J].计算机应用,2016,36(5):1246-1249.
[10]李楠.一种XSS漏洞灰盒检测方案的设计与实现[D].成都:电子科技大学,2017.
[11]WANG R,XU G,ZENG X,et al.TT-XSS:a novel taint tracking based dynamic detection framework for DOM cross-site scripting[J].Journal of Parallel&Distributed Computing,2017,118(8):100-106.
[12]PAN J,MAO X.Detecting DOM-sourced cross-site scripting in browser extensions[C].IEEE International Conference on Software Maintenance and Evolution,2017:24-34.
[13]LEEK T R,BAKER G Z,BROWN R E,et al.Coverage maximization using dynamic taint tracing[J].American Journal of Orthodontics&Dentofacial Orthopedics,2007,103(413):571.
[14]HARTIGAN J A.A K-means clustering algorithm[J].Application of Statistics,1979,28(1):100-108.
[15]MILLER F P,VANDOME A F,MCBREWSTER J.Levenshtein distance[M].London:Alpha Press,2009.
[16]LIU B W.XSS vulnerability scanning algorithm based on anti-filtering rules[C].2017 International Conference on Computer,Electronics and Communication Engineering,2017:5.
[17]吴子敬,张宪忠,管磊,等.基于反过滤规则集和自动爬虫的XSS漏洞深度挖掘技术[J].北京理工大学学报,2012,32(4):395-401.
[18]ANOMITY.Firing range[EB/OL].https://github.com/google/firingrange.
[19]ANOMITY.Burp suite[EB/OL].https://portswigger.net/burp/.
[20]ACUNETIX.Acunetix web vulnerability scanner[EB/OL].https://www.acunetix.com/vulnerability-scanner/.
[2]SHANMUGAM J,PONNAVAIKKO M.XSS application worms:New internet infestation and optimized protective measures[C].Eighth ACIS International Conference on Software Engineering,Artificial Intelligence,Networking,and Parallel/Distributed Computing,2007:1164-1169.
[3]WANG X,ZHANG W.Cross-site scripting attacks procedure and prevention strategies[C].MATEC Web of Conferences,2016:1-3.
[4]WASSERMANN G.Static detection of cross-site scripting vulnerabilities[C].ACM/IEEE International Conference on Software Engineering,2008:171-180.
[5]HOLM H.Performance of automated network vulnerability scanning at remediating security issues[J].Computers&Security,2012,31(2):164-175.
[6]王希忠,黄俊强.漏洞挖掘技术研究[J].信息安全与技术,2014(6):32-35.
[7]GUPTA S,GUPTA B B.PHP-sensor:a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications[C].Proceedings of the 12th ACM International Conference on Computing Frontiers,2015:1-8.
[8]LIU Y,ZHAO W,WANG D,et al.A XSS vulnerability detection approach based on simulating browser behavior[C].International Conference on Information Science and Security,2015:1-4.
[9]李洁,俞研,吴家顺.基于动态污点分析的DOM XSS漏洞检测算法[J].计算机应用,2016,36(5):1246-1249.
[10]李楠.一种XSS漏洞灰盒检测方案的设计与实现[D].成都:电子科技大学,2017.
[11]WANG R,XU G,ZENG X,et al.TT-XSS:a novel taint tracking based dynamic detection framework for DOM cross-site scripting[J].Journal of Parallel&Distributed Computing,2017,118(8):100-106.
[12]PAN J,MAO X.Detecting DOM-sourced cross-site scripting in browser extensions[C].IEEE International Conference on Software Maintenance and Evolution,2017:24-34.
[13]LEEK T R,BAKER G Z,BROWN R E,et al.Coverage maximization using dynamic taint tracing[J].American Journal of Orthodontics&Dentofacial Orthopedics,2007,103(413):571.
[14]HARTIGAN J A.A K-means clustering algorithm[J].Application of Statistics,1979,28(1):100-108.
[15]MILLER F P,VANDOME A F,MCBREWSTER J.Levenshtein distance[M].London:Alpha Press,2009.
[16]LIU B W.XSS vulnerability scanning algorithm based on anti-filtering rules[C].2017 International Conference on Computer,Electronics and Communication Engineering,2017:5.
[17]吴子敬,张宪忠,管磊,等.基于反过滤规则集和自动爬虫的XSS漏洞深度挖掘技术[J].北京理工大学学报,2012,32(4):395-401.
[18]ANOMITY.Firing range[EB/OL].https://github.com/google/firingrange.
[19]ANOMITY.Burp suite[EB/OL].https://portswigger.net/burp/.
[20]ACUNETIX.Acunetix web vulnerability scanner[EB/OL].https://www.acunetix.com/vulnerability-scanner/.