In accordance with regulations and requirements, the editorial department's website domain has been changed to arocmag.cn. The original domain (arocmag.com) will be discontinued after Dec. 31st, 2024.
Software Technology Research
|
2458-2463

XSS vulnerability detection technology based on EBNF and twice crawling strategy

Huang Wenfeng1
Li Xiaowei2
Huo Zhanqiang2
1. Henan Provincial Institute of Scientific & Technical Information, Zhengzhou 450003, China
2. College of Computer Science & Technology, Henan Polytechnic University, Jiaozuo Henan 454000, China

Abstract

Cross-site scripting(XSS) attacks have been one of the biggest threats to Internet security. Aiming at the problems of traditional vulnerability detection method based on penetration testing technology, such as attack vectors of low complexity easy to filter and overall detection process cumbersome, this paper proposed a new attack vectors automatic generation method which based on extended Backus-naur form(EBNF) and a XSS vulnerability twice crawling strategy. By defining the EBNF rule, the method generated a rule-parsing tree, and then it traversed hierarchically the tree to obtain high-complexity attack vectors. In the first page crawling, the strategy inserted input point information to attack vectors and requested injection. Then it carried on the second crawling and requested legal parameters to get the return page. In the final, this paper designed and implemented a prototype system, and used two platforms for vulnerability detection. The comparative experiments prove that the system has a simple detection process, and to a certain extent, it improves the number of vulnerability detection and reduces the false positive rate.

Foundation Support

国家自然科学基金资助项目(61472342,61572379)
河南省高等学校重点科研计划项目(17A520007)

Publish Information

DOI: 10.19734/j.issn.1001-3695.2018.02.0170
Publish at: Application Research of Computers Printed Article, Vol. 36, 2019 No. 8
Section: Software Technology Research
Pages: 2458-2463
Serial Number: 1001-3695(2019)08-046-2458-06

Publish History

[2019-08-05] Printed Article

Cite This Article

黄文锋, 李晓伟, 霍占强. 基于EBNF和二次爬取策略的XSS漏洞检测技术 [J]. 计算机应用研究, 2019, 36 (8): 2458-2463. (Huang Wenfeng, Li Xiaowei, Huo Zhanqiang. XSS vulnerability detection technology based on EBNF and twice crawling strategy [J]. Application Research of Computers, 2019, 36 (8): 2458-2463. )

About the Journal

  • Application Research of Computers Monthly Journal
  • Journal ID ISSN 1001-3695
    CN  51-1196/TP

Application Research of Computers, founded in 1984, is an academic journal of computing technology sponsored by Sichuan Institute of Computer Sciences under the Science and Technology Department of Sichuan Province.

Aiming at the urgently needed cutting-edge technology in this discipline, Application Research of Computers reflects the mainstream technology, hot technology and the latest development trend of computer application research at home and abroad in a timely manner. The main contents of the journal include high-level academic papers in this discipline, the latest scientific research results and major application results. The contents of the columns involve new theories of computer discipline, basic computer theory, algorithm theory research, algorithm design and analysis, blockchain technology, system software and software engineering technology, pattern recognition and artificial intelligence, architecture, advanced computing, parallel processing, database technology, computer network and communication technology, information security technology, computer image graphics and its latest hot application technology.

Application Research of Computers has many high-level readers and authors, and its readers are mainly senior and middle-level researchers and engineers engaged in the field of computer science, as well as teachers and students majoring in computer science and related majors in colleges and universities. Over the years, the total citation frequency and Web download rate of Application Research of Computers have been ranked among the top of similar academic journals in this discipline, and the academic papers published are highly popular among the readers for their novelty, academics, foresight, orientation and practicality.


Indexed & Evaluation

  • The Second National Periodical Award 100 Key Journals
  • Double Effect Journal of China Journal Formation
  • the Core Journal of China (Peking University 2023 Edition)
  • the Core Journal for Science
  • Chinese Science Citation Database (CSCD) Source Journals
  • RCCSE Chinese Core Academic Journals
  • Journal of China Computer Federation
  • 2020-2022 The World Journal Clout Index (WJCI) Report of Scientific and Technological Periodicals
  • Full-text Source Journal of China Science and Technology Periodicals Database
  • Source Journal of China Academic Journals Comprehensive Evaluation Database
  • Source Journals of China Academic Journals (CD-ROM Version), China Journal Network
  • 2017-2019 China Outstanding Academic Journals with International Influence (Natural Science and Engineering Technology)
  • Source Journal of Top Academic Papers (F5000) Program of China's Excellent Science and Technology Journals
  • Source Journal of China Engineering Technology Electronic Information Network and Electronic Technology Literature Database
  • Source Journal of British Science Digest (INSPEC)
  • Japan Science and Technology Agency (JST) Source Journal
  • Russian Journal of Abstracts (AJ, VINITI) Source Journals
  • Full-text Journal of EBSCO, USA
  • Cambridge Scientific Abstracts (Natural Sciences) (CSA(NS)) core journals
  • Poland Copernicus Index (IC)
  • Ulrichsweb (USA)