Rule-defect oriented browser XSS filter test method
In order to alleviate XSS (cross-site scripting) attacks,modern browsers use XSS filters for defense.It is difficult to effectively test and evaluate the security of browser XSS filters.The rule-defect is the defect and security problem in the implementation process of browser XSS filter.The formal...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2018-11-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2018093 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841530101215264768 |
|---|---|
| author | Zhijie GUI Hui SHU |
| author_facet | Zhijie GUI Hui SHU |
| author_sort | Zhijie GUI |
| collection | DOAJ |
| description | In order to alleviate XSS (cross-site scripting) attacks,modern browsers use XSS filters for defense.It is difficult to effectively test and evaluate the security of browser XSS filters.The rule-defect is the defect and security problem in the implementation process of browser XSS filter.The formal definition,design test sample and scene generation algorithm were presented for browser XSS filter rule-defects.In order to quantitatively test and evaluate the filtering level of different browser XSS filters,combined with filtering success rate,false positive rate,input loss calculation filtering ability.Based on the proposed method,the prototype system is designed to automate the testing of several mainstream browser XSS filters,and the XSS filtering capabilities of different browsers are obtained.Further,after actual testing,the system also has the ability to discover undisclosed vulnerabilities. |
| format | Article |
| id | doaj-art-fc074a8c8b26473db6addba102054463 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2018-11-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-fc074a8c8b26473db6addba1020544632025-01-15T03:13:11ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2018-11-014697759554754Rule-defect oriented browser XSS filter test methodZhijie GUIHui SHUIn order to alleviate XSS (cross-site scripting) attacks,modern browsers use XSS filters for defense.It is difficult to effectively test and evaluate the security of browser XSS filters.The rule-defect is the defect and security problem in the implementation process of browser XSS filter.The formal definition,design test sample and scene generation algorithm were presented for browser XSS filter rule-defects.In order to quantitatively test and evaluate the filtering level of different browser XSS filters,combined with filtering success rate,false positive rate,input loss calculation filtering ability.Based on the proposed method,the prototype system is designed to automate the testing of several mainstream browser XSS filters,and the XSS filtering capabilities of different browsers are obtained.Further,after actual testing,the system also has the ability to discover undisclosed vulnerabilities.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2018093cross-site scripting attackbrowser XSS filterrule-defectfiltering capabilitiy |
| spellingShingle | Zhijie GUI Hui SHU Rule-defect oriented browser XSS filter test method 网络与信息安全学报 cross-site scripting attack browser XSS filter rule-defect filtering capabilitiy |
| title | Rule-defect oriented browser XSS filter test method |
| title_full | Rule-defect oriented browser XSS filter test method |
| title_fullStr | Rule-defect oriented browser XSS filter test method |
| title_full_unstemmed | Rule-defect oriented browser XSS filter test method |
| title_short | Rule-defect oriented browser XSS filter test method |
| title_sort | rule defect oriented browser xss filter test method |
| topic | cross-site scripting attack browser XSS filter rule-defect filtering capabilitiy |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2018093 |
| work_keys_str_mv | AT zhijiegui ruledefectorientedbrowserxssfiltertestmethod AT huishu ruledefectorientedbrowserxssfiltertestmethod |