| Summary: | In order to alleviate XSS (cross-site scripting) attacks,modern browsers use XSS filters for defense.It is difficult to effectively test and evaluate the security of browser XSS filters.The rule-defect is the defect and security problem in the implementation process of browser XSS filter.The formal definition,design test sample and scene generation algorithm were presented for browser XSS filter rule-defects.In order to quantitatively test and evaluate the filtering level of different browser XSS filters,combined with filtering success rate,false positive rate,input loss calculation filtering ability.Based on the proposed method,the prototype system is designed to automate the testing of several mainstream browser XSS filters,and the XSS filtering capabilities of different browsers are obtained.Further,after actual testing,the system also has the ability to discover undisclosed vulnerabilities.
|
|---|