Rule-defect oriented browser XSS filter test method
In order to alleviate XSS (cross-site scripting) attacks,modern browsers use XSS filters for defense.It is difficult to effectively test and evaluate the security of browser XSS filters.The rule-defect is the defect and security problem in the implementation process of browser XSS filter.The formal...
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2018-11-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.infocomm-journal.com/cjnis/CN/10.11959/j.issn.2096-109x.2018093 |
| _version_ | 1818551701004615680 |
|---|---|
| author | Zhijie GUI,Hui SHU |
| author_facet | Zhijie GUI,Hui SHU |
| author_sort | Zhijie GUI,Hui SHU |
| collection | DOAJ |
| description | In order to alleviate XSS (cross-site scripting) attacks,modern browsers use XSS filters for defense.It is difficult to effectively test and evaluate the security of browser XSS filters.The rule-defect is the defect and security problem in the implementation process of browser XSS filter.The formal definition,design test sample and scene generation algorithm were presented for browser XSS filter rule-defects.In order to quantitatively test and evaluate the filtering level of different browser XSS filters,combined with filtering success rate,false positive rate,input loss calculation filtering ability.Based on the proposed method,the prototype system is designed to automate the testing of several mainstream browser XSS filters,and the XSS filtering capabilities of different browsers are obtained.Further,after actual testing,the system also has the ability to discover undisclosed vulnerabilities. |
| first_indexed | 2024-12-12T09:03:24Z |
| format | Article |
| id | doaj.art-077f54061d6440e3998f63816681e4d9 |
| institution | Directory Open Access Journal |
| issn | 2096-109X |
| language | English |
| last_indexed | 2024-12-12T09:03:24Z |
| publishDate | 2018-11-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj.art-077f54061d6440e3998f63816681e4d92022-12-22T00:29:44ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2018-11-01411697710.11959/j.issn.2096-109x.2018093Rule-defect oriented browser XSS filter test methodZhijie GUI,Hui SHU0School of Cyberspace Security,Information Support Engineering University of PLA,Zhengzhou 450001,China ; State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,ChinaIn order to alleviate XSS (cross-site scripting) attacks,modern browsers use XSS filters for defense.It is difficult to effectively test and evaluate the security of browser XSS filters.The rule-defect is the defect and security problem in the implementation process of browser XSS filter.The formal definition,design test sample and scene generation algorithm were presented for browser XSS filter rule-defects.In order to quantitatively test and evaluate the filtering level of different browser XSS filters,combined with filtering success rate,false positive rate,input loss calculation filtering ability.Based on the proposed method,the prototype system is designed to automate the testing of several mainstream browser XSS filters,and the XSS filtering capabilities of different browsers are obtained.Further,after actual testing,the system also has the ability to discover undisclosed vulnerabilities.http://www.infocomm-journal.com/cjnis/CN/10.11959/j.issn.2096-109x.2018093cross-site scripting attackbrowser xss filterrule-defectfiltering capabilitiy |
| spellingShingle | Zhijie GUI,Hui SHU Rule-defect oriented browser XSS filter test method 网络与信息安全学报 cross-site scripting attack browser xss filter rule-defect filtering capabilitiy |
| title | Rule-defect oriented browser XSS filter test method |
| title_full | Rule-defect oriented browser XSS filter test method |
| title_fullStr | Rule-defect oriented browser XSS filter test method |
| title_full_unstemmed | Rule-defect oriented browser XSS filter test method |
| title_short | Rule-defect oriented browser XSS filter test method |
| title_sort | rule defect oriented browser xss filter test method |
| topic | cross-site scripting attack browser xss filter rule-defect filtering capabilitiy |
| url | http://www.infocomm-journal.com/cjnis/CN/10.11959/j.issn.2096-109x.2018093 |
| work_keys_str_mv | AT zhijieguihuishu ruledefectorientedbrowserxssfiltertestmethod |