• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>IEEE International Conference on Artificial Intelligence and Computer Applications >Research and Defense of Cross-Site WebSocket Hijacking Vulnerability
【24h】

Research and Defense of Cross-Site WebSocket Hijacking Vulnerability

机译:跨站点WebSocket劫持漏洞的研究与防御

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The WebSocket protocol is part of the HTML5 standard specification. It is a new network communication protocol that provides a full-duplex communication mechanism between the client and the server. The emergence of WebSocket brings good news for real-time web communication, but the corresponding WebSocket vulnerabilities are gradually exposed, among which the Cross Site WebSocket Hijacking is relatively harmful and easy to be ignored. The paper mainly explores the principle of WebScoket's cross-site hijacking vulnerability, and proposes a one-time random token scheme based on mixed encryption to solve the cross-site WebSocket hijacking vulnerability, and finally tests the scheme to verify its effectiveness.
机译:WebSocket协议是HTML5标准规范的一部分。它是一种新的网络通信协议,可在客户端和服务器之间提供全双工通信机制。 WebSocket的出现为实时Web通信带来了好消息,但是相应的WebSocket漏洞逐渐暴露出来,其中跨站点WebSocket劫持相对有害并且易于忽略。本文主要探讨了WebScoket跨站点劫持漏洞的原理,提出了一种基于混合加密的一次性随机令牌方案来解决跨站点WebSocket劫持漏洞,并对其进行了测试,以验证其有效性。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号