Recent popularity of Web 2. 0 application has given rise to a large number of Web vulnerabilities, and XSS vulnerability is among the top security threats. In recent years, the occurrence of XSS worms worsened the situation of Web security. Existing XSS defense methods mainly depend on filtering users' inputs on the server side, which cannot protect in time the main victims of XSS attacks, the Internet users. In this paper we focus on the analysis of XSS behavior, especially the propagation behavior of XSS worms, and propose a new client -side XSS defense method, StopXSS. The testing experiments show that our method can defend against XSS attacks effectively and can be used to detect even 0-Day XSS worms.%跨站脚本(XSS)漏洞是Web安全的最大威胁之一.目前XSS防范方法主要为在服务端对用户输入进行过滤.这种方法漏报率较高,且不能及时保护互联网用户.通过对XSS攻击行为,尤其是XSS蠕虫的传播行为进行深入分析,设计并实现了一套新的基于行为的客户端XSS防范方案StopXSS.通过实验及与现有常用客户端XSS防范方案比较,证明其具有对XSS攻击,甚至对0-Day XSS蠕虫的防范能力.
展开▼
