A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerabilities

Yuuki Takahashi; Omar Ismail; Youki Kadobayashi; Suguru Yamaguchi

首页> 外文期刊>電子情報通信学会技術研究報告. インターネットアーキテクチャ. Internet Architecture >A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerabilities

【24h】

A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerabilities

机译：跨站点脚本漏洞自动检测/收集系统的建议和实现

获取原文

获取原文并翻译 | 示例

获取外文期刊封面封底 >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Cross-site scripting (XSS) attacks target web sites with Cookie-based session management, resulting in the leakage of privacy information. Although several server-side countermeasures for XSS attacks do exist, such techniques have not been applied in a universal manner, because of their deployment overhead and the poor understanding of the XSS problem. This paper proposes a client-side system that automatically detects XSS vulnerability by manipulating either client request or server response. The system also shares the indication of vulnerability via central repository. The purpose of the proposed system is two-fold: to protect users from XSS attacks, and to warn web servers with XSS vulnerabilities.

机译：跨站点脚本（XSS）使用基于Cookie的会话管理攻击目标网站，从而导致隐私信息泄漏。尽管确实存在针对XSS攻击的几种服务器端对策，但是由于部署开销大且对XSS问题的了解不多，因此尚未以通用方式应用此类技术。本文提出了一种客户端系统，该系统可以通过处理客户端请求或服务器响应来自动检测XSS漏洞。该系统还通过中央存储库共享漏洞指示。提出的系统的目的有两个：保护用户免受XSS攻击，并警告具有XSS漏洞的Web服务器。

著录项

来源
《電子情報通信学会技術研究報告. インターネットアーキテクチャ. Internet Architecture》 |2003年第62期|共6页
作者
Yuuki Takahashi; Omar Ismail; Youki Kadobayashi; Suguru Yamaguchi;
展开▼
作者单位

展开▼
收录信息
原文格式 PDF
正文语种 jpn
中图分类 TN-53;
关键词
HTTP; Proxy; Cookie; Cross-site scripting; Vulnerability testing;

机译：HTTP;代理;Cookie;跨站点脚本;漏洞测试;

相似文献

外文文献
中文文献
专利

1. A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerabilities [J] . Yuuki Takahashi, Omar Ismail, Youki Kadobayashi, 電子情報通信学会技術研究報告. インターネットアーキテクチャ. Internet Architecture . 2003,第62期

机译：跨站点脚本漏洞自动检测/收集系统的建议和实现
2. Feasibility study for the implementation of an automatic system for the detection of social interactions in the waiting area of automatic milking stations by using a video surveillance system [J] . Guzhva O., Ardo H., Herlin A., Computers and Electronics in Agriculture . 2016,第Null期

机译：利用视频监控系统实现自动挤奶站候车区社交互动检测自动系统的可行性研究
3. Design and Implementation for Malicious Links Detection System Based On Security Relevance of Webpage Script Text [J] . Xing Rong, Li Jun, Jing Tao International Journal of Computer Network and Information Security . 2011,第3期

机译：基于网页脚本文本安全性的恶意链接检测系统的设计与实现
4. A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability [C] . Ismail, O., Etoh, . 2004

机译：跨站点脚本漏洞自动检测/收集系统的建议与实现
5. Evaluation of Training Methods That Prepare Software Programmers to Mitigate Web Application Cross-Site Scripting (XSS) Vulnerabilities for Software Vendors of Commercial Banks [D] . Oladele, Adekunle 2019

机译：对培训方法的评估，这些培训方法使软件程序员能够缓解商业银行软件供应商的Web应用程序跨站点脚本（XSS）漏洞
6. On Vulnerability of Selected IoT Systems to Radio Jamming—A Proposal of Deployment Practices [O] . Kamil Staniec, Michał Kowal 2020

机译：关于所选物联网系统到无线电干扰的漏洞 - 提案措施
7. The Limitations of Cross-Site Scripting Vulnerabilities Detection and Removal Techniques [O] . Isatou Hydara Et.al 2021

机译：跨站点脚本漏洞检测和拆卸技术的局限性

A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerabilities

摘要

著录项

相似文献

相关主题

期刊订阅