Chinese Journal of Network and Information Security ›› 2018, Vol. 4 ›› Issue (11): 69-77.doi: 10.11959/j.issn.2096-109x.2018093
• Papers • Previous Articles
Zhijie GUI1,2,Hui SHU1,2
Revised:
2018-11-05
Online:
2018-11-01
Published:
2019-01-03
CLC Number:
Zhijie GUI,Hui SHU. Rule-defect oriented browser XSS filter test method[J]. Chinese Journal of Network and Information Security, 2018, 4(11): 69-77.
[1] | GUPTA BB , GUPTA S , GANGWAR S ,et al. Meena PK (2015) cross-site scripting (XSS) abuse and defense:exploitation on several testing bed environments and its defense[J]. J Inf Privacy Secur, 11(2): 118-136. |
[2] | ROSS D . IE8 security part IV:the XSS filter[EB/OL]. .aspx,July 2008. |
[3] | NAVA E , LINDSAY D . Abusing Internet Explorer 8's XSS filters[C]// BlackHat Europe. 2010. |
[4] | BATES D , BARTH A , JACKSON C . Regular expressions considered harmful in client-side XSS filters[C]// 19th International World Wide Web Conference. 2010. |
[5] | LEKIES S , STOCK B , JOHNS M.2014 . A tale of the weaknesses of current client-side filtering[C]// Black Hat Europe. 2014. |
[6] | 刘雅楠 . Web 前端攻击及安全防护技术研究与实现[D]. 北京:北京邮电大学, 2017. |
LIU Y N . Research and implementation of Web front-end attack and protection technology[D]. Beijing:Beijing University of Posts and Telecommunications, 2017. | |
[7] | LIU J D , . An improved XSS vulnerability detection method based on attack vector[C]// 2018 International Conference on Modeling,Simulation and Analysis. 2018:6. |
[8] | PAN J K ,et al. Taint inference for cross-site scripting in context of URL rewriting and HTML Sanitization[J]. ETRI Journal, 2016(2): 376-386. |
[9] | 黄娜娜, 万良 . 一种基于序列最小优化算法的跨站脚本漏洞检测技术[J]. 信息网络安全, 2017(10): 55-62. |
HUANG N N , WAN L . A cross site script vulnerability detection technology based on sequential minimum optimization algorithm[J]. Netinfo Securi, 2017(10): 55-62. | |
[10] | SALUNKE S S . Selenium Web driver in Python:learn with examples[M]. CreateSpace Independent Publishing Platform, 2014. |
[11] | BEKRAR S , BEKRAR C , GROZ R ,et al. Finding software vulnerabilities by smart fuzzing[C]// IEEE Fourth International Conference on Software Testing Verification and Validation. 2011. |
[12] | ANASTASIOS S , NTANTOGIAN C , XENAKIS C . Bypassing XSS auditor:taking advantage of badly written PHP code[C]// IEEE International Symposium on Signal Processing and Information Technology. 2015: 290-295. |
[13] | Taint inference for cross-site scripting in context of URL rewriting and HTML sanitization[J]. ETRI Journal, 2016,(2): 376-386. |
[14] | LIU B W , . XSS vulnerability scanning algorithm based on anti-filtering rules[C]// International Conference on Computer,Electronics and Communication Engineering. 2017. |
[15] | LEKIES S , KOTOWICZ K , GROB S ,et al. Code-reuse attacks for the Web:breaking cross-site scripting mitigations via script gadgets[C]// ACM SIGSAC Conference on Computer and Communications Security. 2017: 1709-1723. |
[1] | Yilong WANG, Zhenyu LI, Daofu GONG, Fenlin LIU. Image double fragile watermarking algorithm based on block neighborhood [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 38-48. |
[2] | Renfeng CHEN, Hongbin ZHU. Research on credit card transaction security supervision based on PU learning [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 73-78. |
[3] | Guanyun FENG, Cai FU, Jianqiang LYU, Lansheng HAN. Insider threat detection based on operational attention and data augmentation [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 102-112. |
[4] | Genlin XIE, Guozhen CHENG, Yawen WANG, Qingfeng WANG. Software diversity evaluating method based on gadget feature analysis [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 161-173. |
[5] | Peng HOU, Zhixin LI, Fei ZHANG, Xu SUN, Dan CHEN, Yihao CUI, Hanbing ZHANG, Yinan JIN, Hongfeng CHAI. Technology and practice of intelligent governance for financial data security [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 174-187. |
[6] | Min XIAO, Faying MAO, Yonghong HUANG, Yunfei CAO. Anonymous trust management scheme of VANET based on attribute signature [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 33-45. |
[7] | Jianlong XU, Jian LIN, Yusen LI, Zhi XIONG. Distributed user privacy preserving adjustable personalized QoS prediction model for cloud services [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 70-80. |
[8] | Xunxun CHEN, Mingzhe LI, Ning LYU, Liang HUANG. Intrinsic assurance: a systematic approach towards extensible cybersecurity [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 92-102. |
[9] | Jiashuo SONG, Zhenzhen LI, Haiyang DING, Zichen LI. Efficient and fully simulated oblivious transfer protocol on elliptic curve [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 158-166. |
[10] | Fenghua LI, Hui LI, Ben NIU, Weidong QIU. Academic connotation and research trends of privacy computing [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 1-8. |
[11] | Fei TANG, Ning GAN, Xianggui YANG, Jinyang WANG. Anti malicious KGC certificateless signature scheme based on blockchain and domestic cryptographic SM9 [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 9-19. |
[12] | Xue BAI, Baodong QIN, Rui GUO, Dong ZHENG. Two-party cooperative blind signature based on SM2 [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 39-51. |
[13] | Jun LIU, Lin YUAN, Zhishang FENG. Survey of key management schemes for cluster networks [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 52-69. |
[14] | Min XIAO, Tao YAO, Yuanni LIU, Yonghong HUANG. Dynamic and efficient vehicular cloud management scheme with privacy protection [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 70-83. |
[15] | Jiaying LIN, Wenbo ZHOU, Weiming ZHANG, Nenghai YU. Lip forgery detection via spatial-frequency domain combination [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 146-155. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|