| Web应用程序下XSS漏洞攻击与防御研究 |
| |
| 引用本文: | 白会肖.Web应用程序下XSS漏洞攻击与防御研究[J].石家庄职业技术学院学报,2012,24(6):41-43. |
| |
| 作者姓名: | 白会肖 |
| |
| 作者单位: | 石家庄职业技术学院信息工程系,河北石家庄,050081 |
| |
| 摘 要: | Web应用程序下XSS漏洞分为存储式漏洞、反射式漏洞及基于DOM的漏洞,主要攻击方式为CSRF攻击、窃取Cookie会话和客户端代理攻击.从服务器端和客户端两个角度提出了XSS漏洞的防御措施,为开发人员及用户提供安全防范经验.
|
| 关 键 词: | web应用程序 XSS攻击 安全防御 |
On the attack and defence of XSS vulnerabilities under the web application |
| |
| BAI Hui-xiao.On the attack and defence of XSS vulnerabilities under the web application[J].Journal of Shijiazhuang Vocational Technology Institute,2012,24(6):41-43. |
| |
| Authors: | BAI Hui-xiao |
| |
| Institution: | BAI Hui-xiao(Department of Information Technology,Shijiazhuang Vocational Technology Institute,Shijiazhuang,Hebei 050081,China) |
| |
| Abstract: | The web-based XSS vulnerabilities are usually in the form of storages,reflections and DOM bases,that are viable to the CSRF attacks, theft of the cookie sessions and client proxy attacks. This paper provides with the measures against XSS vulnerabilities for servers and clients. |
| |
| Keywords: | web application XSS attack security and defense |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
