标题:
基于爬虫技术的Web应用程序漏洞检测方法A Web Application Vulnerability Detection Method Based on Web Crawler Technology
作者:
王全民, 雷佳伟, 张程, 赵小桐
关键字:
XSS, Web应用, Scrapy爬虫, 攻击向量XSS, Web Application, Scrapy, Attack Vectors
期刊名称:
《Computer Science and Application》, Vol.6 No.6, 2016-06-23
摘要:
随着Web应用不断的发展,随之而产生的包括XSS在内的各种安全漏洞也越来越多。今天,XSS传统防御技术的缺陷已经越来越多地显现,例如防御种类单一、防御强度低、防御手段落后等,这就迫切需要不断提高和完善防御的方法和手段。针对此问题,提出了一种基于Scrapy的爬虫框架的Web应用程序漏洞检测方法。通过框架提供的便利条件对页面进行提取分析,根据不同的攻击方式生成特有的攻击向量,最后使页面注入点与攻击向量组合达到测试是否具有漏洞的目的。实验结果表明,这种漏洞检测方法在爬取页面以及漏洞检测的效率上都有了很大的提高。
With the continuous development of Web applications, a variety of security vulnerabilities, in-cluding XSS, also generate more and more. Today, the defects of the traditional XSS defense tech-nology have been more and more appear, such as a single type of defense, defense strength low, defense means backward. There is an urgent need to continuously improve and perfect the me-thods and means of defense. Aiming at this problem, this paper proposes a Web application vul-nerability detection method based on Scrapy. Through the framework to provide convenient con-ditions to the page for extraction and analysis, specific attack vector is generated according to the different ways of attacks. Finally, we make the combination of page injection points and attack vector to achieve the objective to test whether it is vulnerable. Experimental results show that this vulnerability detection method has a great improvement in the efficiency of crawling pages and vulnerability detection.