CSA  >> Vol. 6 No. 6 (June 2016)

    A Web Application Vulnerability Detection Method Based on Web Crawler Technology

  • 全文下载: PDF(523KB) HTML   XML   PP.340-346   DOI: 10.12677/CSA.2016.66042  
  • 下载量: 1,164  浏览量: 7,309   国家自然科学基金支持



XSSWeb应用Scrapy爬虫攻击向量XSS Web Application Scrapy Attack Vectors



With the continuous development of Web applications, a variety of security vulnerabilities, in-cluding XSS, also generate more and more. Today, the defects of the traditional XSS defense tech-nology have been more and more appear, such as a single type of defense, defense strength low, defense means backward. There is an urgent need to continuously improve and perfect the me-thods and means of defense. Aiming at this problem, this paper proposes a Web application vul-nerability detection method based on Scrapy. Through the framework to provide convenient con-ditions to the page for extraction and analysis, specific attack vector is generated according to the different ways of attacks. Finally, we make the combination of page injection points and attack vector to achieve the objective to test whether it is vulnerable. Experimental results show that this vulnerability detection method has a great improvement in the efficiency of crawling pages and vulnerability detection.

王全民, 雷佳伟, 张程, 赵小桐. 基于爬虫技术的Web应用程序漏洞检测方法[J]. 计算机科学与应用, 2016, 6(6): 340-346. http://dx.doi.org/10.12677/CSA.2016.66042


[1] Wichers, D. (2013) The Top 10 Most Critical Web Application Secutity Rishk. OWASP.
[2] 吴耀斌, 王科, 龙岳红. 基于跨站脚本的网络漏洞攻击与防范[J]. 计算机系统应用, 2008(1): 38.
[3] 维基百科. 跨站点脚本[EB-OL]. http://zh.wikipedia.org.wiki/XSS
[4] 酷壳-CoolShell.cn. 新浪的XSS攻击[EB/OL]. http://coolshell.cn/articles/4914.html
[5] 陈嘉讯. 论跨站脚本攻击(XSS)的危害、成因及防范[J]. 网络与信息, 2008, 22(9):80-80.
[6] Schafer, J.B. Frankowski, D. Herlocker, J. and Sen. S. (2007) Collaborative Filtering Re-commender Systems. In: The Adaptive Web, Volume 4321 of the Series Lecture Notes in Computer Science, 291-324.
[7] 张宗之. 基于爬虫技术的web应用漏洞挖掘的研究[D]: [硕士学位论文]. 北京邮电大学, 2013.
[8] 肖征. 基于网络爬虫的网络漏洞扫描检测系统的设计与实现[D]: [硕士学位论文]. 长春: 吉林大学, 2014.
[9] Maedche, A. (2006) Ontology Learning for the Semantic Web. Kluwer Academic Publishers.
[10] Bradshaw. S. (2004) Reference Directed Indexing: Redeeming Relevance for Subject Search in Citation Indexes. In: ECDL, 499-510.
[11] 凌妍妍, 孟小峰, 刘伟. 基于属性相关的Web数据库大小估算方法[J]. 软件学报, 2008, 19(2): 224-236.
[12] Friedl, J.E.F. (2006) Mastering Regular Expressions. 3rd Edition, O’reilly Media Inc., 12(18): 4140-4143.
[13] Bates, D. (2010) Regular Expressions Considered Harmful in Client-Side XSS Filters. ACM.WWW 2010. USE:ACM, 91-100.
[14] Klein, A. Dom Based Cross Site Scripting or XSS of the Third Kind. http://www.Webappsec.org/projects/articles/071105.html
[15] 王津涛. HTML, CSS, Javascript整合详解. 北京: 机械工业出版社出版, 2008.
[16] 风信子, 施威铭研究室. Javascript最新网页制作. 北京: 人民邮电出版社, 2001.