CAJ | 학술논문

跨站脚本是一类基于网站应用程序的安全漏洞攻击，将研究和解决快速化的自动化检测。为了有效地防止跨站脚本被滥用，决定创建一种基于 Web 的跨站脚本检测方式，以发现 Web 站点中潜在的跨站风险。完成主要的6大模块有：登陆模块、检测模块、扫描模块、输出模块、报表模块、日志模块。核心代码模块是检测和扫描部分，他们相互配合构造跨站参数并抓取反馈信息，其他模块配合核心代码起到辅助作用。选择 PHP 进行构造是一大亮点，PHP 是一种 Web 程序语言，能够快速地解析前端 DOM 内容，在脚本语言中速度仅次于 Python。用 Web 方式构造和检测本就属于 Web 攻击的跨站脚本，将更加快捷、高效。
과참각본시일류기우망참응용정서적안전루동공격，장연구화해결쾌속화적자동화검측。위료유효지방지과참각본피람용，결정창건일충기우 Web 적과참각본검측방식，이발현 Web 참점중잠재적과참풍험。완성주요적6대모괴유：등륙모괴、검측모괴、소묘모괴、수출모괴、보표모괴、일지모괴。핵심대마모괴시검측화소묘부분，타문상호배합구조과참삼수병조취반궤신식，기타모괴배합핵심대마기도보조작용。선택 PHP 진행구조시일대량점，PHP 시일충 Web 정서어언，능구쾌속지해석전단 DOM 내용，재각본어언중속도부차우 Python。용 Web 방식구조화검측본취속우 Web 공격적과참각본，장경가쾌첩、고효。
The XSS(cross site scripting) is a kind of attack against the security hole based on network application pro?gram. Its fast auto ? test is studied in this paper. In order to prevent the abuse of XSS effectively,a Web ? based XSS testing method is designed to detect the potential cross?site risks in Web sites. Six main modules(login module,detection module, scanning module,output module,report module and log module)were fulfilled,in which the kernel code modules are detection and scanning ones,which cooperate each other to construct cross?site parameters and grab the feedback data. PHP is a Web pro?gram language,which can resolve the front?end DOM contents quickly,and its rate is second only to Python in scripting lan?guage. To use Web method to structure and detect XSS belonging to the Web attack is more convenient and efficient.