Cross-site scripting (XSS) vulnerability is a widespread and latent web security threat, its harm can be accompanied by the occurrence and development of other web vulnerabilities, such as occurring together with SQL injection vulnerabilities and buffer overflow vulnerabilities, evolving into worms and so on. Attackers can exploit XSS vulnerabilities to forge requests that contain malicious scripts, causing the web application to mistakenly assume that the request from the client is made by a legitimate user, resulting in genuinely legitimate users being attacked. XSS attacks are the most common type of network attacks today. Therefore, it is necessary to detect XSS vulnerabilities in web applications accurately.
Attack generation: inject default test cases set by the program developer or specified test cases designed by program user into the basic URL obtained in target analysis phase, generate attack requests. Location of test cases’ insertion and the way for synthesis are key elements of this module. Attack sending: in general, the target web system to be tested contains a lot of base URLs, all these possible URLs should be attacked when simulating a network attack. All the attacks form an attack sequence as a certain order, each attack will be sent only once, and the next attack won’t be sent until the following two steps are executed. Result monitoring: if the server returns normally, the attack is considered as successful. Otherwise, the attack is considered as failed. In the event of an attack succeeds, if return characteristics of the injected script is found, then this web program may exist XSS vulnerabilities, else there is no cross-site scripting vulnerability. Regular match can be used to verify that the eigenvalues in the returned result. Report generation: write result of each attack into the report. Where there is a suspected cross-site scripting vulnerability, not only statistics on the number of attacks, but also the suspected places and all attack requests will be written into the report. If no XSS vulnerability is detected, report records the number of attacks only. The final report is generated after all attacks are finished.
The XSS vulnerability detection method designed in this paper has low environmental requirements, high detection efficiency and more flexible approach. The method based on black box dynamic detection constructs feature attack vector according to the principle of vulnerability generation and send it to the server to launch simulation attack, then monitor the server’s return results and make judgments, the use of this method is more extensive. Compared with similar dynamic cross-site scripting vulnerability detection tools, it has the characteristics of high vulnerability coverage, fast detection and flexible interaction. In view of the cross-site scripting vulnerability detection model above, testing experiments are designed to verify the validity of the model. From the test results, this model is effective in constructing the malformed attack features, but it still lacks the detection of injection-triggered cross-site scripting vulnerabilities, and there are still many defects in coverage and automation.