XSS detection method and equipment

XSS detection method and equipment

  • CN 101,964,025 B
  • Filed: 07/23/2009
  • Issued: 02/03/2016
  • Est. Priority Date: 07/23/2009
  • Status: Active Grant
First Claim
Patent Images

1. detect an XSS leak detection method for the XSS leak in webpage, comprise step:

  • Determine that the receivable parameter-value of webpage is to set;

    AndFor described parameter-value is to each parameter-value pair in set;

    Be configured in value the parameter-value pair inserting particular script;

    Based on this parameter-value inserting particular script to the URL assembled corresponding to described webpage;

    Assembled URL is sent to the webserver;

    Receive the dynamic web content corresponding to assembled URL returned from the described webserver;

    AndUse script analytics engine simulates the dynamic web content that execution obtains, if perform described particular script, then think, in described webpage, XSS leak is existed to the process of this parameter, wherein, whether this script analytics engine is constructed to be triggered based on this particular script determine whether there is XSS leak, and carries out simplify processes to the execution of other script.

View all claims

    Thank you for your feedback