跨站点脚本攻击XSS的攻击原理与防护Principle of Cross-site Scripting Attacks
苏鹏
摘要(Abstract):
跨站点脚本攻击已经成为近些年最为臭名昭著的网络安全隐患。本文试图分析其工作原理及攻击行为特点,并介绍如何在当前网络环境下防范攻击,保护服务器数据安全。
关键词(KeyWords): 脚本攻击;跨域安全;网络安全
基金项目(Foundation):
作者(Author): 苏鹏
DOI: 10.16453/j.issn.2095-8595.2014.01.023
参考文献(References):
- [1]CERT Advisory CA-2000-02 Malicious HTML Tags Embedded in Client Web Requests(英文).
- [2]Cross Site Scripting Info(英文).
- [3]The Same Origin Policy(英文).
- [4]XSS(Cross Site Scripting)Cheat Sheet(英文).
- [5]Arthur,Charles.Twitter users including Sarah Brown hit by malicious hacker attack.The Guardian.September 21,2010[September 21,2010].
- [6]Leyden,John.Facebook poked by XSS flaw.The Register.May 23,2008[May 28,2008].
- [7]Full List of Incidents.Web Application Security Consortium.February17,2008[May 28,2008].
- [8]Obama site hacked;Redirected to Hillary Clinton.ZDNet.April 21,2008[May 28,2008].
- [9]新浪微博病毒事件分析.SOHU.2011-06-28.
- [10]Berinato,Scott.Software Vulnerability Disclosure:The Chilling Effect.CSO(CXO Media).January 1,2007:(7)[June 7,2008].(原始内容存档于2008-04-18).
- [11]OWASP Top 10-2010 Document.OWASP.April 19,2010[Jan 2,2013].