[1] ANTUNES N,VIEIRA M. Defending against Web application vulnerabilities[J]. Computer,2012,45(2):66-72. [2] 李威, 李晓红. Web应用存储型XSS漏洞检测方法及实现[J]. 计算机应用与软件,2016,33(1):24-27,37.(LI W,LI X H. detection method for stored-XSS vulnerability in Web applications and its implementation[J]. Computer Applications and Software, 2016,33(1):24-27,37.) [3] OWSAP. OWASP TOP 10.[2020-08-29]https://owasp.org/wwwproject-top-ten/. [4] 顾明昌, 王丹, 赵文兵, 等. 一种基于攻击向量自动生成的XSS漏洞渗透测试方法[J]. 软件导刊,2016,15(7):173-177.(GU M C,WANG D,ZHAO W B,et al. A penetration testing method for XSS vulnerabilities based on automatic generation of attack vectors[J]. Software Guide,2016,15(7):173-177.) [5] SIVANESAN A P, MATHUR A, JAVAID A Y. A Google Chromium browser extension for detecting XSS attack in HTML5 based websites[C]//Proceedings of the 2018 IEEE International Conference on Electro/Information Technology. Piscataway:IEEE, 2018:302-304. [6] LIU Y, ZHAO W B, WANG D, et al. A XSS vulnerability detection approach based on simulating browser behavior[C]//Proceedings of the 2nd International Conference on Information Science and Security. Piscataway:IEEE,2015:1-4. [7] WANG R,XU G Q,ZENG X J,et al. TT-XSS:a novel taint tracking based dynamic detection framework for DOM Cross-Site Scripting[J]. Journal of Parallel and Distributed Computing,2017, 118(Pt 1):100-106. [8] SIMOS D E, GARN B, ZIVANOVIC J, et al. Practical combinatorial testing for XSS detection using locally optimized attack models[C]//Proceedings of the 2019 IEEE International Conference on Software Testing, Verification and Validation Workshops. Piscataway:IEEE,2019:122-130. [9] LIU M,ZHANG B Y,CHEN W B,et al. A survey of exploitation and detection methods of XSS vulnerabilities[J]. IEEE Access, 2019,7:182004-182016. [10] SARMAH U,BHATTACHARYYA D K,KALITA J K. A survey of detection methods for XSS attacks[J]. Journal of Network and Computer Applications,2018,118:113-143. [11] ZHENG Y H,ZHANG X Y. Path sensitive static analysis of web applications for remote code execution vulnerability detection[C]//Proceedings of the 35th International Conference on Software Engineering. Piscataway:IEEE,2013:652-661. [12] MEDEIROS I,NEVES N,CORREIA M. Detecting and removing web application vulnerabilities with static analysis and data mining[J]. IEEE Transactions on Reliability,2016,65(1):54-69. [13] DUCHENE F,RAWAT S,RICHIER J L,et al. KameleonFuzz:evolutionary fuzzing for black-box XSS detection[C]//Proceedings of the 4th ACM Conference on Data and Application Security and Privacy. New York:ACM,2014:37-48. [14] 程诚, 周彦晖. 基于模糊测试和遗传算法的XSS漏洞挖掘[J]. 计算机科学,2016,43(6A):328-331,364.(CHENG C,ZHOU Y H. Findding XSS vulnerabilities based on fuzzing test and genetic algorithm[J]. Computer Science,2016,43(6A):328-331,364.) [15] 黄文锋, 李晓伟, 霍占强. 基于EBNF和二次爬取策略的XSS漏洞检测技术[J]. 计算机应用研究,2019,36(8):2458-2463. (HUANG W F,LI X W,HUO Z Q. XSS vulnerability detection technology based on EBNF and secondary crawling strategy[J]. Application Research of Computers,2019,36(8):2458-2463.) [16] 维基百科. 网络爬虫[EB/OL].[2020-09-02]. https://zh.wikipedia.org/wiki/网络爬虫. (Wikipedia. Web crawler[EB/OL].[2020-09-02]. https://zh.wikipedia.org/wiki/网络爬虫.) [17] Wikipedia. Fuzzing[EB/OL].[2020-09-02]. https://en.wikipedia.org/wiki/Fuzzing. [18] Software Freedom Conservancy. About Selenium[EB/OL].[2020-09-02]. https://www.selenium.dev/about. [19] MANICO J,HANSEN R R. XSS filter evasion cheat sheet[EB/OL].[2020-09-02]. https://owasp.org/www-community/xssfilter-evasion-cheatsheet. |