Research on Cross-site Scripting Vulnerability Detection Method Based on Penetration Testing

Cross-site scripting vulnerability has become one of the most serious vulnerabilities in the Internet.In order to auto-detect XSS vulnerabilities,propose a XSS detection method based on penetration testing.Submit simple string that will not filtered by Web server before submit attack vectors,interact with Web server once and then exclude part of the detection points that will not contain cross-site scripting vulnerabilities.When detect the detection points,the times of interaction with Web server will be reduced by this method.Delete the repeated detection points,prevent detecting the same detection points extracted from the Web pages.The experiment result shows that this method can detect XSS vulnerabilities effectively.