中文摘要：

为改进XSS漏洞检测系统中对复杂网页漏洞注入点发现不够充分、动态地分析目标站点的响应信息不足等问题,改善XSS漏洞检测系统的注入点提取、攻击测试向量生成和响应分析等,提出了基于用户行为模拟的XSS漏洞检测方法.通过分析网页结构找到多种非格式化注入点,并通过综合考虑字符串长度、字符种类等因素对攻击向量进行了优化,以绕过服务器的过滤函数,缩短漏洞测试所用的时间.测试结果表明所提方法提高了漏洞注入点的检测覆盖率,提升了XSS漏洞的检测效果.

英文摘要：

To deal with the problems,such as low coverage of found vulnerability injection points in complex web page,lacking of dynamical analysis for response message from target website faced by the detection system of XSS vulnerability,a method to detect XSS vulnerability based on user′s behavior simulation is proposed to make improvement for the detection system of XSS vulnerability on extracting injection points,generating attack test vector and analyzing response results.By searching for a variety of the unformatted injection points through analyzing web page structure as well as taking into consideration the length of the string and the type of the character,the attack test vector is optimized and it can bypass the server filter function and shorten the vulnerability detection time.Test results show that the proposed method can improve the detection coverage rate of the injection point and the detection effect of XSS vulnerability.