本文已被:浏览 1476次 下载 3107次
Received:November 18, 2014 Revised:December 22, 2014
Received:November 18, 2014 Revised:December 22, 2014
中文摘要: 提出一种自动化检测Android应用反射型跨站脚本漏洞的方法, 通过对Android应用组件的识别和分类, 自动化输入测试例和点击与输入框关联的按钮, 监测运行结果判断应用是否具有潜在的反射型跨站脚本漏洞, 并通过图像处理方法实现了对WebView的支持. 基于该方法实现了一个原型工具. 实验表明, 该方法可以有效的检测Android应用的反射型跨站脚本漏洞, 具有较高的实用性.
Abstract:This paper presents an automated method for detecting reflected XSS vulnerabilities of Android Apps. Through identifying and classifying Android Apps components, automatically inputting test cases, clicking on the input box-related buttons and monitoring the results, to determine whether the applications have potential reflected XSS vulnerabilities. Moreover this method implements support for WebView by image processing. Based on this method, a prototyping tool is also implemented. The experiment results demonstrate that this proposed method can detect reflected XSS vulnerabilities of Android Apps with high practicability and effectiveness.
文章编号: 中图分类号: 文献标志码:
基金项目:
引用文本:
王岩,程绍银,蒋凡.自动化检测Android应用反射型跨站脚本漏洞的方法.计算机系统应用,2015,24(7):195-199
WANG Yan,CHENG Shao-Yin,JIANG Fan.Automated Method for Detecting Reflected XSS Vulnerabilities of Android Apps.COMPUTER SYSTEMS APPLICATIONS,2015,24(7):195-199
王岩,程绍银,蒋凡.自动化检测Android应用反射型跨站脚本漏洞的方法.计算机系统应用,2015,24(7):195-199
WANG Yan,CHENG Shao-Yin,JIANG Fan.Automated Method for Detecting Reflected XSS Vulnerabilities of Android Apps.COMPUTER SYSTEMS APPLICATIONS,2015,24(7):195-199
