COMPUTER SCIENCE
and ENGINEERING

The XSS vulnerability is one of the more damaging vulnerabilities of web applications, it could use to steal user accounts, horse attacks. The traditional XSS vulnerability detection tool is easier to be intercepted by the web filter, there is a big gap between the accuracy of the web application and the actual situation. To solve this problem, this paper analyzed the filtering rules of web system filters and security software, and an improved method for dynamic detection of XSS vulnerabilities based on attack vectors is proposed. This method bypasses the web system's filters and security software by way of mutating, obfuscating attack vectors, etc. The experimental results show that the proposed method improves the detection efficiency, and it has good performance in saving time and improving the vulnerability accuracy rate.

XSS Vulnerability, Web Crawler, Attack Vector, Vector Variation, Vulnerability Detection.Text