Abstract: Disclosed are a method and apparatus for detecting a document object model (DOM) based cross-site scripting (XSS) vulnerability, an apparatus thereof, and a terminal are provided. The method includes: obtaining a set of parameter-value pairs from an original web address of a web page, where the set of parameter-value pairs comprises at least one parameter-value pair; replacing a parameter value in a parameter-value pair with feature code, to form a test web address for the web page, where the feature code comprises malicious code that comprises a malicious character and is uniquely identified in a DOM tree of the web page; obtaining page content corresponding to the test web address; converting the page content, into the DOM tree; and detecting whether a XSS vulnerability exists in the parameter-value pair, based on the DOM tree and the feature code.

Abstract: A Web page vulnerability detection method and apparatus are described, where the method can receive a vulnerability detection task for performing vulnerability detection on a to-be-detected target Web page; acquiring a configuration file corresponding to the vulnerability according to the vulnerability detection task. The vulnerability detection task being is at least used to indicate a vulnerability that needs to be detected, and the configuration file includes a matching condition used to match the to-be-detected target Web page in to-be-detected Web pages and indication information of a test sample used to perform vulnerability detection on the to-be-detected target Web page. The method also detects whether the vulnerability indicated by the configuration file exists on the to-be-detected target Web page by using the configuration file.

Abstract: A Web page vulnerability detection method and apparatus are described, where the method can receive a vulnerability detection task for performing vulnerability detection on a to-be-detected target Web page; acquiring a configuration file corresponding to the vulnerability according to the vulnerability detection task. The vulnerability detection task being is at least used to indicate a vulnerability that needs to be detected, and the configuration file includes a matching condition used to match the to-be-detected target Web page in to-be-detected Web pages and indication information of a test sample used to perform vulnerability detection on the to-be-detected target Web page. The method also detects whether the vulnerability indicated by the configuration file exists on the to-be-detected target Web page by using the configuration file.

Abstract: Disclosed are a method and apparatus for detecting a document object model (DOM) based cross-site scripting (XSS) vulnerability, an apparatus thereof, and a terminal are provided. The method includes: obtaining a set of parameter-value pairs from an original web address of a web page, where the set of parameter-value pairs comprises at least one parameter-value pair; replacing a parameter value in a parameter-value pair with feature code, to form a test web address for the web page, where the feature code comprises malicious code that comprises a malicious character and is uniquely identified in a DOM tree of the web page; obtaining page content corresponding to the test web address; converting the page content, into the DOM tree; and detecting whether a XSS vulnerability exists in the parameter-value pair, based on the DOM tree and the feature code.