Web脆弱性检测关键技术的研究与系统实现

发布时间：2018-02-26 04:00

本文关键词： Web脆弱性 Web脆弱性分类 Web脆弱性检测 Web脆弱性检测模型　出处：《北京邮电大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着时代的进步和科技发展,互联网正影响着社会的发展,改变着人们生活。与此同时,互联网中各类安全问题也日益凸显,越来越受到人们的关注。Web系统作为互联网中最常见的应用系统,其安全性保障至关重要。但与之对应的却是Web系统的开发人员经验不足、安全意识较差,加之传统检测手段执行时间长,易出错以及不能很好适用于Web系统等缺点,使得安全问题成为Web系统的最大隐患。于是研究有效的Web系统脆弱性检测就成为了提高测试效率,缩短测试时间,节约测试成本,保障Web系统安全问题的有效手段。本文首先调研了Web脆弱性检测相关的国内外研究现状,说明了课题的研究背景、意义,明确了Web脆弱性检测课题的研究任务。随后,对Web脆弱性、Web脆弱性分类以及常用的Web脆弱性检测技术进行了详细的介绍和说明,分析了其适用特点以及目前存在的不足。然后,研究了Web脆弱性分类方法以及Web脆弱性检测模型,提出了一种基于攻击生命周期的Web脆弱性分类方法和一种基于攻击操作模型改进的Web脆弱性检测模型。接着,在Web脆弱性分类和Web脆弱性检测模型的研究基础上,设计基于B/S架构的Web脆弱性检测系统,并详细说明了系统框架、业务流程以及核心模块。根据以上提出的设计方案,本文最终实现了Web脆弱性检测系统,并搭建测试环境,对系统的核心模块以及整个系统的功能进行了测试。通过测试实验,系统完成了设计的功能,验证了设计的有效性和实用性。最后,在本文结束时,总结了本文所做的工作,并指出了未来Web脆弱性检测研究的重点与方向。
[Abstract]:With the progress of the times and the development of science and technology, the Internet is affecting the development of society and changing people's lives. At the same time, all kinds of security problems in the Internet are becoming increasingly prominent. As the most common application system in the Internet, the security guarantee of the web system is becoming more and more important, but the developers of the Web system are inexperienced and have poor security consciousness. With the disadvantages of long execution time, error-prone and unsuitable for Web system, the security problem becomes the biggest hidden trouble of Web system, so the research of effective Web system vulnerability detection becomes to improve the test efficiency. Shortens the test time, saves the test cost, guarantees the Web system security question the effective method. This paper first investigates the current situation of Web vulnerability detection at home and abroad, explains the background and significance of the research, and clarifies the research task of Web vulnerability detection. In this paper, the classification of Web vulnerability and the commonly used Web vulnerability detection techniques are introduced and explained in detail. The applicable characteristics and shortcomings of Web vulnerability detection are analyzed. In this paper, the Web vulnerability classification method and the Web vulnerability detection model are studied, and a Web vulnerability classification method based on attack life cycle and an improved Web vulnerability detection model based on attack operation model are proposed. Based on the research of Web vulnerability classification and Web vulnerability detection model, a Web vulnerability detection system based on B / S architecture is designed, and the system framework, business process and core modules are described in detail. According to the above design scheme, the Web vulnerability detection system is finally implemented in this paper, and the testing environment is built. The core modules and the functions of the whole system are tested. The system has completed the function of the design and verified the validity and practicability of the design. Finally, at the end of this paper, the work done in this paper is summarized, and the emphasis and direction of the future research on Web vulnerability detection are pointed out.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】