网站开发技术的安全性分析及改进策略研究

发布时间：2018-06-13 18:48

本文选题：网站安全 + 防SQL注入　；参考：《天津工业大学》2014年硕士论文

【摘要】：随着网络的飞速发展、网民数量的剧增以及全球社会日益信息化,使得网成为了网络生活中的重要角色,担当了信息化的重要载体,网站在发挥重要作用和丰富人们生活的同时,针对网站的攻击亦开始活跃起来,这给网站带来了极大的安全隐患。本文首先对当前网站安全的形势及网站安全的研究现状进行了分析,并阐述了一些常见安全防护的优点和缺点,进而引出了本文的研究内容：网站开发技术的安全性分析及改进策略研究。本文研究了脚本入侵、注入攻击(Injection Attack),跨站脚本攻击(XSS Attack)等对网站的攻击方式,并有针对性提出了的相对应的入侵防范解决方案。针对跨站攻击,本文提出了服务器端和客户端相结合的总和防御方案,防范的核心思想则是在服务器端不唯一依靠浏览器所直接提交的身份认证信息,而需要添加额外的校验信息。通过几种类型的入侵方式,来对出翔对应的防范策略。
[Abstract]:With the rapid development of the network, the rapid increase of the number of Internet users and the increasing informatization of the global society, the network has become an important role in the network life, and has played an important role in the informatization. Website plays an important role and enriches people's life at the same time, the attack against website also begins to be active, which brings great security hidden danger to website. This paper first analyzes the current situation of website security and the research status of website security, and expounds the advantages and disadvantages of some common security protection. And then leads to the research content of this paper: website development technology security analysis and improvement strategy research. In this paper, the attack methods of script intrusion, injection attack, cross-station script attack XSS attack on the website are studied, and the corresponding intrusion prevention solutions are put forward. In view of the cross-station attack, this paper proposes a total defense scheme which combines the server side and the client side. The core idea of prevention is that the authentication information directly submitted by the browser is not the only one on the server side. Additional validation information needs to be added. Through several types of intrusion, to the corresponding prevention strategy.
【学位授予单位】：天津工业大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.092

【相似文献】