Web漏洞扫描系统设计与实现
发布时间:2018-08-15 17:44
【摘要】:伴随着计算机网络技术的快速发展,Web及其相关技术得到广泛的应用,网站设计的需求越来越大,但同时其安全问题也日益突出,对它的安全性也越来越受关注,保障Web应用的安全性成为一个重要的课题。目前有许多用于防御Web应用攻击的防护系统,但是会产生不小的性能损耗以及维护成本。因此尽早发现WEB漏洞并将其修复可以极大的降低后续软件维护开销,,避免不必要的损失。Web漏洞扫描是基于Web安全的一种应用非常广泛的主动防御技术,它已经在当前的网络环境中得到普遍的应用,能有效的帮助检测Web存在的漏洞,使漏洞检测更加准确和高效[1]。 本文主要的工作重点在于对Web应用程序漏洞中的关键技术进行研究,在此基础上针对Web应用程序漏洞的XSS和SQL注入的漏洞特征,基于网络爬虫设计的一个具有针对性和实用性的扫描系统。 本文以Web应用程序中的XSS和SQL注入漏洞为研究对象,主要有以下几方面工作: 1.研究各种不同的Web应用程序漏洞的特性。详细剖析了XSS及SQL注入等漏洞。主要包括原因、分类、危害和防御方法。 2.针对XSS和SQL注入漏洞的特性,设计实现了基于主题的网络爬虫模块,主要解析含有参数的URL,手机可能存在XSS和SQL注入的页面,同时设置爬虫深度,直至爬虫结束。 3.设计实现了基于注入恶意代码进而进行静态扫描代码的方式XSS检测模块。 4.设计及实现了基于绕过用户验证的方式和基于注入错误代码查看返回信息的方式SQL注入检测模块。 5.对结果以生成报告的形式进行展示。 6.对该系统进行黑盒测试。
[Abstract]:With the rapid development of computer network technology, Web and its related technologies have been widely used, the demand for website design is increasing, but at the same time, its security problems are becoming increasingly prominent, and its security has been paid more and more attention. Ensuring the security of Web applications has become an important issue. At present, there are many protection systems against Web application attack, but it will cause high performance loss and maintenance cost. Therefore, discovering WEB vulnerabilities as soon as possible and fixing them can greatly reduce the maintenance cost of subsequent software and avoid unnecessary loss .web vulnerability scanning is a very widely used active defense technology based on Web security. It has been widely used in the current network environment, can effectively help detect vulnerabilities in Web, make vulnerability detection more accurate and efficient [1]. The main work of this paper is to study the key technologies in Web application vulnerability, and then to analyze the vulnerability characteristics of XSS and SQL injection in Web application vulnerability. A specific and practical scanning system based on web crawler is designed. This paper focuses on the XSS and SQL injection vulnerabilities in Web applications. The main works are as follows: 1. Study the characteristics of vulnerabilities in various Web applications. The vulnerabilities such as XSS and SQL injection are analyzed in detail. Mainly include causes, classification, hazards and defense methods. 2. Aiming at the characteristics of XSS and SQL injection vulnerabilities, a theme-based web crawler module is designed and implemented, which mainly parses URLs with parameters. The mobile phone may have pages injected by XSS and SQL and set the crawler depth until the end of crawler. 3. 3. Design and implementation of XSS detection module based on injection of malicious code and then static scanning code. 4. Design and implementation of SQL injection detection module based on the way of bypassing user authentication and viewing return information based on injection error code. 5. The results are presented in the form of a report. 6. The system is tested in black box.
【学位授予单位】:中国海洋大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2184945
[Abstract]:With the rapid development of computer network technology, Web and its related technologies have been widely used, the demand for website design is increasing, but at the same time, its security problems are becoming increasingly prominent, and its security has been paid more and more attention. Ensuring the security of Web applications has become an important issue. At present, there are many protection systems against Web application attack, but it will cause high performance loss and maintenance cost. Therefore, discovering WEB vulnerabilities as soon as possible and fixing them can greatly reduce the maintenance cost of subsequent software and avoid unnecessary loss .web vulnerability scanning is a very widely used active defense technology based on Web security. It has been widely used in the current network environment, can effectively help detect vulnerabilities in Web, make vulnerability detection more accurate and efficient [1]. The main work of this paper is to study the key technologies in Web application vulnerability, and then to analyze the vulnerability characteristics of XSS and SQL injection in Web application vulnerability. A specific and practical scanning system based on web crawler is designed. This paper focuses on the XSS and SQL injection vulnerabilities in Web applications. The main works are as follows: 1. Study the characteristics of vulnerabilities in various Web applications. The vulnerabilities such as XSS and SQL injection are analyzed in detail. Mainly include causes, classification, hazards and defense methods. 2. Aiming at the characteristics of XSS and SQL injection vulnerabilities, a theme-based web crawler module is designed and implemented, which mainly parses URLs with parameters. The mobile phone may have pages injected by XSS and SQL and set the crawler depth until the end of crawler. 3. 3. Design and implementation of XSS detection module based on injection of malicious code and then static scanning code. 4. Design and implementation of SQL injection detection module based on the way of bypassing user authentication and viewing return information based on injection error code. 5. The results are presented in the form of a report. 6. The system is tested in black box.
【学位授予单位】:中国海洋大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前7条
1 吴贵山;;SQL注入攻击防御策略的研究[J];计算机与网络;2012年09期
2 王伟军;孙晶;;Web2.0的研究与应用综述[J];情报科学;2007年12期
3 顾韵华;王兴;丁妮;;Web应用安全扫描系统及关键技术研究[J];计算机工程与设计;2008年18期
4 陈金阳 ,蒋建中 ,郭军利 ,张良胜;网络攻击技术研究与发展趋势探讨[J];信息安全与通信保密;2004年12期
5 余志高;周国祥;;Web应用中SQL注入攻击研究[J];信息安全与通信保密;2010年04期
6 张博;;SQL注入攻击与检测技术研究[J];信息安全与通信保密;2010年05期
7 孙丹;胡勇;;浅析XSS漏洞检测、利用及防范[J];信息安全与通信保密;2013年03期
本文编号:2184945
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2184945.html
