Web应用漏洞检测系统研究与设计
发布时间:2018-09-17 18:46
【摘要】:近年来,Web应用程序以其开发周期短、维护成本低、移植性强等优点得到越来越广泛的应用,已经成为我们日常生活中一种流行和普遍的互动媒体。Web应用程序在给人们带来极大便利的同时,也引起攻击者的强烈关注,危害用户个人数据的漏洞时常被发现。Web应用渗透技术是在近几年Web应用蓬勃兴起的背景下发展起来的,通过渗透测试可以及早发现漏洞并将其消除,防患于未然,提升软件产品的信誉,且在软件生命开发周期中,漏洞发现的越早,用于修复和维护的费用越少。Web应用漏洞扫描软件作为Web应用渗透测试过程中的一类重要的工具,通过自动化或人工与自动化相结合的方式有效辅助检测者,减少检测者的工作量,因此很有研究的必要。自动化的Web漏洞扫描器经常被Web应用开发人员和系统管理员用来测试Web应用漏洞。本文分析了Web应用漏洞及其产生原因、漏洞检测方法和检测关键技术,针对现有Web漏洞检测工具的不足,提出了一种高效的基于优化爬虫和特征识别的Web应用漏洞检测机制。基于本文提出的漏洞检测机制,为典型的Web漏洞XSS漏洞以及SQL注入漏洞设计了检测方法,并实现了SQL注入漏洞的检测方法,结果表明该检测方法能够有效的检测SQL注入攻击,同时也验证了本文提出的Web应用漏洞检测机制的有效性和可行性。
[Abstract]:In recent years, Web applications have been more and more widely used because of their advantages of short development cycle, low maintenance cost and strong portability. Has become a popular and universal interactive media. Web application in our daily life, which not only brings great convenience to people, but also arouses the strong concern of the attackers. The vulnerabilities that harm the personal data of users are often found. The penetration technology of web application is developed under the background of the flourishing of Web applications in recent years. Through penetration testing, the vulnerabilities can be detected and eliminated as soon as possible, and the problems can be prevented. Enhance the reputation of software products, and the earlier vulnerabilities are discovered in the software development cycle, the less money is spent on fixing and maintaining. Web-application vulnerability scanning software is an important tool in the process of Web application penetration testing. In order to reduce the workload of the examiner, it is necessary to assist the examiner effectively by the way of automation or the combination of manual and automation. Automated Web vulnerability scanners are often used by Web application developers and system administrators to test Web application vulnerabilities. This paper analyzes the Web application vulnerabilities and their causes, vulnerability detection methods and key technologies. In view of the shortcomings of existing Web vulnerability detection tools, an efficient Web application vulnerability detection mechanism based on optimized crawler and feature recognition is proposed. Based on the vulnerability detection mechanism proposed in this paper, a detection method for typical Web vulnerability, XSS vulnerability and SQL injection vulnerability is designed, and the detection method of SQL injection vulnerability is implemented. The results show that this detection method can detect SQL injection attack effectively. At the same time, it also verifies the effectiveness and feasibility of the Web application vulnerability detection mechanism proposed in this paper.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
[Abstract]:In recent years, Web applications have been more and more widely used because of their advantages of short development cycle, low maintenance cost and strong portability. Has become a popular and universal interactive media. Web application in our daily life, which not only brings great convenience to people, but also arouses the strong concern of the attackers. The vulnerabilities that harm the personal data of users are often found. The penetration technology of web application is developed under the background of the flourishing of Web applications in recent years. Through penetration testing, the vulnerabilities can be detected and eliminated as soon as possible, and the problems can be prevented. Enhance the reputation of software products, and the earlier vulnerabilities are discovered in the software development cycle, the less money is spent on fixing and maintaining. Web-application vulnerability scanning software is an important tool in the process of Web application penetration testing. In order to reduce the workload of the examiner, it is necessary to assist the examiner effectively by the way of automation or the combination of manual and automation. Automated Web vulnerability scanners are often used by Web application developers and system administrators to test Web application vulnerabilities. This paper analyzes the Web application vulnerabilities and their causes, vulnerability detection methods and key technologies. In view of the shortcomings of existing Web vulnerability detection tools, an efficient Web application vulnerability detection mechanism based on optimized crawler and feature recognition is proposed. Based on the vulnerability detection mechanism proposed in this paper, a detection method for typical Web vulnerability, XSS vulnerability and SQL injection vulnerability is designed, and the detection method of SQL injection vulnerability is implemented. The results show that this detection method can detect SQL injection attack effectively. At the same time, it also verifies the effectiveness and feasibility of the Web application vulnerability detection mechanism proposed in this paper.
【学位授予单位】:西安电子科技大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【相似文献】
相关期刊论文 前10条
1 ;漏洞检测代表产品[J];每周电脑报;2003年46期
2 杨阔朝,蒋凡;模拟攻击测试方式的漏洞检测系统的设计与实现[J];计算机应用;2005年07期
3 龙银香;一种新的漏洞检测系统方案[J];微计算机信息;2005年05期
4 贾永杰,王恩堂;一种新的漏洞检测系统方案[J];中国科技信息;2005年09期
5 刘完芳;;基于网络的漏洞检测系统的设计[J];湘潭师范学院学报(自然科学版);2006年03期
6 金怡;蔡勉;王亚军;;基于中间件的漏洞检测系统设计[J];信息安全与通信保密;2007年04期
7 花青;高岭;张林;;分布式漏洞检测系统的设计与实现[J];东南大学学报(自然科学版);2008年S1期
8 张林;高岭;汤声潮;杨e,
本文编号:2246787
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2246787.html
