Web2.0技术安全性的研究与防范
发布时间:2019-04-26 07:15
【摘要】:随着互联网的快速发展,以个人为中心的开放式Web2.0站点开始逐渐占据各大网站,各种社交网络、个人博客、开放式信息-平台孕育而生。然而新技术的使用以及Web2.0网站数量的不断增长,在为用户带来更好的互联网体验时也带来了新的安全威胁,各种Web蠕虫、恶意信息利用Web2.0网或站的开放性大肆传播,严重危害着互联网用户的安全与隐私。因此,对Web2.0技术的安全性研究与防范具有重大意义。本文首先对Web2.0相关技术进行了研究与总结并对这些技术的安全性进行分析,主要包括能极大改善交互体验的AJAX技术以及提高信息传输速度的HTTP压缩技术。对于AJAX技术,首先研究了主要原理,分析其中可能存在的安全隐患并与传统Webl.0的交互方式进行对比,总结两者的优缺点,结合目前出现Web攻击,分析了 XSS、CSRF等多种攻击基于AJAX技术的新改变。对于HTTP压缩技术,首先研究了目前Web常用的几种压缩算法,并对利用HTTP压缩技术而新产生的Orcale攻击、Breach攻击进行了研究与分析。经过对以上技术的安全性分析,通过调研现有的XSS、CSRF防御方法,主要有基于黑白名单的防御方法和基于Token校验的防御方法,在分析了这些防御的优缺点以及新攻击对这些方法产生威胁的基础上,本文提出了一种针对Web2.0应用的安全防御方案。该方案将基于特征匹配的输入检测以及富文本白名单输出过滤相结合进行XSS攻击的防御,使用一种可逆加密算法将Token随机化来防御与Breach攻击结合的新型CSRF攻击。通过实验数据表明,该防御方案能有效的防御Web2.0应用中频繁出现的攻击,防御效果相比传统方案更加显著。
[Abstract]:With the rapid development of the Internet, individual-centered open Web2.0 sites gradually occupy the major websites, various social networks, personal blogs, open information-platform gestation. However, the use of new technologies and the increasing number of Web2.0 websites also bring new security threats to users when they bring a better Internet experience. Various Web worms and malicious information take advantage of the openness of Web2.0 nets or stations to spread extensively. It seriously endangers the security and privacy of Internet users. Therefore, it is of great significance to study and prevent the security of Web2.0 technology. In this paper, Web2.0-related technologies are studied and summarized, and the security of these technologies is analyzed, including AJAX technology, which can greatly improve interactive experience, and HTTP compression technology, which can improve the speed of information transmission. For AJAX technology, the main principle is studied firstly, the possible security hidden danger is analyzed and compared with the traditional Webl.0, the advantages and disadvantages of the two are summarized, and combined with the Web attack at present, the XSS, is analyzed. Many attacks, such as CSRF, are based on new changes in AJAX technology. For HTTP compression technology, this paper first studies several compression algorithms commonly used in Web at present, and studies and analyzes the new Orcale attack and Breach attack which are generated by using HTTP compression technology. Through the security analysis of the above technologies, through the investigation of the existing XSS,CSRF defense methods, there are mainly black-and-white list-based defense methods and Token-based defense methods. Based on the analysis of the advantages and disadvantages of these defenses and the threat of new attacks to these methods, a security defense scheme for Web2.0 applications is proposed in this paper. This scheme combines feature matching-based input detection and rich text white list output filtering to defend against XSS attacks, and uses a reversible encryption algorithm to randomize Token against a new type of CSRF attack combined with Breach attacks. The experimental data show that this defense scheme can effectively defend against the frequent attacks in Web2.0 applications, and the defense effect is more significant than the traditional scheme.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.4
[Abstract]:With the rapid development of the Internet, individual-centered open Web2.0 sites gradually occupy the major websites, various social networks, personal blogs, open information-platform gestation. However, the use of new technologies and the increasing number of Web2.0 websites also bring new security threats to users when they bring a better Internet experience. Various Web worms and malicious information take advantage of the openness of Web2.0 nets or stations to spread extensively. It seriously endangers the security and privacy of Internet users. Therefore, it is of great significance to study and prevent the security of Web2.0 technology. In this paper, Web2.0-related technologies are studied and summarized, and the security of these technologies is analyzed, including AJAX technology, which can greatly improve interactive experience, and HTTP compression technology, which can improve the speed of information transmission. For AJAX technology, the main principle is studied firstly, the possible security hidden danger is analyzed and compared with the traditional Webl.0, the advantages and disadvantages of the two are summarized, and combined with the Web attack at present, the XSS, is analyzed. Many attacks, such as CSRF, are based on new changes in AJAX technology. For HTTP compression technology, this paper first studies several compression algorithms commonly used in Web at present, and studies and analyzes the new Orcale attack and Breach attack which are generated by using HTTP compression technology. Through the security analysis of the above technologies, through the investigation of the existing XSS,CSRF defense methods, there are mainly black-and-white list-based defense methods and Token-based defense methods. Based on the analysis of the advantages and disadvantages of these defenses and the threat of new attacks to these methods, a security defense scheme for Web2.0 applications is proposed in this paper. This scheme combines feature matching-based input detection and rich text white list output filtering to defend against XSS attacks, and uses a reversible encryption algorithm to randomize Token against a new type of CSRF attack combined with Breach attacks. The experimental data show that this defense scheme can effectively defend against the frequent attacks in Web2.0 applications, and the defense effect is more significant than the traditional scheme.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.4
【参考文献】
相关期刊论文 前10条
1 詹雄;郭昊;张,
本文编号:2465860
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2465860.html
