基于GHDB的漏洞扫描技术的研究与实践
发布时间:2019-06-10 02:03
【摘要】:随着互联网新技术、新应用的快速发展,Web已经成为全球通信的主要媒介,并逐渐影响人们的生产和生活方式。企业信息化过程中的多种应用程序都架设在Web平台之上,社交网站、微博等一系列新型互联网产品的诞生也使得基于Web的互联网应用涉及的领域越来越广泛。在网络给人们带来巨大的便利和实惠的同时,Web安全问题也日益突出,这些安全问题不仅仅关系到人们的日常生活甚至会直接影响到国家安全和社会稳定。 本文从目前Web中存在的各种安全漏洞和频繁出现的各种安全事件等问题出发,对Web安全漏洞扫描技术进行了深入的研究,并且分析了当前主流的基于主机的漏洞扫描技术和基于网络的漏洞扫描技术。详细剖析了SQL注入漏洞、CGI漏洞等Web安全漏洞产生的原因和检测方法。 论文在近些年搜索引擎高速发展的背景之下,提出使用搜索引擎来进行漏洞扫描,通过在搜索引擎提供的巨大的资源库中查找指定漏洞的特征信息来判断安全漏洞是否存在。从入侵者的角度来看,这种方法因为不需要和目标系统进行直接交互而使得扫描过程具有更好的隐蔽性。 在上述思想的指导下,本文深入分析并研究了基于谷歌搜索引擎的搜索扫描技术及相关安全服务,并对谷歌黑客技术进行了详细的探讨、分析和总结。在此基础上论文对谷歌黑客数据库(GHDB)进行了深入的剖析和二次开发,采用谷歌黑客技术、使用谷歌提供的编程接口设计并实现了一个基于GHDB的Web安全扫描工具的原型,并通过实验证实了工具的有效性。
[Abstract]:With the rapid development of new Internet technology and new applications, Web has become the main medium of global communication, and gradually affects people's production and lifestyle. In the process of enterprise informatization, a variety of applications are set up on the Web platform. The birth of a series of new Internet products, such as social networking sites, Weibo and so on, also makes the Internet applications based on Web more and more widely. While the network brings great convenience and benefits to people, the security problems of Web are becoming more and more prominent. These security problems are not only related to people's daily life, but also directly affect national security and social stability. Based on the problems of various security vulnerabilities and frequent security events in Web, this paper makes a deep study on the scanning technology of Web security vulnerabilities. And the current mainstream host-based vulnerability scanning technology and network-based vulnerability scanning technology are analyzed. The causes and detection methods of SQL injection vulnerability, CGI vulnerability and other Web security vulnerabilities are analyzed in detail. Under the background of the rapid development of search engine in recent years, this paper proposes to use search engine to scan vulnerabilities, and to judge whether security vulnerabilities exist by looking up the characteristic information of specified vulnerabilities in the huge resource base provided by search engines. From the point of view of intruders, this method makes the scanning process more hidden because it does not need to interact directly with the target system. Under the guidance of the above ideas, this paper deeply analyzes and studies the search scanning technology and related security services based on Google search engine, and makes a detailed discussion, analysis and summary of Google hacker technology. On this basis, this paper makes a deep analysis and secondary development of Google hacker database (GHDB), and designs and implements a prototype of Web security scanning tool based on GHDB by using Google hacker technology and using the programming interface provided by Google. The effectiveness of the tool is verified by experiments.
【学位授予单位】:北京交通大学
【学位级别】:硕士
【学位授予年份】:2012
【分类号】:TP393.08
[Abstract]:With the rapid development of new Internet technology and new applications, Web has become the main medium of global communication, and gradually affects people's production and lifestyle. In the process of enterprise informatization, a variety of applications are set up on the Web platform. The birth of a series of new Internet products, such as social networking sites, Weibo and so on, also makes the Internet applications based on Web more and more widely. While the network brings great convenience and benefits to people, the security problems of Web are becoming more and more prominent. These security problems are not only related to people's daily life, but also directly affect national security and social stability. Based on the problems of various security vulnerabilities and frequent security events in Web, this paper makes a deep study on the scanning technology of Web security vulnerabilities. And the current mainstream host-based vulnerability scanning technology and network-based vulnerability scanning technology are analyzed. The causes and detection methods of SQL injection vulnerability, CGI vulnerability and other Web security vulnerabilities are analyzed in detail. Under the background of the rapid development of search engine in recent years, this paper proposes to use search engine to scan vulnerabilities, and to judge whether security vulnerabilities exist by looking up the characteristic information of specified vulnerabilities in the huge resource base provided by search engines. From the point of view of intruders, this method makes the scanning process more hidden because it does not need to interact directly with the target system. Under the guidance of the above ideas, this paper deeply analyzes and studies the search scanning technology and related security services based on Google search engine, and makes a detailed discussion, analysis and summary of Google hacker technology. On this basis, this paper makes a deep analysis and secondary development of Google hacker database (GHDB), and designs and implements a prototype of Web security scanning tool based on GHDB by using Google hacker technology and using the programming interface provided by Google. The effectiveness of the tool is verified by experiments.
【学位授予单位】:北京交通大学
【学位级别】:硕士
【学位授予年份】:2012
【分类号】:TP393.08
【参考文献】
相关期刊论文 前6条
1 梁雪松;;Google Hacking技术分析及防范对策研究[J];电脑知识与技术(学术交流);2007年02期
2 张吉才,张翔,王韬;网络CGI漏洞扫描器的研究与实现[J];计算机工程与设计;2003年12期
3 郑辉,李冠一;Google Hacking与智能蠕虫防治[J];信息安全与通信保密;2005年08期
4 齐建臣;,
本文编号:2496082
本文链接:https://www.wllwen.com/kejilunwen/sousuoyinqinglunwen/2496082.html
