【摘要】：近年來,Web應用程序以其開發(fā)周期短、維護成本低、移植性強等優(yōu)點得到越來越廣泛的應用,已經成為我們日常生活中一種流行和普遍的互動媒體。Web應用程序在給人們帶來極大便利的同時,也引起攻擊者的強烈關注,危害用戶個人數(shù)據(jù)的漏洞時常被發(fā)現(xiàn)。Web應用滲透技術是在近幾年Web應用蓬勃興起的背景下發(fā)展起來的,通過滲透測試可以及早發(fā)現(xiàn)漏洞并將其消除,防患于未然,提升軟件產品的信譽,且在軟件生命開發(fā)周期中,漏洞發(fā)現(xiàn)的越早,用于修復和維護的費用越少。Web應用漏洞掃描軟件作為Web應用滲透測試過程中的一類重要的工具,通過自動化或人工與自動化相結合的方式有效輔助檢測者,減少檢測者的工作量,因此很有研究的必要。自動化的Web漏洞掃描器經常被Web應用開發(fā)人員和系統(tǒng)管理員用來測試Web應用漏洞。本文分析了Web應用漏洞及其產生原因、漏洞檢測方法和檢測關鍵技術,針對現(xiàn)有Web漏洞檢測工具的不足,提出了一種高效的基于優(yōu)化爬蟲和特征識別的Web應用漏洞檢測機制�；诒疚奶岢龅穆┒礄z測機制,為典型的Web漏洞XSS漏洞以及SQL注入漏洞設計了檢測方法,并實現(xiàn)了SQL注入漏洞的檢測方法,結果表明該檢測方法能夠有效的檢測SQL注入攻擊,同時也驗證了本文提出的Web應用漏洞檢測機制的有效性和可行性。
[Abstract]:In recent years, Web applications have been more and more widely used because of their advantages of short development cycle, low maintenance cost and strong portability. Has become a popular and universal interactive media. Web application in our daily life, which not only brings great convenience to people, but also arouses the strong concern of the attackers. The vulnerabilities that harm the personal data of users are often found. The penetration technology of web application is developed under the background of the flourishing of Web applications in recent years. Through penetration testing, the vulnerabilities can be detected and eliminated as soon as possible, and the problems can be prevented. Enhance the reputation of software products, and the earlier vulnerabilities are discovered in the software development cycle, the less money is spent on fixing and maintaining. Web-application vulnerability scanning software is an important tool in the process of Web application penetration testing. In order to reduce the workload of the examiner, it is necessary to assist the examiner effectively by the way of automation or the combination of manual and automation. Automated Web vulnerability scanners are often used by Web application developers and system administrators to test Web application vulnerabilities. This paper analyzes the Web application vulnerabilities and their causes, vulnerability detection methods and key technologies. In view of the shortcomings of existing Web vulnerability detection tools, an efficient Web application vulnerability detection mechanism based on optimized crawler and feature recognition is proposed. Based on the vulnerability detection mechanism proposed in this paper, a detection method for typical Web vulnerability, XSS vulnerability and SQL injection vulnerability is designed, and the detection method of SQL injection vulnerability is implemented. The results show that this detection method can detect SQL injection attack effectively. At the same time, it also verifies the effectiveness and feasibility of the Web application vulnerability detection mechanism proposed in this paper.
【學位授予單位】：西安電子科技大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【相似文獻】

相關期刊論文 前10條

1 ;漏洞檢測代表產品[J];每周電腦報;2003年46期

2 楊闊朝,蔣凡;模擬攻擊測試方式的漏洞檢測系統(tǒng)的設計與實現(xiàn)[J];計算機應用;2005年07期

3 龍銀香;一種新的漏洞檢測系統(tǒng)方案[J];微計算機信息;2005年05期

4 賈永杰,王恩堂;一種新的漏洞檢測系統(tǒng)方案[J];中國科技信息;2005年09期

5 劉完芳;;基于網(wǎng)絡的漏洞檢測系統(tǒng)的設計[J];湘潭師范學院學報(自然科學版);2006年03期

6 金怡;蔡勉;王亞軍;;基于中間件的漏洞檢測系統(tǒng)設計[J];信息安全與通信保密;2007年04期

7 花青;高嶺;張林;;分布式漏洞檢測系統(tǒng)的設計與實現(xiàn)[J];東南大學學報(自然科學版);2008年S1期

8 張林;高嶺;湯聲潮;楊e，

本文編號：2246787