本文選題：Bloom過濾器 + 網(wǎng)頁爬蟲��； 參考：《東北大學(xué)》2012年碩士論文

【摘要】：隨著網(wǎng)絡(luò)應(yīng)用的發(fā)展,Web應(yīng)用在社會(huì)各個(gè)領(lǐng)域都得到了極為廣泛的應(yīng)用,伴隨而來的針對Web應(yīng)用的攻擊則不斷攀升。當(dāng)Web應(yīng)用程序存在能夠被利用的漏洞時(shí),黑客便可以對其實(shí)施攻擊從而實(shí)現(xiàn)獲取信息資料、病毒木馬植入、偽裝釣魚網(wǎng)站、惡意插入廣告等非法操作。普通用戶在瀏覽這些Web頁面的過程中很容易導(dǎo)致計(jì)算機(jī)中毒或遭受財(cái)產(chǎn)損失。在Web應(yīng)用程序開發(fā)過程中,如果開發(fā)人員缺乏良好的安全編程意識(shí)和編程習(xí)慣,或者在網(wǎng)站的部署過程中,網(wǎng)站管理人員的安全意識(shí)薄弱,都容易導(dǎo)致Web應(yīng)用程序出現(xiàn)安全隱患,給惡意攻擊者留下可乘之機(jī),因此對網(wǎng)站W(wǎng)eb應(yīng)用的安全檢測是十分必要的。 論文首先闡述了研究背景以及滲透測試系統(tǒng)的目的及深遠(yuǎn)意義,分析了Web應(yīng)用中幾種主要的安全威脅以及針對各種漏洞的檢測手段,并針對以往爬蟲方案存在存儲(chǔ)代價(jià)過高問題,提出了基于Bloom過濾器的網(wǎng)頁爬蟲算法,該算法有效地解決了網(wǎng)頁爬蟲爬行過程中對系統(tǒng)內(nèi)存資源消耗過多的缺點(diǎn)。在此基礎(chǔ)之上設(shè)計(jì)與實(shí)現(xiàn)了一個(gè)基于爬蟲的滲透測試系統(tǒng),該系統(tǒng)檢測手段可分為自動(dòng)檢測和手動(dòng)檢測,能夠?qū)QL注入漏洞、XSS腳本攻擊漏洞、敏感目錄及第三方編輯器漏洞進(jìn)行檢測,并能夠基于SQL注入漏洞進(jìn)一步對數(shù)據(jù)庫信息進(jìn)行獲取,檢測過程中會(huì)動(dòng)態(tài)向測試人員提供檢測信息并在檢測結(jié)束后顯示測試結(jié)果。該系統(tǒng)通過模擬黑客的攻擊行為對網(wǎng)站W(wǎng)eb應(yīng)用進(jìn)行滲透測試,發(fā)現(xiàn)網(wǎng)站運(yùn)行過程中存在的漏洞,為網(wǎng)站管理人員或滲透測試工作人員提供可靠、有效的安全弱點(diǎn)信息。系統(tǒng)測試結(jié)果表明,系統(tǒng)運(yùn)行良好,可以有效地檢測Web應(yīng)用中存在的安全漏洞,為用戶提供有效的安全檢測系統(tǒng)和技術(shù)保障。
[Abstract]:With the development of network applications, Web applications have been widely used in all fields of society, and the accompanying attacks against Web applications have been increasing. When a Web application has a vulnerability that can be exploited, hackers can attack it to obtain information, plant virus Trojans, camouflage phishing sites, insert malicious advertisements and other illegal operations. In the course of browsing these Web pages, ordinary users are prone to computer poisoning or property loss. During the development of a Web application, if the developer lacks a good sense of security programming and programming habits, or during the deployment of a Web site, the security awareness of the site manager is weak, Can easily lead to a security risk for a Web application, leaving a malicious attacker with a chance to take advantage of it. Therefore, it is very necessary to detect the security of web application. Firstly, the research background, the purpose and the profound significance of the penetration test system are expounded in this paper. This paper analyzes several main security threats and detection methods for various vulnerabilities in Web applications, and proposes a web crawler algorithm based on Bloom filter to solve the problem of high storage cost in previous crawler schemes. This algorithm effectively solves the problem of excessive consumption of memory resources in web crawler crawling process. On this basis, a reptilian based penetration testing system is designed and implemented, which can be divided into automatic detection and manual detection, and can attack the vulnerability of XSS script on SQL injection vulnerability. Sensitive directories and third party editor vulnerabilities can be detected and database information can be obtained based on SQL injection vulnerability. The detection information will be dynamically provided to testers during the detection process and the test results will be displayed after the detection. By simulating the attack behavior of hackers, the system tests the Web application, and finds the loopholes in the process of website operation, and provides reliable and effective security vulnerability information for website managers or penetration testing staff. The system test results show that the system runs well and can effectively detect the security vulnerabilities in Web applications and provide users with effective security detection system and technical support.
【學(xué)位授予單位】：東北大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2012
【分類號(hào)】：TP393.092

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 肖明忠,代亞非,李曉明;拆分型Bloom Filter[J];電子學(xué)報(bào);2004年02期

2 沈壽忠;張玉清;;基于爬蟲的XSS漏洞檢測工具設(shè)計(jì)與實(shí)現(xiàn)[J];計(jì)算機(jī)工程;2009年21期

3 彭賡;范明鈺;;基于改進(jìn)網(wǎng)絡(luò)爬蟲技術(shù)的SQL注入漏洞檢測[J];計(jì)算機(jī)應(yīng)用研究;2010年07期

4 徐娜;劉四維;汪翔;倪衛(wèi)明;;基于Bloom Filter的網(wǎng)頁去重算法[J];微型電腦應(yīng)用;2011年03期

5 丁振國;吳寶貴;辛友強(qiáng);;基于Bloom Filter的大規(guī)模網(wǎng)頁去重策略研究[J];現(xiàn)代圖書情報(bào)技術(shù);2008年03期

，

本文編號(hào)：2003874