原创力文档基于正则表达式的java web程序漏洞检测技术分析-analysis of java web program vulnerability detection technology based on regular expression.docxVIP
- 37
- 0
- 约3.87万字
- 约 57页
- 2018-08-14 发布于上海
- 举报
基于正则表达式的java web程序漏洞检测技术分析-analysis of java web program vulnerability detection technology based on regular expression
AbstractManyWebapplicationssufferfromnetworkattackpatternssuchasXSSandSQLinjectionattackduetothelackofthevalidationforuserinput.TheattackerslaunchtheattackbyconstructingmaliciousandpreciseSQLstatementandthensubmittothedatabaseserverinordertodeceivetheservertoperformthestatementstoachievetheirpurpose,ortheyembedthemaliciousscriptintotheWebpageHTMLtagstodeceivetheclientbrowsertoexecuteforachievingthetheftofcookie.SQLinjectionandXSSattackhavetheirownfeature,butthesamereasonofthesetwoattackmodesisthelackofvalidationandfilteringmechanismforuserinput.RegularexpressionhasbeenwidelyusedindetectingWebapplicationvulnerabilitybecauseofitssimpleformandpowerfulfunction.ThispapermainlyfocusesonhowtodetecttheexistenceofSQLinjectionattacksandXSSvulnerabilitybyusingregularexpressionanditsautomataformtomaketheintersectionwiththevaluesetofthestringatcertainprogrampoint.Inordertodetectwhetherthevulnerabilitiesexist,weneedtoconstructtheregularexpressionwhichstandsforattackmodeaselaborateaspossible.Atthesametimeweneedtoconstructthestringmanipulationlibrarywhichsimulatesthestringoperationtogetthevalueofthestringattheprogrampoints.Wegetthedependenceinformationofthesourcecodebasedonstaticanalysis,andthendothedependenceanalysisforthevulnerablepointoftheprogramtoconstructthecorrespondingvulnerablepointdependencegraphforthepotentialvulnerablepointsoastoobtainthesetvalueofthestringindifferentprogrampoints.AndthenwecandeterminetheexistenceofSQLinjectionandXSSattacksvulnerabilityintheprogrampoints.Finallythesystemfiltersthecharactersintheattackstringandgivesthedescriptionsandproposedoperationstoguaranteethesafetyoftheprogrameffectively.TheexperimentalresultsshowthatwecandetectthemajorityofSQLinjectionandXSSattacksaccuratelyandmakeeffectivetreatmentonthebasisoftheelaboratelyconstructedregularexpressions,automataoperationlibraryandstaticanalysisfortheprogram.Keywords:InjectionAttack,XSSAttack,Regularexpression,Programvulnerability目录摘要IAbstractII1绪论1.1研究背景及意义(1)1.2国内外研究现状(1)1.3主要内容及组织结构(4)2攻击模式2.1SQ
您可能关注的文档
- 基于游客感知的旅游资源开发——以巴里坤为例-tourism resources development based on tourists' perception a case study of balikun.docx
- 基于游客感知的休闲旅游城市品牌营销评价体系分析-analysis on evaluation system of leisure tourism city brand marketing based on tourists' perception.docx
- 基于游客感知价值的田横岛祭海节开发分析-development and analysis of tian heng island sea festival based on tourists' perceived value.docx
- 基于游客满意度的桂林漂流景区门票价格容忍度分析-analysis of ticket price tolerance in guilin drifting scenic spot based on tourists' satisfaction.docx
- 基于游客满意度的乡村旅游服务质量提升策略分析-analysis of rural tourism service quality promotion strategy based on tourists' satisfaction.docx
- 基于游客行为的城市公园景观设计研究——以杭州花港观鱼公园为例-study on landscape design of city parks based on tourists' behavior - a case study of huagang guanyu park in hangzhou.docx
- 基于游客偏好与满意度的影视旅游地管理分析——以热带天堂森林公园为例-analysis on the management of movie and tv tourist destinations based on tourists' preferences and satisfaction - a case study of tropical paradise forest park.docx
- 基于游客体验的休闲旅游城市品牌塑造分析——以杭州市为例-analysis on brand building of leisure tourism city based on tourists' experience - taking hangzhou city as an example.docx
- 基于游客体验的休闲旅游城市品牌塑造研究--以杭州市为例-research on brand building of leisure tourism city based on tourists' experience - a case study of hangzhou city.docx
- 基于游客需求的斯洛伐克中国旅游市场开发研究-research on the development of chinese tourism market in slovakia based on tourists' demand.docx
- 小区绿化施工协议书.docx
- 墙面施工协议书.docx
- 1 古诗二首(课件)--2025-2026学年统编版语文二年级下册.pptx
- (2026春新版)部编版八年级道德与法治下册《3.1《公民基本权利》PPT课件.pptx
- (2026春新版)部编版八年级道德与法治下册《4.3《依法履行义务》PPT课件.pptx
- (2026春新版)部编版八年级道德与法治下册《6.2《按劳分配为主体、多种分配方式并存》PPT课件.pptx
- (2026春新版)部编版八年级道德与法治下册《6.1《公有制为主体、多种所有制经济共同发展》PPT课件.pptx
- 初三教学管理交流发言稿.docx
- 小学生课外阅读总结.docx
- 餐饮门店夜经济运营的社会责任报告(夜间贡献)撰写流程试题库及答案.doc
文档评论(0)