Web应用漏洞的分析和防御-计算机系统结构专业论文.docxVIP

摘 要 随着计算机网络技术的迅速发展，Web 应用系统在电子政务与电子商务领域 都得到了广泛的应用，伴随而来的是黑客利用 Web 应用程序漏洞发起的攻击也大 幅上升。如何减少 Web 应用程序漏洞，构建功能安全的 Web 应用系统已成为 Web 应用安全所面临的重要课题。 论文首先分析了 Web 应用安全的严峻形势，跟踪 Web 应用安全的国内外现 状，通过对相关方面资料的研究，提出了 Web 应用程序漏洞的概念，并对其分类 进行了研究；接着对当前 Web 应用程序中常见漏洞进行深层分析，所涉及漏洞包 括：SQL 注入、跨站脚本、跨站请求伪造、拒绝服务、缓冲区溢出、会话攻击、 目录遍历漏洞、文件上传漏洞和文件包含漏洞，探讨研究了上述漏洞的攻击原理、 攻击类型、攻击过程以及检测方法等，在此基础上提出了对其的防护措施和解决 方案；然后设计一个 Web 应用系统来演示各模块存在的潜在漏洞，并针对其提出 相应的防护措施将漏洞去除，从而提高了 Web 应用程序的安全性；最后对本文进 行了总结并提出下一步的工作。 关键词：Web 应用 Web 攻击 安全漏洞 安全对策 Abstract With the rapid development of computer network, Web application system has been widely used in Electronic Government and Electronic Commerce, and consequently the amount of the attacks of Hackers’ to Web application vulnerabilities has increased dramatically. How to reduce Web application vulnerabilities and construct a Web application system with complete functions has become an important subject. First, this paper analyzes the severe situation of Web application security, follows the current status of Web application security both domestically and abroad, proposes the concept of Web application vulnerability, and researches on its classification. Second, this paper analyzes the common vulnerabilities of Web application program deeply, which includes: SQL injection, cross site scripts, cross site request forgery, denial of service , buffer overflow, session attack, directory traversal vulnerability, file upload vulnerability and file include vulnerability; discusses the principles, types, processes and testing methods of the attacks presented above; proposes a safety precaution measure and solution. Third, this paper designs Web application system to demonstrate the latent loopholes existing in every module, and proposes a safety precaution measure to eliminate the loopholes which improve the safety of Web application program. Finally, the summary of this paper is stated and future work presented. Keywords: Web application Web attack security vulnerability security countermeasur