web应用服务安全性分析及解决方案计算机应用技术专业论文.docxVIP

摘 摘 要 如今Web应用服务已经成为非常流行的网络服务，同时也是最常遭受攻击的服务， 而且Web攻击造成了严重的损失。除了已知的安全漏洞之外，越来越多的Web应用层安 全问题暴露了出来，例如SQL注入、·参数篡改、数据库安全等等。 Web安全是本文研究的重点和主题，所有的研究都是以此为中心来展开的。本文以 安全基础一密码学作为切入点，阐明了要解决数据传输的安全性所应具备的要素：机密 性、完整性、真实性和抗否认性，并阐明了密码学所能解决的问题。在本论文中，首先 从网络层上分析了如何利用SSL协议对通信的双方进行身份认证，并对数据在网络中传 输的安全性进行了加强。接着从Web服务器端和客户端两个层面详细研究了其中的Web 攻击，例如SQL注入、参数篡改等，从中总结出Web攻击的特点和规律，对各种安全问 题提出了相应的解决方案，并对目前的数据库加密算法提出了不足，并且增加了对数据 完整性的检查。 本文最后在对Web攻击的研究的基础之上设计并实现了一个基于J2EE的安全Web 应用服务系统。该系统实现了服务器和客户端的双向认证、数据的安全传输、抵抗SQL 注入攻击、数据库加密等安全功能需求，实践证明此设计方案在很大程度上提高了Web 应用的安全性。 关键词Web安全，双向认证，SSL，SQL注入， 数据库加密 ABSTRACTWeb ABSTRACT Web application service has become the popular service today and is the most vulnerable service of network．The attack results in severe lOSS．Besides the known vulnerabilities，more application—layer web securities have been exploited recently,such as SQL injection，parameter tampering，database security etc． Web security is the importance and theme of this paper,and all the studies are started on it．Based on the basis of security,cryptography,as a starting point， writer explains several factors which are required to make secure transmission of data：confidentiality,integrity,authentication，and non—denied，and states that which problems can be solved by cryptography．In this thesis，firstly,it is analyzed how to make use of S SL protocol to authenticate both sides of communication from the network layer,and the security of data transmission in the network is strengthened．Then Web attacks are researched detailedly from the server layer and client layer,such as SQL injection，parameter tampering etc． Summarized characteristic and law of Web attacks，corresponding solutions of various security problems have been put forward，lack of database encryption algorithm is also put forward，and data integrity check is appended． At the end of this thesis，a Web application security system based on J2EE is designed on the foundation of the research of Web attacks，which has met several security features demand such as