web应用系统漏洞检测技术研究与实现计算机技术专业论文.docxVIP

广东工业大学硕士学位论文本文提出的方法中主要有以下创新点： 广东工业大学硕士学位论文 本文提出的方法中主要有以下创新点： (1)对网络爬虫进行改进，主要在三方面：①合适的爬虫搜索策略；②正确的URL 合法性要求；③高效率的去除重复URL。 (2)提出了一种攻击向量的拆分与随机组合以及变形规则的方法来生成攻击向量。 主要思想是将攻击向量按不同功能类型拆分到不同的模板库，再通过模板库之间随机 组合与加入变形规则来生成大量的，多变化的攻击向量。 (3)提出了一种基于页面代码行为的Web应用的漏洞检测方法，实验证明有较低 的误报率和较小的时间开销。 (4)提出了一种基于页面JavaScript代码中XMLHttpRequest对象分析算法，实现 了针对Ajax Web应用程序更全面的检测。 (5)运用C{6}编程技术，设计并实现了用于检测XSS跨站脚本漏洞和SQL注入漏 洞的系统原型SXFINDER。 关键词：XSS漏洞；SQL注入漏洞；网络爬虫；漏洞检测；规则 Ⅱ 万方数据 ABSTRACTABSTRACT ABSTRACT ABSTRACT With the development of Web technology,the site bring better experience to people．Especially Web 2．0，goodbye to a heavy request—return mode，using the lighter partial refresh mode，which improves the users’experience．Wherein，Ajax technology dominated in Web 2．0．However,Ajax technology will be part of the logical processing from server to the client,it exposes more interfaces，increasing the number of security threats to Web applications，where the highest severity is SQL injection attacks and Cross-Site Scripting attacks．OWASP announced the top ten most serious Web application security vulnerabilities chart,in this chart,we can see that SQLⅫection and Cross-Site Scripting attack have been in the top three．These vulnerabilities can be attacked without the knowledge of users．For now, preventive measures are passive behavior,such as the firewall and SO on．This is SO overlooked application-level serurity issues obviously,which absence of high—level and effective precautionary approach．Therefore，based on the CaUSe and detection of Cross-Site Scripting attack and SQL Inj ection，design and implement of automatic detection system of Web application。S security vulnerabilities as a supplementary tool for detecting of application·level issues early and be avoided The main work of this article iS as follows (1)Analyzes the workflow of Web application and a variety of security vulnerabilities．Reviewed the classification principles of Cross—Site Scripting attack and SQL Injection attack，and give the research status