基于NET网站的自动化安全测试工具研究与实现-计算机应用技术专业论文.docxVIP

ABSTRACTWith ABSTRACT With the rapid development of the Internet and the correlative technologies，the security of websites has become a more and more serious issue．As far as Website security test is concerned。to test and remedy the potential security bug of the website before its issue iS undoubtedly the most favorable way of security precaution．西US the security test tool has become a research field gaining more and more attention from researchers．The security test tool in common use at present adopts only the black box test and has the weak points of bug analysis inaccuracy and failure in bug repair etc． This Paper makes an analysis of the deficiency of the security test tool in common use at present，aiming directly at its weak points．Based on the relative theories and key technologies，then this paper does a profound research in technologies of bug positioning and bug repair and puts forward a white and black box combinative test module which puts together the peculiarities of black box’S time saving and white box’S comprehensive analysis．Rel姐ng on this module，this paper realizes STTC(The abbreviation of Security Test Tool in C≠})particularly applied to．NET websites．STTC mainly includes two sub．modules．namely the black box test module and the white box test module．The black box test module tests the web pages ofwebsites and records the program and type of the bug while the white box module abstracts and analyzes the program of the bug，positions and repairs the bug tentatively．An attack database is built in the black ffox test sub．module to imitate the artificial attack．Attack pattern matching database for each type of the bugs is built in the white box sub-module to prevent attack efficiently,to position the bug accurately through program tracking and to repair the bug automatically through program instrumentation．Finally a specific test report will be sent back to the USer in W研d file and a comprehensive and securc solving plan will also be provided． This paper m