| 网站漏洞扫描软件 |
| |
| 引用本文: | 冀振燕,李春元,莫建杨.网站漏洞扫描软件[J].计算机系统应用,2014,23(4):159-163. |
| |
| 作者姓名: | 冀振燕 李春元 莫建杨 |
| |
| 作者单位: | 北京交通大学 软件学院, 北京 100044;北京交通大学 软件学院, 北京 100044;北京交通大学 软件学院, 北京 100044 |
| |
| 基金项目: | 北京交通大学中央高校基本科研业务费项目(KRJB12002536) |
| |
| 摘 要: | 论文首先分析了网站安全面临的严峻形势,指出设计网站漏洞扫描工具的必要性. 论文对系统所采用的网络爬虫技术、网站结构树的构建方法、以及SQL注入、XXS攻击、整数溢出、URL重定向、格式化字符串等常见漏洞类型的检测方法进行了分析与研究,为系统的成功实现提供了保证. 论文还描述了系统的架构和子模块的设计. 最后的测试结果表明该系统能够快速全面的检测常见类型漏洞,目前软件已交付使用.
|
| 关 键 词: | 网站漏洞扫描 Web应用安全 攻击检测 |
| 收稿时间: | 9/4/2013 12:00:00 AM |
| 修稿时间: | 2013/9/23 0:00:00 |
Web Vulnerability Scanning Software |
| |
| JI Zhen-Yan,LI Chun-Yuan and MO Jian-Yang.Web Vulnerability Scanning Software[J].Computer Systems& Applications,2014,23(4):159-163. |
| |
| Authors: | JI Zhen-Yan LI Chun-Yuan and MO Jian-Yang |
| |
| Affiliation: | School of Software Engineering, Beijing Jiaotong University, Beijing 100044, China;School of Software Engineering, Beijing Jiaotong University, Beijing 100044, China;School of Software Engineering, Beijing Jiaotong University, Beijing 100044, China |
| |
| Abstract: | The paper introduces the current severe situation of the Web security, and brings up the necessity to design Web vulnerability scanning software. Then it analyzes Web crawler, construction of website structure tree, and detection methods of SQL injection, XSS, integer overflow and URL redirection, which provides a guarantee for developing the system successfully. The paper also describes the software architecture and the design of modules. The final testing results prove that the software is able to detect the common types of vulnerabilities rapidly and comprehensively. The software has been published. |
| |
| Keywords: | web vulnerability scanning web security attack detection |
| 本文献已被 CNKI 等数据库收录! |
| 点击此处可从《计算机系统应用》浏览原始摘要信息 |
|
点击此处可从《计算机系统应用》下载全文 |
|
