| Web应用漏洞扫描系统 |
| |
| 引用本文: | 王扬品,程绍银,蒋凡. Web应用漏洞扫描系统[J]. 计算机系统应用, 2015, 24(12): 58-63 |
| |
| 作者姓名: | 王扬品 程绍银 蒋凡 |
| |
| 作者单位: | 中国科学技术大学计算机科学与技术学院, 合肥 230027,中国科学技术大学计算机科学与技术学院, 合肥 230027,中国科学技术大学计算机科学与技术学院, 合肥 230027 |
| |
| 摘 要: | 首先介绍了Web应用漏洞安全的严峻形式和对漏洞扫描系统的急切需求,接着分析了扫描系统的实现原理,研究和总结了SQL注入漏洞、XSS漏洞、上传文件漏洞等常见漏洞的检测技术.在此基础上,设计了Web应用漏洞扫描系统的各个模块,最后的通过实验结果表明该系统设计的可行性.
|
| 关 键 词: | Web应用 漏洞扫描 SQL注入 XSS |
| 收稿时间: | 2015-03-25 |
| 修稿时间: | 2015-05-28 |
Web Application Vulnerabilities Scan System |
| |
| WANG Yang-Pin,CHENG Shao-Yin and JIANG Fan. Web Application Vulnerabilities Scan System[J]. Computer Systems& Applications, 2015, 24(12): 58-63 |
| |
| Authors: | WANG Yang-Pin CHENG Shao-Yin JIANG Fan |
| |
| Affiliation: | School of Computer Science and Technology, University of Science and Technology of China, Hefei 230027, China,School of Computer Science and Technology, University of Science and Technology of China, Hefei 230027, China and School of Computer Science and Technology, University of Science and Technology of China, Hefei 230027, China |
| |
| Abstract: | First the paper analyzes severe situations of Web application vulnerabilities security and urgent requirements of Web application vulnerability detection technology. Then it analyzes the working principle of the scanning system, studies and summarizes detection methods of SQL injection, XSS and uploads file vulnerability. Based on those achievements, a system infrastructure of Web application vulnerability scanner is designed. The final experimental testing results prove the feasibility of the system design. |
| |
| Keywords: | Web application vulnerabilities scan SQL injection XSS |
|
| 点击此处可从《计算机系统应用》浏览原始摘要信息 |
|
点击此处可从《计算机系统应用》下载全文 |
|
