摘要
近年来Web安全漏洞频发,传统的SQL注入、XSS注入、上传漏洞,以及与业务相关的逻辑漏洞一旦被攻击者发现和利用,将对Web安全造成威胁,因此渗透测试对Web安全的研究就显得尤为重要.该文通过搭建测试站点,结合相关工具,设计和实现了一些具体的渗透测试方法对该网站的主要漏洞进行渗透测试,分析Web安全漏洞的原理,并给出修复方案.这些渗透测试方法不仅可以作为Web漏洞检测的依据,还可以作为Web安全教学重要的实践方案.
In recent years,Web security vulnerabilities are frequent,such as traditional SQL injections,XSS injections,upload vulnerabilities and business-related logical vulnerabilities.Once these vulnerabilities are discovered and exploited by attackers,they will pose a threat to Web security.Therefore,it is particularly important to study the penetration test for web security.Through building a test site and combining related tools,this paper designs and implements some specific penetration testing methods to test the main vulnerabilities of the site,analyzes the principle of web security vulnerabilities,and gives a repair scheme,analyzes the principle of web security vulnerabilities,and presents a repair plan.These penetration testing methods can not only serve as a basis for web vulnerability detection,but also can be used as an important practice for web security teaching.
作者
孙梅
郭宇燕
韩超
余磊
SUN Mei;GUO Yu-yan;HAN Chao;YU Lei(College of Computer Science and Technology,Huaibei Normal University,Huaibei,Anhui 235000,China)
出处
《通化师范学院学报》
2019年第2期60-67,共8页
Journal of Tonghua Normal University
基金
安徽省高等学校省级质量工程项目(2016ckjh180
2016tszy074
2016jyxm0934)
淮北师范大学重大教研项目(jy2017102)
教育部产学合作协同育人项目(201702139008
201701023100)
关键词
WEB安全
SQL注入
XSS
上传漏洞
逻辑漏洞
Web security
SQL injection
XSS injections
Upload vulnerability
Logic vulnerability
