欢迎来到天天文库
浏览记录
ID:37068498
大小:2.23 MB
页数:54页
时间:2019-05-16
《Web二阶安全漏洞检测研究》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、摘要摘要当今网络的迅速发展,使得Web应用在人们生活中扮演着重要角色,然而各种层出不穷的安全漏洞对此发展构成了严重威胁。通常有两种方法应对这种威胁:人工检测漏洞方法和工具化检测漏洞方法。人工检测漏洞的方法随着代码量的几何增长越来越力不从心。工具化检测漏洞的方法是主流检测方式。然而大部分工具都是针对漏洞基本特征进行检测的,很少考虑到漏洞的二阶形式。二阶漏洞比一阶漏洞更隐蔽、破坏性更大。本课题在对Web渗透测试原理和二阶攻击原理深入研究分析后,提出一种不需Web应用源代码检测Web二阶安全漏洞的方法——二次爬取扫描检测法TCD(TwoCrawlingsDetect
2、ion)。该方法通过两次爬取扫描检测Web二阶安全漏洞,第一次爬取全站URL、发送锚点,第二次爬取存放锚点的URL,针对这些可疑URL专项检测二阶Web安全漏洞。这种方法使得检测二阶Web安全漏洞的时间损耗大大减少。TCD检测方法弥补了现有工具化检测Web安全二阶漏洞的不足,为Web安全提供更深层次的保障。关键词:Web安全;二阶攻击;渗透测试;二阶漏洞检测IAbstractAbstractWiththerapiddevelopmentoftoday'snetworks,Webapplicationsplayanimportantroleinpeople'sl
3、ives.However,variousemergingvulnerabilitiesposeseriousthreatstowebdevelopment.Thereareusuallytwowaystocopewiththesethreats:manualdetectionofvulnerabilitiesandautomaticdetectionofvulnerabilities.Themethodofmanualdetectionofvulnerabilitiesbecomesmoreandmoredifficultwiththegeometricgro
4、wthoftheamountofcode.Automaticdetectingbysoftwaretoolsbecomesmainstreamdetectionmethod.However,mostoftoolsaretestedagainstbasiccharacteristicsofvulnerabilities,andthesecond-orderformofvulnerabilitiesareseldomconsidered.Second-ordervulnerabilitiesaremoresubtleandmoredestructivethanfi
5、rst-ordervulnerabilities.AfterdeeplyresearchingandanalyzingprinciplesofWebpenetrationtestingandsecond-orderattackprinciples,thisdissertationproposesamethodtodetectWebsecond-ordersecurityvulnerabilities—TwoCrawlingsDetection(TCD).ThismethoddetectsWebsecond-ordersecurityvulnerabilitie
6、sthroughtwocrawlscans.ItcrawlsthewebsiteURLforthefirsttime,sendsanchorpoints,crawlsURLsofthestorageanchorpointforthesecondtime,anddetectssecond-orderWebsecurityvulnerabilitiesspecificallyforthesesuspiciousURLs.Thisapproachgreatlyreducesthetimelossofdetectingsecond-orderWebsecurityvu
7、lnerabilities.TheTCDdetectionmethodmakesupforthelackofexistingtoolstodetectWebsecuritysecond-ordervulnerabilitiesandprovidesadeeperlevelofsecurityforWebsecurity.Keywords:Websecurity;second-orderattacks;penetrationtesting;second-ordervulnerabilitydetectionII目录目录摘要....................
8、...................
此文档下载收益归作者所有