發(fā)布時間：2018-02-26 04:00

  本文關(guān)鍵詞： Web脆弱性 Web脆弱性分類 Web脆弱性檢測 Web脆弱性檢測模型　出處：《北京郵電大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著時代的進(jìn)步和科技發(fā)展,互聯(lián)網(wǎng)正影響著社會的發(fā)展,改變著人們生活。與此同時,互聯(lián)網(wǎng)中各類安全問題也日益凸顯,越來越受到人們的關(guān)注。Web系統(tǒng)作為互聯(lián)網(wǎng)中最常見的應(yīng)用系統(tǒng),其安全性保障至關(guān)重要。但與之對應(yīng)的卻是Web系統(tǒng)的開發(fā)人員經(jīng)驗不足、安全意識較差,加之傳統(tǒng)檢測手段執(zhí)行時間長,易出錯以及不能很好適用于Web系統(tǒng)等缺點,使得安全問題成為Web系統(tǒng)的最大隱患。于是研究有效的Web系統(tǒng)脆弱性檢測就成為了提高測試效率,縮短測試時間,節(jié)約測試成本,保障Web系統(tǒng)安全問題的有效手段。 本文首先調(diào)研了Web脆弱性檢測相關(guān)的國內(nèi)外研究現(xiàn)狀,說明了課題的研究背景、意義,明確了Web脆弱性檢測課題的研究任務(wù)。隨后,對Web脆弱性、Web脆弱性分類以及常用的Web脆弱性檢測技術(shù)進(jìn)行了詳細(xì)的介紹和說明,分析了其適用特點以及目前存在的不足。然后,研究了Web脆弱性分類方法以及Web脆弱性檢測模型,提出了一種基于攻擊生命周期的Web脆弱性分類方法和一種基于攻擊操作模型改進(jìn)的Web脆弱性檢測模型。接著,在Web脆弱性分類和Web脆弱性檢測模型的研究基礎(chǔ)上,設(shè)計基于B/S架構(gòu)的Web脆弱性檢測系統(tǒng),并詳細(xì)說明了系統(tǒng)框架、業(yè)務(wù)流程以及核心模塊。 根據(jù)以上提出的設(shè)計方案,本文最終實現(xiàn)了Web脆弱性檢測系統(tǒng),并搭建測試環(huán)境,對系統(tǒng)的核心模塊以及整個系統(tǒng)的功能進(jìn)行了測試。通過測試實驗,系統(tǒng)完成了設(shè)計的功能,驗證了設(shè)計的有效性和實用性。最后,在本文結(jié)束時,總結(jié)了本文所做的工作,并指出了未來Web脆弱性檢測研究的重點與方向。
[Abstract]:With the progress of the times and the development of science and technology, the Internet is affecting the development of society and changing people's lives. At the same time, all kinds of security problems in the Internet are becoming increasingly prominent. As the most common application system in the Internet, the security guarantee of the web system is becoming more and more important, but the developers of the Web system are inexperienced and have poor security consciousness. With the disadvantages of long execution time, error-prone and unsuitable for Web system, the security problem becomes the biggest hidden trouble of Web system, so the research of effective Web system vulnerability detection becomes to improve the test efficiency. Shortens the test time, saves the test cost, guarantees the Web system security question the effective method. This paper first investigates the current situation of Web vulnerability detection at home and abroad, explains the background and significance of the research, and clarifies the research task of Web vulnerability detection. In this paper, the classification of Web vulnerability and the commonly used Web vulnerability detection techniques are introduced and explained in detail. The applicable characteristics and shortcomings of Web vulnerability detection are analyzed. In this paper, the Web vulnerability classification method and the Web vulnerability detection model are studied, and a Web vulnerability classification method based on attack life cycle and an improved Web vulnerability detection model based on attack operation model are proposed. Based on the research of Web vulnerability classification and Web vulnerability detection model, a Web vulnerability detection system based on B / S architecture is designed, and the system framework, business process and core modules are described in detail. According to the above design scheme, the Web vulnerability detection system is finally implemented in this paper, and the testing environment is built. The core modules and the functions of the whole system are tested. The system has completed the function of the design and verified the validity and practicability of the design. Finally, at the end of this paper, the work done in this paper is summarized, and the emphasis and direction of the future research on Web vulnerability detection are pointed out.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 張靜媛;黃丹丹;楊曉彥;王若欣;張玉清;;NESSUS基本原理及其關(guān)鍵技術(shù)分析[J];電子科技;2006年11期

2 楊波,朱秋萍;Web安全技術(shù)綜述[J];計算機應(yīng)用研究;2002年10期

3 于莉莉;杜蒙杉;張平;紀(jì)玲利;;Web安全性測試技術(shù)綜述[J];計算機應(yīng)用研究;2012年11期

，

本文編號：1536401