本文關(guān)鍵詞： Web脆弱性 Web脆弱性分類 Web脆弱性檢測(cè) Web脆弱性檢測(cè)模型　出處：《北京郵電大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著時(shí)代的進(jìn)步和科技發(fā)展,互聯(lián)網(wǎng)正影響著社會(huì)的發(fā)展,改變著人們生活。與此同時(shí),互聯(lián)網(wǎng)中各類安全問題也日益凸顯,越來越受到人們的關(guān)注。Web系統(tǒng)作為互聯(lián)網(wǎng)中最常見的應(yīng)用系統(tǒng),其安全性保障至關(guān)重要。但與之對(duì)應(yīng)的卻是Web系統(tǒng)的開發(fā)人員經(jīng)驗(yàn)不足、安全意識(shí)較差,加之傳統(tǒng)檢測(cè)手段執(zhí)行時(shí)間長,易出錯(cuò)以及不能很好適用于Web系統(tǒng)等缺點(diǎn),使得安全問題成為Web系統(tǒng)的最大隱患。于是研究有效的Web系統(tǒng)脆弱性檢測(cè)就成為了提高測(cè)試效率,縮短測(cè)試時(shí)間,節(jié)約測(cè)試成本,保障Web系統(tǒng)安全問題的有效手段。 本文首先調(diào)研了Web脆弱性檢測(cè)相關(guān)的國內(nèi)外研究現(xiàn)狀,說明了課題的研究背景、意義,明確了Web脆弱性檢測(cè)課題的研究任務(wù)。隨后,對(duì)Web脆弱性、Web脆弱性分類以及常用的Web脆弱性檢測(cè)技術(shù)進(jìn)行了詳細(xì)的介紹和說明,分析了其適用特點(diǎn)以及目前存在的不足。然后,研究了Web脆弱性分類方法以及Web脆弱性檢測(cè)模型,提出了一種基于攻擊生命周期的Web脆弱性分類方法和一種基于攻擊操作模型改進(jìn)的Web脆弱性檢測(cè)模型。接著,在Web脆弱性分類和Web脆弱性檢測(cè)模型的研究基礎(chǔ)上,設(shè)計(jì)基于B/S架構(gòu)的Web脆弱性檢測(cè)系統(tǒng),并詳細(xì)說明了系統(tǒng)框架、業(yè)務(wù)流程以及核心模塊。 根據(jù)以上提出的設(shè)計(jì)方案,本文最終實(shí)現(xiàn)了Web脆弱性檢測(cè)系統(tǒng),并搭建測(cè)試環(huán)境,對(duì)系統(tǒng)的核心模塊以及整個(gè)系統(tǒng)的功能進(jìn)行了測(cè)試。通過測(cè)試實(shí)驗(yàn),系統(tǒng)完成了設(shè)計(jì)的功能,驗(yàn)證了設(shè)計(jì)的有效性和實(shí)用性。最后,在本文結(jié)束時(shí),總結(jié)了本文所做的工作,并指出了未來Web脆弱性檢測(cè)研究的重點(diǎn)與方向。
[Abstract]:With the progress of the times and the development of science and technology, the Internet is affecting the development of society and changing people's lives. At the same time, all kinds of security problems in the Internet are becoming increasingly prominent. As the most common application system in the Internet, the security guarantee of the web system is becoming more and more important, but the developers of the Web system are inexperienced and have poor security consciousness. With the disadvantages of long execution time, error-prone and unsuitable for Web system, the security problem becomes the biggest hidden trouble of Web system, so the research of effective Web system vulnerability detection becomes to improve the test efficiency. Shortens the test time, saves the test cost, guarantees the Web system security question the effective method. This paper first investigates the current situation of Web vulnerability detection at home and abroad, explains the background and significance of the research, and clarifies the research task of Web vulnerability detection. In this paper, the classification of Web vulnerability and the commonly used Web vulnerability detection techniques are introduced and explained in detail. The applicable characteristics and shortcomings of Web vulnerability detection are analyzed. In this paper, the Web vulnerability classification method and the Web vulnerability detection model are studied, and a Web vulnerability classification method based on attack life cycle and an improved Web vulnerability detection model based on attack operation model are proposed. Based on the research of Web vulnerability classification and Web vulnerability detection model, a Web vulnerability detection system based on B / S architecture is designed, and the system framework, business process and core modules are described in detail. According to the above design scheme, the Web vulnerability detection system is finally implemented in this paper, and the testing environment is built. The core modules and the functions of the whole system are tested. The system has completed the function of the design and verified the validity and practicability of the design. Finally, at the end of this paper, the work done in this paper is summarized, and the emphasis and direction of the future research on Web vulnerability detection are pointed out.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 張靜媛;黃丹丹;楊曉彥;王若欣;張玉清;;NESSUS基本原理及其關(guān)鍵技術(shù)分析[J];電子科技;2006年11期

2 楊波,朱秋萍;Web安全技術(shù)綜述[J];計(jì)算機(jī)應(yīng)用研究;2002年10期

3 于莉莉;杜蒙杉;張平;紀(jì)玲利;;Web安全性測(cè)試技術(shù)綜述[J];計(jì)算機(jī)應(yīng)用研究;2012年11期

，

本文編號(hào)：1536401