【摘要】：伴隨著中國互聯(lián)網(wǎng)絡(luò)信息建設(shè)的不斷積累,網(wǎng)頁技術(shù)的愈發(fā)完善,網(wǎng)頁交互平臺已經(jīng)在電子政務(wù)、電子商務(wù)等領(lǐng)域得到廣泛的應(yīng)用,以統(tǒng)合終端工作環(huán)境、服務(wù)社會公共業(yè)務(wù)以及商用程序托管為代表的網(wǎng)頁技術(shù),在很大程度上已經(jīng)改變?nèi)藗儨贤ń涣鞯姆绞胶头椒�。但這些技術(shù)在商業(yè)活動中帶來便利的同時(shí),也帶來了前所未見的安全風(fēng)險(xiǎn)。在過去,互聯(lián)網(wǎng)上的網(wǎng)頁都是靜態(tài)頁面。管理員管理網(wǎng)站上的內(nèi)容時(shí),能夠輕松區(qū)分“可信”站點(diǎn)和“不可信”站點(diǎn)。但是到了當(dāng)下,隨著網(wǎng)頁內(nèi)容逐漸豐富,且趨于動態(tài)化,使得最終訪問者可以不間斷的更新現(xiàn)有內(nèi)容并且分享應(yīng)用程序,然后通過各種渠道進(jìn)行發(fā)布。就算采用嚴(yán)格的策略制定,一些不良信息或者惡意軟件也會隨時(shí)彈出,即使在可信站點(diǎn)也同樣存在。使發(fā)布者的重要信息和內(nèi)部網(wǎng)絡(luò)暴露在極為危險(xiǎn)的環(huán)境之下。根據(jù)一項(xiàng)國外的調(diào)查,75%的信息安全攻擊都是發(fā)生在應(yīng)用層而非網(wǎng)絡(luò)層。與此同時(shí),超過2/3的網(wǎng)頁站點(diǎn)的安全防護(hù)都相當(dāng)脆弱,非常容易受到惡意攻擊。有一個說法是指,大多數(shù)企業(yè)花費(fèi)了大量的資金投資在自身的網(wǎng)絡(luò)和服務(wù)器的安全上,但是卻沒有從真正意義上保護(hù)網(wǎng)頁業(yè)務(wù)本身的安全,從而才給了黑客可乘之機(jī)。根據(jù)權(quán)威的世界網(wǎng)頁安全研究組織提供的報(bào)告,有兩種對網(wǎng)頁業(yè)務(wù)系統(tǒng)威脅最嚴(yán)重的攻擊方式分別是注入漏洞和跨站腳本漏洞。從以往發(fā)生的安全事件統(tǒng)計(jì),針對網(wǎng)頁的惡意攻擊導(dǎo)致的后果極為嚴(yán)重,通過上述手段可以將一個合法的、正常的網(wǎng)站攻陷,惡意攻擊者利用獲取到的相應(yīng)權(quán)限在網(wǎng)頁中肆無忌憚地嵌入惡意代碼,或者將惡意程序下載到存在終端漏洞的計(jì)算機(jī)上,從而實(shí)現(xiàn)攻擊的目的。
[Abstract]:With the continuous accumulation of Internet information in China and the improvement of web technology, the web interactive platform has been widely used in E-government, e-commerce and other fields to integrate the terminal working environment. The web technology represented by the service of social public business and commercial program hosting has to a great extent changed the way and method of communication and communication. But while these technologies are convenient for business, they also pose unprecedented security risks. In the past, web pages on the Internet were static pages. Administrators can easily distinguish trusted and untrusted sites when managing content on a Web site. But now, as the content of the page becomes richer and more dynamic, the final visitor can continuously update the existing content and share the application, and then publish it through various channels. Even with strict strategy, bad information or malware pops up at any time, even on trusted sites. Expose the publisher's vital information and internal network to an extremely dangerous environment. According to a foreign survey, 75% of information security attacks occur in the application layer rather than the network layer. At the same time, more than two-thirds of web sites are vulnerable to malicious attacks. One argument is that most companies spend a lot of money on the security of their networks and servers, but they don't really protect the web business itself, giving hackers a chance. According to a report provided by the authoritative World Organization for Web Security Research, there are two most serious threats to web business systems, namely, injection vulnerabilities and cross-site scripting vulnerabilities. From the statistics of past security incidents, the consequences of malicious attacks on web pages are extremely serious. Through the above-mentioned means, a legitimate and normal website can be captured. Malicious attackers take advantage of the corresponding privileges to embed malicious code in web pages or download malicious programs to computers with terminal vulnerabilities to achieve the purpose of the attack.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.092

【參考文獻(xiàn)】

相關(guān)期刊論文 前2條

1 侯明明;;淺析“木馬”病毒及其防治措施[J];廣西輕工業(yè);2009年03期

2 王繼成,高珍;軟件需求分析的研究[J];計(jì)算機(jī)工程與設(shè)計(jì);2002年08期

，

本文編號：2263614