【摘要】：隨著互聯(lián)網(wǎng)新技術(shù)、新應(yīng)用的快速發(fā)展,Web已經(jīng)成為全球通信的主要媒介,并逐漸影響人們的生產(chǎn)和生活方式。企業(yè)信息化過程中的多種應(yīng)用程序都架設(shè)在Web平臺(tái)之上,社交網(wǎng)站、微博等一系列新型互聯(lián)網(wǎng)產(chǎn)品的誕生也使得基于Web的互聯(lián)網(wǎng)應(yīng)用涉及的領(lǐng)域越來越廣泛。在網(wǎng)絡(luò)給人們帶來巨大的便利和實(shí)惠的同時(shí),Web安全問題也日益突出,這些安全問題不僅僅關(guān)系到人們的日常生活甚至?xí)苯佑绊懙絿野踩蜕鐣?huì)穩(wěn)定。 本文從目前Web中存在的各種安全漏洞和頻繁出現(xiàn)的各種安全事件等問題出發(fā),對(duì)Web安全漏洞掃描技術(shù)進(jìn)行了深入的研究,并且分析了當(dāng)前主流的基于主機(jī)的漏洞掃描技術(shù)和基于網(wǎng)絡(luò)的漏洞掃描技術(shù)。詳細(xì)剖析了SQL注入漏洞、CGI漏洞等Web安全漏洞產(chǎn)生的原因和檢測方法。 論文在近些年搜索引擎高速發(fā)展的背景之下,提出使用搜索引擎來進(jìn)行漏洞掃描,通過在搜索引擎提供的巨大的資源庫中查找指定漏洞的特征信息來判斷安全漏洞是否存在。從入侵者的角度來看,這種方法因?yàn)椴恍枰湍繕?biāo)系統(tǒng)進(jìn)行直接交互而使得掃描過程具有更好的隱蔽性。 在上述思想的指導(dǎo)下,本文深入分析并研究了基于谷歌搜索引擎的搜索掃描技術(shù)及相關(guān)安全服務(wù),并對(duì)谷歌黑客技術(shù)進(jìn)行了詳細(xì)的探討、分析和總結(jié)。在此基礎(chǔ)上論文對(duì)谷歌黑客數(shù)據(jù)庫(GHDB)進(jìn)行了深入的剖析和二次開發(fā),采用谷歌黑客技術(shù)、使用谷歌提供的編程接口設(shè)計(jì)并實(shí)現(xiàn)了一個(gè)基于GHDB的Web安全掃描工具的原型,并通過實(shí)驗(yàn)證實(shí)了工具的有效性。
[Abstract]:With the rapid development of new Internet technology and new applications, Web has become the main medium of global communication, and gradually affects people's production and lifestyle. In the process of enterprise informatization, a variety of applications are set up on the Web platform. The birth of a series of new Internet products, such as social networking sites, Weibo and so on, also makes the Internet applications based on Web more and more widely. While the network brings great convenience and benefits to people, the security problems of Web are becoming more and more prominent. These security problems are not only related to people's daily life, but also directly affect national security and social stability. Based on the problems of various security vulnerabilities and frequent security events in Web, this paper makes a deep study on the scanning technology of Web security vulnerabilities. And the current mainstream host-based vulnerability scanning technology and network-based vulnerability scanning technology are analyzed. The causes and detection methods of SQL injection vulnerability, CGI vulnerability and other Web security vulnerabilities are analyzed in detail. Under the background of the rapid development of search engine in recent years, this paper proposes to use search engine to scan vulnerabilities, and to judge whether security vulnerabilities exist by looking up the characteristic information of specified vulnerabilities in the huge resource base provided by search engines. From the point of view of intruders, this method makes the scanning process more hidden because it does not need to interact directly with the target system. Under the guidance of the above ideas, this paper deeply analyzes and studies the search scanning technology and related security services based on Google search engine, and makes a detailed discussion, analysis and summary of Google hacker technology. On this basis, this paper makes a deep analysis and secondary development of Google hacker database (GHDB), and designs and implements a prototype of Web security scanning tool based on GHDB by using Google hacker technology and using the programming interface provided by Google. The effectiveness of the tool is verified by experiments.
【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2012
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 梁雪松;;Google Hacking技術(shù)分析及防范對(duì)策研究[J];電腦知識(shí)與技術(shù)(學(xué)術(shù)交流);2007年02期

2 張吉才,張翔,王韜;網(wǎng)絡(luò)CGI漏洞掃描器的研究與實(shí)現(xiàn)[J];計(jì)算機(jī)工程與設(shè)計(jì);2003年12期

3 鄭輝,李冠一;Google Hacking與智能蠕蟲防治[J];信息安全與通信保密;2005年08期

4 齊建臣;，

本文編號(hào)：2496082