本文選題：Bloom過濾器 + 網(wǎng)頁爬蟲�。� 參考：《東北大學》2012年碩士論文

【摘要】：隨著網(wǎng)絡應用的發(fā)展,Web應用在社會各個領域都得到了極為廣泛的應用,伴隨而來的針對Web應用的攻擊則不斷攀升。當Web應用程序存在能夠被利用的漏洞時,黑客便可以對其實施攻擊從而實現(xiàn)獲取信息資料、病毒木馬植入、偽裝釣魚網(wǎng)站、惡意插入廣告等非法操作。普通用戶在瀏覽這些Web頁面的過程中很容易導致計算機中毒或遭受財產(chǎn)損失。在Web應用程序開發(fā)過程中,如果開發(fā)人員缺乏良好的安全編程意識和編程習慣,或者在網(wǎng)站的部署過程中,網(wǎng)站管理人員的安全意識薄弱,都容易導致Web應用程序出現(xiàn)安全隱患,給惡意攻擊者留下可乘之機,因此對網(wǎng)站W(wǎng)eb應用的安全檢測是十分必要的。 論文首先闡述了研究背景以及滲透測試系統(tǒng)的目的及深遠意義,分析了Web應用中幾種主要的安全威脅以及針對各種漏洞的檢測手段,并針對以往爬蟲方案存在存儲代價過高問題,提出了基于Bloom過濾器的網(wǎng)頁爬蟲算法,該算法有效地解決了網(wǎng)頁爬蟲爬行過程中對系統(tǒng)內(nèi)存資源消耗過多的缺點。在此基礎之上設計與實現(xiàn)了一個基于爬蟲的滲透測試系統(tǒng),該系統(tǒng)檢測手段可分為自動檢測和手動檢測,能夠?qū)QL注入漏洞、XSS腳本攻擊漏洞、敏感目錄及第三方編輯器漏洞進行檢測,并能夠基于SQL注入漏洞進一步對數(shù)據(jù)庫信息進行獲取,檢測過程中會動態(tài)向測試人員提供檢測信息并在檢測結束后顯示測試結果。該系統(tǒng)通過模擬黑客的攻擊行為對網(wǎng)站W(wǎng)eb應用進行滲透測試,發(fā)現(xiàn)網(wǎng)站運行過程中存在的漏洞,為網(wǎng)站管理人員或滲透測試工作人員提供可靠、有效的安全弱點信息。系統(tǒng)測試結果表明,系統(tǒng)運行良好,可以有效地檢測Web應用中存在的安全漏洞,為用戶提供有效的安全檢測系統(tǒng)和技術保障。
[Abstract]:With the development of network applications, Web applications have been widely used in all fields of society, and the accompanying attacks against Web applications have been increasing. When a Web application has a vulnerability that can be exploited, hackers can attack it to obtain information, plant virus Trojans, camouflage phishing sites, insert malicious advertisements and other illegal operations. In the course of browsing these Web pages, ordinary users are prone to computer poisoning or property loss. During the development of a Web application, if the developer lacks a good sense of security programming and programming habits, or during the deployment of a Web site, the security awareness of the site manager is weak, Can easily lead to a security risk for a Web application, leaving a malicious attacker with a chance to take advantage of it. Therefore, it is very necessary to detect the security of web application. Firstly, the research background, the purpose and the profound significance of the penetration test system are expounded in this paper. This paper analyzes several main security threats and detection methods for various vulnerabilities in Web applications, and proposes a web crawler algorithm based on Bloom filter to solve the problem of high storage cost in previous crawler schemes. This algorithm effectively solves the problem of excessive consumption of memory resources in web crawler crawling process. On this basis, a reptilian based penetration testing system is designed and implemented, which can be divided into automatic detection and manual detection, and can attack the vulnerability of XSS script on SQL injection vulnerability. Sensitive directories and third party editor vulnerabilities can be detected and database information can be obtained based on SQL injection vulnerability. The detection information will be dynamically provided to testers during the detection process and the test results will be displayed after the detection. By simulating the attack behavior of hackers, the system tests the Web application, and finds the loopholes in the process of website operation, and provides reliable and effective security vulnerability information for website managers or penetration testing staff. The system test results show that the system runs well and can effectively detect the security vulnerabilities in Web applications and provide users with effective security detection system and technical support.
【學位授予單位】：東北大學
【學位級別】：碩士
【學位授予年份】：2012
【分類號】：TP393.092

【參考文獻】

相關期刊論文 前5條

1 肖明忠,代亞非,李曉明;拆分型Bloom Filter[J];電子學報;2004年02期

2 沈壽忠;張玉清;;基于爬蟲的XSS漏洞檢測工具設計與實現(xiàn)[J];計算機工程;2009年21期

3 彭賡;范明鈺;;基于改進網(wǎng)絡爬蟲技術的SQL注入漏洞檢測[J];計算機應用研究;2010年07期

4 徐娜;劉四維;汪翔;倪衛(wèi)明;;基于Bloom Filter的網(wǎng)頁去重算法[J];微型電腦應用;2011年03期

5 丁振國;吳寶貴;辛友強;;基于Bloom Filter的大規(guī)模網(wǎng)頁去重策略研究[J];現(xiàn)代圖書情報技術;2008年03期

，

本文編號：2003874