基于Web应用的网络安全漏洞发现与研究

doi:10.11959/j.issn.2096-109x.2016.00065

Chinese Journal of Network and Information Security ›› 2016, Vol. 2 ›› Issue (6): 58-65.doi: 10.11959/j.issn.2096-109x.2016.00065

• academic paper • Previous Articles Next Articles

Discovery and research of network security vulnerabilities based on Web application

Xiao-shuang ZHANG(),Yi-ling XU,Yuan LIU

School of Digital Media,JiangNan University,Wuxi 214122,China

Revised:2016-05-30 Online:2016-06-15 Published:2020-03-26
Supported by:
The Natural Science Foundation of Jiangsu Province(BK20151131);The Fundamental Research Funds for the Central Universities(JUSRP51614A)

Abstract

Abstract:

Web security vulnerabilities can be divided into two categories,including security vulnerabilities Web platform and Web their own application.By analyzing the attack principle and process of Web application network security vulnerabilities,XSS vulnerability including type of the reflective,stored,and DOM,SQL injection vulner-ability and session authentication management vulnerability were studied.The corresponding preventive measures of the three kinds of vulnerabilities were put forward.

Key words: Web application, cross site scripting, SQL injection, session authentication management

CLC Number:

TP309

Xiao-shuang ZHANG,Yi-ling XU,Yuan LIU. Discovery and research of network security vulnerabilities based on Web application[J]. Chinese Journal of Network and Information Security, 2016, 2(6): 58-65.

Figures/Tables 17

References 6

[1]	PARVEZ M , ZAVARSKY P , KHOURY N . Analysis of effective-ness of black-box web application scanners in detection of stored SQL injection and stored XSS vulnerabilities[C]// The 10th Interna-tional Conference for Internet Technology and Secured Transac-tions (ICITST),IEEE.c 2015:186-191.
[2]	SHAR L K , TAN H B K . Auditing the XSS defence features im-plemented in Web application programs[J]. Software,IET, 2012,6 (4):377-390.
[3]	SADEGHIAN A , ZAMANI M ' MANAF A A . A taxonomy of SQL injection detection and prevention techniques[C]// 2013 Interna-tional Conference on Informatics and Creative Multimedia (ICICM),IEEE.c 2013:53-56.
[4]	SATHYANARAYAN S , QI D , LIANG Z , et al. SQLR:gram-mar-guided validation of SQL injection sanitizers[C]// 2014 19th International Conference on Engineering of Complex Computer Systems (ICECCS),IEEE.c 2014:154-157.
[5]	YOON E J , YOO K Y . A new authentication scheme for session initiation protocol[C]// International Conference on Complex,Intel-ligent and Software Intensive Systems,IEEE.c 2009:549-554.
[6]	吴晓恒 . 跨站脚本攻击的防御技术研究[D]. 上海: 上海交通大学, 2011.
	WU X H . Defense technology research of cross site scripting attack[D]. Shanghai: Shanghai Jiaotong Universtiy, 2011.

Metrics

Recommended 0

No Suggested Reading articles found!

Discovery and research of network security vulnerabilities based on Web application

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 17

References 6

Related Articles 3

Metrics

Recommended 0

[1]	Ding LI, Yuefei ZHU, Bin LU, Wei LIN. Survey of side channel attack on encrypted network traffic [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 114-130.
[2]	Xin SUN,Yi-yang YAO,Xin-dai LU,Xue-jiao LIU,Yong-han WU. Research and implementation of fuzzing testing based on HTTP proxy [J]. Chinese Journal of Network and Information Security, 2016, 2(2): 75-86.
[3]	Chen-wang HAN, Hui LIN, Chuan HUANG. Research on the SQL injection filtering based on SQL syntax tree [J]. Chinese Journal of Network and Information Security, 2016, 2(11): 70-77.