共查询到19条相似文献,搜索用时 93 毫秒
1.
2.
3.
随着Web应用在互联网中的迅速发展,出现了大量的Web安全漏洞,其中最为突出的是跨站脚本(XSS)漏洞攻击.为了对Web应用中的XSS漏洞进行有效的检测和防御,通过分析XSS漏洞的特征及原理,总结出产生该漏洞攻击的几大主要原因,结合目前常用漏洞检测方法提出几种XSS漏洞攻击的防御方法,可有效识别和防范XSS漏洞攻击,对Web应用具有较高的实用性. 相似文献
4.
钱伟俊 《信息安全与通信保密》2014,(8):115-117
文中详细阐述了攻击者利用跨站伪造请求(CSRF)的方法来远程对网络设备开展攻击渗透的具体方法与步骤,阐明通过用户浏览器提交相关命令的操作过程,相关漏洞攻击的例子可有利于建立安全研究和安全审计的概念。 相似文献
5.
姜建华 《电子产品维修与制作》2009,(7):99-99
您的网站安全吗?您的网站容易遭受跨站脚本攻击吗?
跨站脚本攻击是代码注入的一种特例。在这种攻击中,恶意用户将HTML或其他的客户端脚本嵌入到您的Web站点中,让该攻击看似来自您的网站,用户将对此深信不疑,因此让攻击者可以绕过客户端的许多安全措施,从用户那里获取敏感信息,或传输恶意程序。 相似文献
6.
7.
8.
9.
10.
网络钓鱼攻击诱导用户访问虚假网站窃取用户姓名、账号、密码等敏感信息进而侵犯用户经济利益和隐私信息,影响极为恶劣。文章探讨了网络钓鱼攻击的方法、方式、检测技术、危害和预防措施,旨在为预防网络钓鱼攻击提供参考。 相似文献
11.
针对Web网站突出的安全问题,详细分析了当前对Web网站安全威胁最严重的3种网络攻击:SQL注入、跨站和跨站请求伪造的实现原理和常用攻击方法,并结合研究和实践提出了具体的防范算法:采用过滤用户提交Web请求中的非法字符串代码实现了SQL注入及跨站的防范算法,具体代码使用了JSP中的Servlet过滤器实现;采用伪随机数对用户端身份进行持续认证的方式实现了跨站请求伪造算法, 相似文献
12.
由于网站服务的应用广泛性,跨站攻击已经上升为互联网中数量最多的攻击手段,对跨站代码的过滤已经成为各个网站的重中之重。网站要对跨站进行过滤就要充分了解跨站产生的机理,并且要理解数据代码在Web应用程序中的解析过程。这两点只是基本的要素,要想尽可能完全地过滤跨站代码,就要进一步针对各种语言解析模块之间的关系,研究和分析在各种模块互相嵌套下跨站的复杂性才行,这样根据各种情况才能得到降低跨站威胁的有效措施。 相似文献
13.
OAuth2.0 protocol has been widely adopted to simplify user login to third-party applications,at the same time,existing risk of leaking user privacy data,what even worse,causing user accounts to be hijacked.An account hijacking attack model around authorization code was built by analyzing the vulnerabilities of the OAuth2.0 protocol.A vulnerable API identification method based on differential traffic analysis and an account hijacking verification method based on authorized authentication traffic monitoring was proposed.An account hijacking attack threat detection framework OScan for OAuth2.0 authorization API was designed and implemented.Through a large-scale detection of the 3 853 authorization APIs deployed on the Alexa top 10 000 websites,360 vulnerable APIs were discovered.The further verification showed that 80 websites were found to have threat of account hijacking attack.Compared with similar tools,OScan has significant advantages in covering the number of identity provider,the number of detected relying party,as well as the integrity of risk detection. 相似文献
14.
15.
针对当前交互式活体检测过程繁琐、用户体验性差的问题,提出了一种优化LeNet-5和近红外图像的静默活体检测方法。首先,采用近红外光摄像头构建了一个非活体数据集;其次,通过增大卷积核、增加卷积核数目、引入全局平均池化等方法对LeNet-5进行了优化,构建了一个深层卷积神经网络;最后,将近红外人脸图片输入到模型中实现活体静默活体检测。实验结果表明,所设计的模型在活体检测数据集上有较高的识别率,为99.95%,整个静默活体检测系统的运行速度约为18~22帧/s,在实际应用中鲁棒性较高。 相似文献
16.
The text-oriented automated crowdturfing attack has a series of features such as low attack cost and strong concealment.This kind of attack can automatically generate a large number of fake reviews,with harmful effect on the healthy development of the user review community.In recent years,researchers have found that text-oriented crowdturfing attacks for the English review community,but there was few research work on automated crowdsourcing attacks in the Chinese review community.A Chinese character embedding LSTM model was proposed to automatically generate Chinese reviews with the aim of antomated crowdturfing attacks,which model trained by a combination with Chinese character embedding network,LSTM network and softmax dense network,and a temperature parameter T was designed to construct the attack model.In the experiment,more than 50 000 real user reviews were crawled from Taobao's online review platform to verify the effectiveness of the attack method.Experimental results show that the generated fake reviews can effectively fool linguistics-based classification detection approach and texts plagiarism detection approach.Besides,the massive manually evaluation experiments also demonstrate that the generated reviews with the proposed attack approach perform well in reality and diversity. 相似文献
17.
DDoS attack extensively existed have been mortal threats for the software-defined networking (SDN) controllers and there is no any security mechanism which can prevent them yet.Combining SDN and network function virtualization (NFV),a novel preventing mechanism against DDoS attacks on SDN controller called upfront detection middlebox (UDM) was proposed.The upfront detection middlebox was deployed between SDN switch interfaces and user hosts distributed,and DDoS attack packets were detected and denied.An NFV-based method of implementing the upfront middlebox was put forward,which made the UDM mechanism be economical and effective.A prototype system based on this mechanism was implemented and lots experiments were tested.The experimental results show that the UDM mechanism based on NFV can real-time and effectively detect and prevent against DDoS attacks on SDN controllers. 相似文献
18.
19.
为了解决人脸识别的安全性问题,提高对恶意攻击人脸识别系统的安全防护,使人脸识别技术能够获得更广泛应用,本文提出了在人脸识别技术上融入一种基于深度神经网络的唇语识别技术的系统。与现有的唇语识别技术不同的是,该系统主要是识别用户的唇动习惯。运用本系统,用户在进行人脸识别的同时可按照检测方的提示,读出相应的内容,并在对用户的人脸进行验证的过程中,对用户通过唇动说出的内容分别实现唇动识别、比对,从而有效地提升人脸识别的安全性水平。实验结果表明,在故意针对人脸识别系统的攻击中,融入本技术的系统有更好的识别准确率。 相似文献