| SQLI和XSS漏洞检测与防御技术研究 |
| |
| 引用本文: | 颜浩,蒋巍,蒋天发.SQLI和XSS漏洞检测与防御技术研究[J].信息网络安全,2011(12):51-53. |
| |
| 作者姓名: | 颜浩 蒋巍 蒋天发 |
| |
| 作者单位: | 1. 中南民族大学计算机科学学院,湖北武汉,430073
2. 中国软件评测中心,北京,100048 |
| |
| 基金项目: | 国家自然科学基金[40571128];国家民委重点科研项目[Mzy02004];湖北省教育厅科研项目[B20110804] |
| |
| 摘 要: | 文章针对Web安全漏洞中的SQLI和XSS漏洞,介绍了针对这两种漏洞的防御技术,并提出了一种新型的入侵检测系统.该系统采用Curl类库和Web请求,通过API接口分析和检测来自Web应用程序的交互,利用IDS服务器检测应用程序检测攻击行为,存储入侵记录.该技术最大的优势是跨平台性,可应用于多种Web应用程序.
|
| 关 键 词: | SQL注入攻击 跨站脚本攻击 PHPIDS 入侵记录 |
SQLI and XSS Security Vulnerabilities Research |
| |
| YAN Hao
,
JIANG Wei
,
JIANG Tian-fa.SQLI and XSS Security Vulnerabilities Research[J].Netinfo Security,2011(12):51-53. |
| |
| Authors: | YAN Hao JIANG Wei JIANG Tian-fa |
| |
| Affiliation: | 1 ( 1. College of Computer Science, South-Central University for Nationalities, Wuhan Hubei 430073, China; 2. China Software Testing Center, Beijing 100048, China ) |
| |
| Abstract: | This paper introduces some techniques to detect and prevent against the SQLI and XSS vulnerabilities, which have been ranked at the top in Web application attack mechanisms. Also we develop a new intrusion detection system which analyses and detects the input interactions from the web applications via an API using Curl library and Web request, identifies whether the intrusion occurred or not and prevents it from attacking the web application, and then stores the attack in the intrusion log. The biggest advantage of this technique is that is can be used in a cross platform and several of Web applications. |
| |
| Keywords: | SQLIA XSS PHPIDS intrusion log |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
