一种基于Proxy的Web应用安全漏洞检测方法及实现

A Proxy-based approach to implementation of scanning Web application security vulnerabilities

指出了Web应用中存在的各种安全漏洞,在分析并总结Web应用安全漏洞特点的基础上,设计了一种基于Proxy的Web应用安全漏洞检测方法,该方法可以用来检测一些常见的Web应用安全漏洞,如参数篡改、跨站点脚本漏洞等.给出了利用该方法检测SQL代码插入、跨站点脚本算法的JAVA语言实现.

The security vulnerabilities of Web application are pointed out. By analyzing and summarizing the characteristics of the security vulnerabilities, the Proxy-based approach to scanning Web application security vulnerabilities,which can find many Web application security vulnerabilities,is put forward. Finally, the main idea and implementation of the approach, are described.