摘要
随着互联网的发展及经济利益的驱动,黑客已将攻击重点转到Web应用服务器上,由此危害了服务器安全及客户端安全。针对这一现状,文章首先采用广度优先算法实现网络爬虫来获取目标网站的架构信息;然后用网页动态参数判定、网站架构分析、信息智能识别等技术对网站安全进行辅助检测,用正则表达式过滤非法跨站请求,实现跨站脚本攻击检测;最后,用正则表达式和Python强大的库资源编程实现了应用安全的实时检测和评估功能。实验表明:该系统在一定程度上减少了Web恶意攻击行为所带来的损失,提高了应对网页信息安全突发事件的响应速度。
With the development of the Intemet and the economic benefits derived from it, hackers have been focused on in the Web application servers, which endanger the safety of the server and the client security and is against the status quo. First of all, the Web crawler works by using breadth-first algorithms to get the target site architecture information. Second, use page dynamic parameter determination, website structure analysis, information intelligent identification technology (such as auxiliary detection), and guard the security of the website with regular expressions to filter illegal cross-site requests. Then implement cross-site scripting attack detection. Finally, with regular expressions and powerful Python library resources programming create the real-time detection and assessment of the application security ftmction. Experiments show that the system to a certain extent, reduces the loss on the Web due to malicious attacks and improves the response speed of the Web information security incidents.
出处
《信息网络安全》
2014年第1期61-64,共4页
Netinfo Security
基金
国家科技支撑计划课题[2012BAH08B02]
教育部人文社会科学项目[11YJC870011]
北京市教委科技计划面上项目[KM201211232014]
校教学改革立项项目[2012JGZD07]
关键词
篡改检测
XSS
网络爬虫
正则表达式
tamper detection
XSS
crawler contrast
regular expressions
