摘要
首先介绍了Web应用漏洞安全的严峻形式和对漏洞扫描系统的急切需求,接着分析了扫描系统的实现原理,研究和总结了SQL注入漏洞、XSS漏洞、上传文件漏洞等常见漏洞的检测技术.在此基础上,设计了Web应用漏洞扫描系统的各个模块,最后的通过实验结果表明该系统设计的可行性.
First the paper analyzes severe situations of Web application vulnerabilities security and urgent requirements of Web application vulnerability detection technology. Then it analyzes the working principle of the scanning system, studies and summarizes detection methods of SQL injection, XSS and uploads file vulnerability. Based on those achievements, a system infrastructure of Web application vulnerability scanner is designed. The final experimental testing results prove the feasibility of the system design.
出处
《计算机系统应用》
2015年第12期58-63,共6页
Computer Systems & Applications