摘要
针对Web安全二阶漏洞隐藏深、难以检测等特点,设计了Web二阶攻击与防范实验环境,内置了四种常见Web安全二阶漏洞。实验采用任务驱动法教学模式,分阶段循序渐进,教学过程分为Web二阶攻击、漏洞分析和代码修复三个阶段。通过实验,学生能深刻领会Web二阶攻击的存储特性,快速掌握Web安全二阶漏洞检测和防范知识,提高分析和解决Web安全问题的能力。
Aiming at characteristics of second-order vulnerabilities of Web security,such as hidden deeply and difficult to detect,an experiment environment for Web security second-order attack and defense is designed,and it has four common Web second-order vulnerabilities.The experiment adopts the task-driven teaching mode and guides students to do it step by step.The teaching process is divided into three stages:Web second-order attacks,vulnerability analysis and code repairing.Through the experiment,students can understand the storage characteristics of Web second-order attacks deeply,grasp how to detect second-order vulnerabilities of Web security quickly and improve their ability to analyze and solve Web security problems.
作者
刘淼
王斌
LIU Miao;WANG Bin(School of Computer Science and Cyber Engineering,Guangzhou University,Guangzhou 510006,China)
出处
《实验室科学》
2020年第1期44-48,共5页
Laboratory Science
基金
广州市属高校科研项目(项目编号:1201620342)。
关键词
WEB安全
漏洞检测
实验设计
安全编程
Web security
vulnerability detection
experiment design
secure programming