摘要
基于当前Web安全的十大威胁和攻击态势分析,设计了《Web安全技术》课程的实验项目.考虑到实验过程中可能存在的攻击性和破坏性,需要自主搭建Web漏洞平台,在对常用的Web漏洞平台进行对比、分析的基础上,最终确定了开源的Pikachu等平台作为课程的实验教学平台,并以宽字节注入和Web渗透测试为例,阐述了实验教学的开展过程.
Based on the OWASP TOP 10 and the attack analysis of current Web security,some experimental projects of Web security technology are designed.Considering the possible attack and destruction,the Web vulnerability platform needs to be established independently in this course.Based on the comparison and analysis of common Web vulnerability platforms,Pikachu and other platforms are applied as the experiment teaching platform in this course.Taking the wide byte injection and Web penetration testing as examples,this paper introduces the development process of experiment teaching.
作者
忽海娜
刘宇建
丁豹
平源
HU Haina;LIU Yujian;DING Bao;PING Yuan(School of Information Engineering,Xuchang University,Xuchang 461000,China)
出处
《许昌学院学报》
CAS
2022年第2期128-133,共6页
Journal of Xuchang University
基金
全国高等院校计算机基础教育研究会计算机基础教育教学研究项目(2021-AFCEC-486)
许昌学院信息安全课程教学团队(XCU2021-KCSZ-006)
大数据安全与隐私保护创新团队(2022CXTD003)。
