摘要
Web漏洞是程序员在开发应用程序时,没有考虑到的安全缺陷或不足。随着网络大众化和Web技术的飞速发展,在线购物、网上银行、网络办公等形式应用遍布我们的生活,同时Web安全风险达到前所未有的高度。其中,跨站脚本漏洞数量最为庞大、形态各异且威胁性极强,位列漏洞排行榜第三位。跨站脚本漏洞一旦被攻击,可泄露用户隐私,回话被监听等各种严重后果。本文通过对当前主要漏洞的分析和规整,依据攻击原理,提出相应的防御措施和建议。
Web vulnerability is a security defect or deficiency that programmers do not consider when developing applications.With the popularization of network and the rapid development of Web technology,online shopping,online banking,online office and other forms of application are all over our life.At the same time,the Web security risk has reached an unprecedented height.Among them,the number of cross site script vulnerabilities is the biggest,with different forms and strong threats,ranking the third in the vulnerability list.Once the cross site script vulnerability is attacked,it can reveal the user's privacy,the reply is monitored and other serious consequences.Based on the analysis and regulation of the current main vulnerabilities,this paper puts forward the corresponding defense measures and suggestions according to the attack principle.
作者
王晓立
WANG Xiaoli(School of Info Engineering,Shanxi College of Applied Science and Technology Taiyuan 030062)
出处
《办公自动化》
2022年第21期15-17,31,共4页
Office Informatization
关键词
Web漏洞
跨站
脚本
安全
Web vulnerability
cross-site
scripting
security
