摘要
网络安全漏洞通常是难以避免的,不论是采用什么语言开发的Web网站,均存在网络安全漏洞。在众多的Web安全漏洞中CSRF是最容易被忽视但又是危害巨大的漏洞,一旦被非法利用,将产生商业机密和个人信息被泄露、被恶意消费和转账等严重后果。文章针对CSRF网络安全问题,在实验环境下利用常见的原生开源Web网站程序,采用漏洞复现和特定的漏洞利用挖掘方法来验证CSRF漏洞的安全隐患问题点,以提出同源检查、请求地址验证、会话管理等漏洞防范方法。
Network security vulnerabilities are usually unavoidable. No matter what language is used to develop Web sites, there are network security vulnerabilities. Among the numerous web security vulnerabilities, CSRF is the most easily ignored and the most harmful one. Once illegally used, it will lead to serious consequences such as disclosure of trade secrets and personal information, malicious consumption and transfer of funds. By aiming at CSRF network security problem, and using common native open source Web site programs under the experimental environment, and vulnerability recurrence and specific vulnerability utilization and finding methods to verify the potential security nodes of CSRF vulnerabilities, vulnerability prevention methods have been proposed, such as the same origin check, address verification request, and session management.
作者
张晨
ZHANG Chen(Xiamen Institute of Software Technology,Xiamen,Fujian 361024,China)
出处
《成都航空职业技术学院学报》
2022年第4期68-71,92,共5页
Journal of Chengdu Aeronautic Polytechnic
关键词
网络安全
WEB安全
网站漏洞分析
漏洞挖掘
Internet security
Web security
website vulnerability analysis
vulnerability finding
