摘要
互联网在给人们带来便利的同时,也产生了严重的网络安全问题,而如何解决这一问题迫在眉睫。渗透测试是通过模拟恶意黑客攻击的方式,来对系统内的漏洞进行挖掘的评估方式。对渗透测试的过程与分类进行介绍,并重点分析被业内人士称为“沉睡的巨人”的CSRF攻击的基本原理,从不同方面阐述了漏洞产生的原因,总结了一些防御的方法,进行了实验对比。希望在开发过程中,可以重视CSRF攻击带来的严重后果,严加防范。
While the Internet brings convenience to people,there are also serious network security problems,and how to solve this problem is imminent.Penetration testing is an evaluation method to mine vulnerabilities in a system by simulating malicious hacker attacks.This article introduces the process and classification of penetration testing,and focuses on analyzing the basic principles of CSRF attacks,which are called“sleeping giants”by industry insiders.An experimental comparison was carried out.I hope that in the development process,you can pay attention to the serious consequences of CSRF attacks and take strict precautions.
作者
白沫涵
吕国
席宇艺
BAI Mohan;LV Guo;XI Yuyi(Hebei University of Architecture,Zhangjiakou,Hebei 075000)
出处
《河北建筑工程学院学报》
CAS
2023年第4期252-256,共5页
Journal of Hebei Institute of Architecture and Civil Engineering
关键词
网络安全
渗透测试
漏洞挖掘
跨站请求伪造攻击
Network security
Penetration testing
Vulnerability mining
Cross-site request forgery attack