| With the rapid development of Internet, the dependence of the Internet for people has become more sophisticated. At the same time, more and more attention has been paid on network security issues. Attacks against web applications have become the new focus of network security attack and defense. In all of the web attacks, SQL injection and XSS (cross site scripting attacks) are both the most serious attack, the invader can steal information of website and users, and control the system, etc., it will make great distress and economic loss for users and Enterprise, under this condition, it become so necessary to give some preventive measures for the two attacks. This article is based on this object, and has an in-depth study for features and prevention of SQL injection and XSS.In this article, it shows technical principles and detailed description of classification of SQL injection attacks and cross-site scripting XSS attacks, On the while, it also referred to the attack measures and the related preventive measures for other types of web attacks.On the basis of the principles and attack measures research of SQL injection and XSS cross site scripting attacks, find a new model of the automatic prevention. The model can maximize the usability of data with the prevention of SQL injection tools, and block the frequent SQL injection, and find an independent feature-based XSS attack strategy analysis model, which make a great good optimization for the features of XSS cross site scripting attacks. |
PDF Full Text Request