Font Size: a A A

Test Of The WEB Application Security Protection System For Internet Payment Enterprise

Posted on:2012-10-09Degree:MasterType:Thesis
Country:ChinaCandidate:Y F SunFull Text:PDF
GTID:2178330338999198Subject:Software engineering
Abstract/Summary:
In recent years, with the vigorous development of electronic commerce, security is increasingly important. Although traditional firewall, anti-DDoS, traffic control system achieved most of the security features, but with the changes in the way hackers attacks against, more and more Web server page application layer intrusion appeared, for example: SQL injection, cross-site attacks, Cookie tampering and so on. Internet payment companies have Web sites all with different degrees of vulnerability to be attacked in this respect; therefore, on the Web security protection is imperative. With the continuous development of Internet security technology, Web application security technology has aroused extensive attention. Web application security system with a complete analysis of the HTTP protocol features, which can effectively prevent the WEB application security vulnerabilities caused by the attacks, which greatly improves the security of WEB applications, while meeting the user real-time protection of the information, ease of use needs, and therefore welcomed by the Internet payment business users.In this paper , taking as an Shanghai Internet payment business cases in the investigation of the company's existing network and security architecture based on the analysis of the business specific needs of WEB application security, including the WEB content security protection, real-time, compatibility, scalability and other demands, given the terms of WEB application security evaluation program, select a different WEB application security system specific test, and its analysis on research, follow-up choice for enterprise WEB application security protection system products provide a strong technical basis. According to the actual production environment characteristics for the Internet pay enterprise, designed WEB application security protection system and implementation plan. For the existing production environment specific compatibility issues which we found in the verification test, re-designed deployment plan. After passed the verification test, based on the established on-line implementation steps, WEB application security protection system will be successfully deployed to the production environment and do the analysis of the implement effect of before and after the whole program transformation.The main research results and innovation are as follows:1, Analysis of the WEB application security technology, describes the advantages and the different points for the new WEB application security firewall, security and defense products, technology and traditional techniques, reached a new WEB application security firewall technology which accord with the future development needs of the user, which will be more and more widely used;2, Of the WEB application security vulnerabilities, the WEB vulnerabilities were classified, and WEB vulnerabilities were analyzed;3, Take An Internet payment business in Shanghai as the research object, in the research of enterprise's existing network and security architecture, analysis the enterprise application security on the specific needs of WEB, designed the overall evaluation program, which fully take the advantage of the existing software and hardware resources, give full play to the WEB application security system's technical advantages;4, According to evaluation program, organized a WEB application security system evaluation work. Evaluation has fully reflected the real situation and the existing difference of WEB application security system in the function and its performance. According to the evaluation results, from the deployment way, WEB application security capability, equipment performance and their own safety, and other points of view, to do the research and compare on the WEB application security systems, select the WEB application security system products for the enterprise.5, According to the actual production environment characteristics for the Internet pay enterprise, designed WEB application security protection system and implementation plan. For the existing production environment specific compatibility issues which we found in the verification test, re-designed deployment plan. After passed the verification test, based on the established on-line implementation steps, WEB application security protection system will be successfully deployed to the production environment and do the analysis of the implement effect of before and after the whole program implementation.
Keywords/Search Tags:WEB application vulnerability, WAF, test and study, security and protection
Related items