| Web application service has become the popular service today and is the most vulnerable service of network. The attack results in severe loss. Besides the known vulnerabilities, more application-layer web securities have been exploited recently, such as SQL injection, parameter tampering, database security etc.Web security is the importance and theme of this paper, and all the studies are started on it. Based on the basis of security, cryptography, as a starting point, writer explains several factors which are required to make secure transmission of data: confidentiality, integrity, authentication, and non-denied, and states that which problems can be solved by cryptography. In this thesis, firstly, it is analyzed how to make use of SSL protocol to authenticate both sides of communication from the network layer, and the security of data transmission in the network is strengthened. Then Web attacks are researched detailedly from the server layer and client layer, such as SQL injection, parameter tampering etc. Summarized characteristic and law of Web attacks, corresponding solutions of various security problems have been put forward, lack of database encryption algorithm is also put forward, and data integrity check is appended.At the end of this thesis, a Web application security system based on J2EE is designed on the foundation of the research of Web attacks, which has met several security features demand such as both sides authentication of server and client, secure transmission of data, resistance of SQL injection attacks, encryption of database sensitive data etc. It is proved that the security of Web application has been improved to a large extent by this scheme. |
PDF Full Text Request