Research On Defence Technique Against Web Attack Based On Script Security

Recently，a mass of network attacks toward Web applications are frequently reported and turnout to be more serious．However，countermeasures against malicious attack are not perfect enoughbecause of low detection accuracy and a lack of detecting new type of Web attacks．Therefore，research on the detection method and countermeasure against new vulnerability are of greatsignificance．The paper focuses on the script security，discusses Web application vulnerabilities anddetails of workaround，researches principles and key technologies of detecting thevulnerabilities．New type of Web vulnerability and its defensive measure are also analyzed．Themain contribution and conclusion are described as follows．1．Kinds of Web vulnerabilities are investigated in detail，such as SQL injection，XSSvulnerability，CSRF vulnerability and Denial of Service，including their cause，current researchesand corresponding countermeasures，etc．2．A detect mechanism against new form of Web vulnerability is presented．Regular expressDenial of Service is considered as one of Web attacks based on script page．Attack testing casesbased on the rule of negative match in NFA engine are constructed and fuzz testing is introduced tocheck the availability and reliability of regular expression deployed by Web applications．The resultshows that it is available to check the efficient of regular expression and to detect Regular expressDenial of Service with acceptable rate of false alarm and rate of false negative．3．A passive Web scanning tool based on proxy is designed．It is built to capture the trafficbetween browser and Web server with the help of proxy and to inspect the packet to get the state ofserver in a passive way so as to detect the potential vulnerability．Scanning modules against theinformation disclosure，Charest-encoding，cross-domain，HTTP header and reflective XSS aredesigned and a module aiming at detecting CSRF vulnerability is added．After that，theimplementation of each part in the core module is introduced．Compared to the active one，thescanner causes relatively fewer system load．Meanwhile，it provides abstract design interface togain good expansibility．The experimental result shows that it is available to detect kings of Webvulnerabilities with high scalability and an acceptable rate of false alarm and of false negative．...