Based On Isapi Website Injection Attack Prevention Model And Its Application

In the internet era, there are a large number of enterprises and government agencies release news and offer consulting services and online business on websites. When writing code, however, there are a large portion of programmers never judge the legitimacy of the data which the users input, thus security risks can arise in a lot of web applications which are vulnerable to hackers’ attack. Therefore, it is generally concerned by the enterprises and government agencies that how to use information technology to enhance their image and to facilitate the business operations while reducing vulnerabilities so as to prevent hackers’attack.This thesis presents an anti-attack firewall model based on ISAPI technology, and was brought into application by the author. The author’s major works include the following details:1. This thesis examines two common ways of injection attacks including SQL injection attack and cross-site scripting attack. Then the author describes the methods usually used for preventing the attacks, and analyzes their shortcomings and deficiencies in practice as well.2. This thesis presents an anti-attack firewall model based on ISAPI technology, and elaborates the objectives, the program and the process of developing as well.3.The author designs the specific model after conducts the feasibility analysis and the system requirement specification. In the part of model design, the article proposes the objectives of the firewall system, chooses the analytical model, the structure and the framework of the process, designs each functional modules in detail, make classification and definition for the response pattern of the security policy.4. In the part of the policy engine design, the article first expounds the different properties of the security policy, then describes the loading and controlling methods and the extraction method of the security policy rules.Through programming, the author builds a firewall of the model and successfully installed and debugged on the web server. A pressure test which was conducted in the production environment showed positive results. In practice, instead of setting respectively, the firewall can protect all the websites on the IIS server altogether, so as to significantly reduce the server’s defense costs while improving security, which is significantly important for the enterprises to improve the competitiveness.