| With the rapid development of network, the rapidly increasing internet user and the global society is more and more informationalized, the Website has become an important role in the network life, and as an important carrier of information. At the same time, attacks on Websites also began active when Websites plays an important role in enriching people’s life, this brings a great security risk to Web site.This thesis analyzes the current situation of the security of the Website and the research status of the Website security, and expounds the advantages and disadvantages of some common security protection, and then leads to the research content of this thesis:the research of Website security protection system. In this thesis, the invasion script injection attack (Injection Attack), XSS attacks (XSS Attack) on the site of the attack, and to make the corresponding intrusion prevention solutions.For general SQL injection attacks reduced injection system filtering keywords range, and add the names used in the application of Web database as the keyword filter, through the dynamic string method to construct a more secure, most modern programming language and API database access can use placeholder or bind variables to SQL query parameters. For XSS attack is proposed in this thesis, the sum of defense scheme of server and client by combining the core idea of prevention is not only rely on the server authentication information submitted directly to the browser, and the need to add additional check information. |
PDF Full Text Request