| With the advent of the era of web 2.0, internet users have also become the maker and disseminator of information. Powerful Web application programs aimed at chatting, dating and shopping have been surging, thus the application program based on Web is becoming more and more universal. However, with the convenient that those applications brought to people in their daily life, they also increased the number of potential safety problems—vast amounts of user privacy data are confronted with the danger of exposure at any time. Nowadays, the client-side software vulnerabilities of different kinds of social networking sites have been emerging endlessly, and attackers can easily get access to user’s private information or carry out unauthorized operation without the need to compromise the server. Thus the affects they brought to the users is no less than Web server vulnerabilities, many developers and researchers have committed themselves to the work of detection and prevention of those bugs. Moreover, as the internet environment of Web client is complicated and out of the control of developers, the large number of those bugs is also of great concern. Consequently, how to repair those bugs reasonably and effectively when they are discovered is a crucial part, and it requires a weakness assessment system.The current vulnerability assessments, no matter quantitatively or qualitatively, are all partitioned to aim at common vulnerabilities, and their purpose is to establish a general standards. However, Web client vulnerability has its own specificity, and it usually does not affect the server-side. Further, because of the large quantities of those client bugs, there is still no systematic classification.For those reasons above, this article designed a specialized vulnerability evaluation system for the Web client vulnerability to enforce the safety protection of Web information system security. The main contents and innovations of the thesis are summarized as three aspects:1.Introduce the main composition of the Web client vulnerabilities: XSS, CSRF, click jacking, analyse their causes and affects and select evaluation factors for these security vulnerabilities.2. Attribute classification of vulnerability according to the characteristics of the Webclient vulnerabilities, design assessment system for Web client vulnerabilities.3. Design automation assessment tool for Web client vulnerability assessment syste m, The tool applied to the existing vulnerability database, automatic evaluate more than 4000 Web client vulnerabilities.the experimental results show that our scheme is very practical and effective. |
PDF Full Text Request