Research And Implementation Of Webpage Trojan Characteristic Scanning Technology

Along with the continuous accumulation Chinese Internet network information construction, Webpage technology more perfect, Webpage interactive platform has been widely used in e-government, e-commerce and other fields, to integrate the terminal working environment, service the social public service and commercial program managed as the representative of the Webpage technology, the way people communicate and methods have changed in the largely. But these technology brings convenience in business activities, it also brings security risks unprecedented.In the past, the Internet Webpage is static page. The administrator managing content on a website, can easily distinguish between "trusted" and "not credible" web site. But at present, with the Webpage content enriches gradually, and tends to be dynamic, making the final visitors can continuously update the existing content and share applications, and then through various channels to release. Even if the strict policy, some bad information or malicious software will always pop up, also exist even in a trusted site. The important information and internal web publishers are exposed to extremely dangerous environment.According to a survey of foreign information security attacks,75% are in the application layer instead of network layer. At the same time, the security protection than 2/3 Webpage sites are quite fragile, vulnerable to malicious attacks. One theory is that, most companies spend a lot of money to invest in its network and server security, but no protection Webpage business itself safety from the real meaning, so as to give hackers an opportunity. According to the authority of the world Webpage security research organization to provide the report, there are two of the most serious threats to Webpage business system attacks are injection and cross site scripting.Statistics from the security events happened in the Webpage, malicious attacks lead to very serious consequences, according to the above method can be a legitimate, normal web capture, malicious attackers use permission to act recklessly and care for nobody to malicious code embedded in the Webpage, or malicious program download to existing vulnerabilities of computer terminal in order to achieve the purpose of attack.