Research And Prevention Of Web2.0 Technology Security

With the rapid development of the Internet, individual-centric open Web2.0 sites have became an important part of the Internet, a variety of social networks such as personal blog, open information platform birth. However, the use of new technologies and the growing number of Web 2.0 sites have also brought new security threats to users when they bring a better Internet experience, a variety of Web worms, malicious information use of the openness of the Web2.0 site to spread, seriously endangering to the safety and privacy of Internet users. Therefore, it is of great significance to study and prevent the security of Web2.0 technology.In this paper, the Web2.0 related technologies are studied and summarized, and the security of these technologies are analyzed, including AJAX technology which can greatly improve the interactive experience and HTTP compression technology to improve the information transmission speed.In this paper, the main principles of AJAX technology are analyzed, and the possible hidden dangers are analyzed and compared with the traditional Web 1.0 site.The advantages and disadvantages of the two methods are summarized. Combining with the current Web attacks, XSS, CSRF, and other attacks based on the new changes in AJAX technology are analyzed. For the HTTP compression technology, several compression algorithms commonly used in the Web are studied, and the new Orcale attacks and Breach attacks using HTTP compression technology are studied and analyzed.Through the security analysis of the above technologies, the existing XSS and CSRP defense methods are mainly researched based on the blacklist defense method and the Token verification based defense method. Based on the analysis of the advantages and disadvantages of these defenses and the threats posed by new attacks to these methods,this paper presents a security defense program for Web2.0 application. This scheme combines the feature-based input detection and the rich text whitelist output filtering for XSS attack defense, and uses a reversible encryption algorithm to randomize Token to defend against the new CSRF attack combined with Breach attack. The experimental results show that the defense scheme can effectively prevent the frequent attacks in the Web2.0 application, and the defensive effect is more significant than the traditional scheme.