| With the rapid development of Web 2.0,a large number of Web based applications have emerged.These applications and services have been deeply into all aspects of people's life,which bring us not only great convenience and rapid development of the society,but also a lot of hidden security problems.In recent years,many network security events have been revealed by the media,and a large number of Web applications after being attacked by hackers have caused data leakage and the status of network security has risen to national strategy.So people gradually realize the importance of network security.This thesis analyses and explains common vulnerabilities formation of the Web server side and the client side in detail.By using of the scenes,the corresponding attack models are proposed,and finally a reasonable security defense model against these vulnerabilities is put forward.The thesis mainly includes the following several aspects:1)Web server side security.First of all,the original attack method is improved to form a variant attack,which can bypass the WAF,and then we build Web server side attack model,each of the modules in this attack model are interrelated,which can make the attack process.At last,we provide examples for testing and validation.2)Web client side security.On Web client side,the most dangerous vulnerabilities are XSS cross site scripting vulnerabilities,CSRF vulnerabilities,Click Jacking vulnerabilities,and etc.Through the in-depth study of these attacks technology,we build Web client side attack model,and provide examples for testing and validation.3)Security defense solutions.This thesis proposes a comprehensive security solution that can effectively defend against the traditional attacks and the variant attack which can bypass the WAF,and effectively avoid the Web security attacks. |
PDF Full Text Request