The Research On Common WEB Attack Methods And Security Countermeasures

WEB services security is one of the important issues in the field of information security.In the field of information security in recent years,the number of WEB service attacks or traffic is almost doubled the geometric growth.And the range of attacks on WEB services is also growing,from the beginning of the general portal to the subsequent financial services or large-scale e-commerce platform,having suffered varying degrees of attack.To deal with this WEB service attacks,enterprises or companies are forced to purchase the firewall security products or equipment,but because of the high security software or equipment prices,they are unable to bear on the security needs of the company or enterprise,And the security software or equipment under normal circumstances require manufacturers to maintain and upgrade,And the security protection software maintenance upgrade or equipment normally require manufacturers,and the access that customers have is limited,so they can not be directly maintained,usually in the event of problems will be dealt with.Based on the above problems,this paper studies the common WEB service attacks and provides some basic integration solutions.The main tasks are as follows:Firstly,design the experimental environment.Because of the diversity of WEB service attacks,and the characteristics of each attack are also different,the required research or experimental environment is different,therefore,in the course of the research,for different WEB service attacks to build a different simulation experimental environment for testing experiments.The main research objects are XSS attack protection,Connection Flood attack protection and SQL injection attack protection.Secondly,according to different attacks to design different prevention strategies.1.Proposed a new solution to deal with XSS attacks,mainly for the original or manufacturers to provide solutions to improve the defects to improve the maintainability of the protection system,allowing administrators to carry out their own maintenance and upgrading of the local sensitive character library;And then design interruption mechanism,for example responding to the service first,and then to deal with dangerous characters,and designing page tags to prevent the character echo brought about by the extended attack.2.For the Connection Flood attack to provide some light solution for WEB developers or system maintenance personnel can be easily integrated into the system,to deal with the general DDOS attacks.According to the Attack characteristics of Connection Flood,we designed a targeted protection scheme and realized the main protection function.3.In recent years the threat of WEB service with the SQL injection attacks is particularly serious.In research,designs SQL special filtration character functions,and gives concrete application examples,and the main content of the involved in the research is necessary to improve the SQL before implementation protection operation.Finally,the experiments verify the effectiveness of the strategy.For setting up the simulation of WEB services,the specific research objects are integrated into the WEB service,and WEB services deploy to the relevant server.In the simulation attack experiment,it carries on the related simulation attack,records the experimental data of different stages,and facilitates the analysis of the experimental data.