| The rapid development of network technology and network platform's and ease of use,whether corporate or government authority or individuals,have chosen to use the platform to build their own site,so that the network security problem increasingly highlighted.In the Web application there are many encoding loopholes,the code of these loopholes makes web server become more vulnerable,in these attacks,more widespread,brutish is SQL injection and XSS attacks.In order to ensure the safe use of Web applications,Web application Security research has significance and practical value is very important.This study based on a company's web content management system.The purpose is to perfect the system of Web application security system,and improving the protection ability.After the study and found that at present the system of web application security protection system of SQL injection attacks and cross site scripting attack protection ability is weak.In this regard,the need for an existing Web application security protection system to increase SQL injection and cross-site scripting attack detection subsystem.In this paper,based on the analysis of the popular SQL injection and cross site scripting attack principle and detection technology,summarizes the characteristics of the attack code,put forward the keyword matching detection method combined with the rule base,at the same time in front of the web application layer calls JDBC increase a SQL parsing module,enhancement of SQL injection protection.This detection system based on B/S architecture,by multiple detection module classifying web page code file,record test results,entry log sheet,and issued a warning message.Through test and actual use,this paper design and implement of SQL injection and cross site scripting attack detection system can effectively detect the SQL injection and cross site scripting attacks,detection speed faster,to improve the existing Web application security protection system research goal. |
PDF Full Text Request