毕业论文--Web应用程序安全漏洞知识库初探.doc

盐城师范学院毕业设计 毕业设计 Web应用程序安全漏洞知识库初探 学生姓名 学 院 专 业 计算机科学与技术 班 级 学 号 指导教师 2016年5月16日 Web应用程序安全漏洞知识库初探 摘 要 随着互联网的迅速发展，目前很多业务都依赖于互联网，比如网上银行业务、旅游在线购票业务、网上购物业务等，Web应用程序和人们的日常生活息息相关。很多恶意攻击者会想法设法对Web服务器进行攻击，从中盗取他人的个人账户信息来换取他们的利益。为了防止恶意攻击者的攻击，除了对Web服务器做相应的安全配置外，Web应用程序的设计和实现过程中也需要排除恶意攻击者攻击的隐患。但是在互联网上还无法找到对于Web应用程序安全漏洞的系统性介绍工具或文章，这对程序开发人员对于漏洞机理的理解也造成了困扰。 本文主要对OWASP TOP10 2013的十大安全漏洞进行分析和整理研究。文中介绍了OWASP TOP10的相关漏洞的机理研究以及预防措施。针对所整理的内容制作Web应用程序安全安全漏洞展示系统，系统包括用户注册以及登录界面，调研内容展示模块。系统运用软件开发流程的方法进行相应的需求分析，然后基于C#语言进行系统编码，设计并且实现了Web应用程序安全漏洞展示系统。分析这些经典的漏洞，旨在帮助程序开发员提升他们的编码安全意识，加强Web应用程序的安全性。 【关键词】Web；应用程序；漏洞展示；OWASP TOP10 2013 The Design and Implementation of Web Application Security Vulnerabilities Knowledge Base ABSTRACT With the rapid development of the Internet, many businesses rely on the Internet, such as online banking, online travel booking services, online shopping services, etc. The Web application program is closely linked with peoples life. Many malicious attackers find ways to attack the Web server for their benefits by stealing peoples personal account information. Therefore, Web services platform is often under attack. In addition to the Web server to do the corresponding configuration, Web application design and development process also need to exclude the risk of malicious attacks. However we yet couldnt find the systematic introduction tool or essay for Web application program security vulnerabilities, Which perplexes the understanding of vulnerability mechanism for the application developer. This thesis focuses on OWASP TOP10 2013 Ten-security vulnerability analysis and organizes research. This paper describes the mechanism analysis and preventive measures of OWASP TOP10 that related vulnerabilities. The production of Web application program security vulnerabilities presentation system is based on collative contents, which including user registrat