web应用渗透测试实施与解决方案

Web Application Penetration Test Implementation andSolutionAbstract:In recent years,Web application security has become a focus of network security.According to relevant data,most Web applications have security problems.Think of theubiquitous Web application services:E-mail,online documents,online banking,and so on.While we have installed firewalls and antivirus software on servers and networks,andencrypted the data being transmitted,we have not really secured the Web application technologyitself.The common method of Web attack,SQL injection,is to attack the Web application systemby exploiting the normal connection of the society through the vulnerability of the analysisprogram.Security production equipment in the network layer such as firewall or IDS appears to bea normal access link,there is no other one of the characteristics of the study shows that there aresome malicious attacks on the access control.Once access passes,subsequent securitymanagement issues are not effectively addressed by firewalls.Therefore,we need to conduct aneffective security system test to ensure the security and reliability of Web applications.As a kind of simulation technology and methods of the malicious attackers,penetrationtesting foil target system safety control measures,efforts to control access,and found that havebusiness impact consequences safe hidden trouble of a security test and evaluation methods,it canbe found in a prior to the release of the Web application possible loopholes,let the enterprisepersonnel intuitive understanding of the current threat,and system security strength,and to find aloophole in the repair and processing,to avoid enterprises in heavy losses.In view of the above problems,this paper firstly analyzes the current situation of Webapplication information security,elaborates the process and method of Web application systemsecurity test in detail,and creates two simple test sites to study several common Web applicationvulnerabilities:such as SQL injection vulnerability,cross-site scripting (XSS)vulnerability,fileupload vulnerability,etc.Key words:Web application penetration test,Internet security SQL injection,XSS