自营网站业务逻辑漏洞的检测与防范

AbstractThis paper introduces the detection technology of self-operated websites,from the current common web security vulnerabilities to the theme of thisarticle.At the same time,the website security environment home and abroadis analysed,and the significance of preventing web security vulnerabilitiesand some basic prevention technologies are discussed.After describing theweb vulnerability family,the business logic vulnerabilities are introducedseparately.From the introduction of business logic vulnerability concept tothe characteristics of business logic vulnerability and then to explain theprinciples of data tampering,password violence and overweightbusinesslogic vulnerability,and then,the paper describes the possible harm ofbusiness logic vulnerability and introduces the general methods andtechnologies for detecting the vulnerabilities,then introduces the ideas andrelated technologies used in this paper,and finally the prevention methodsfor various types of business logic vulnerabilities are introduced.In the end,the research of the project and its further development are summaried.Key words:Web security vulnerability:Vulnerability hazard:business logicvulnerability