English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 49633/84879 (58%)
造訪人次 : 7694339      線上人數 : 61
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    請使用永久網址來引用或連結此文件: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/52142


    題名: 網頁應用程式攻擊之研究 : 以淡江大學為例
    其他題名: A study of web application attack : a case study of Tamkang university
    作者: 姚依君;Yau, Yi-jiun
    貢獻者: 淡江大學資訊管理學系碩士班
    黃明達
    關鍵詞: 網頁攻擊;網頁應用程式安全;網頁應用程式弱點;Web Application Security;Web Application Vulnerability
    日期: 2010
    上傳時間: 2010-09-23 16:55:01 (UTC+8)
    摘要: Cenzic於《2009年1~2季度web應用安全趨勢報告》中評估,9成的網頁應用程式皆有資料外洩、跨站攻擊等弱點,並指出,2009年上半年發現3,100多個安全弱點,其中有78%屬於網頁應用程式弱點,較2008年下半年發現的弱點數量增加了10%以上。依目前網頁應用程式安全現況,一旦遭惡意攻擊,必然造成影響,而事後處理,往往可能造成資訊外洩等嚴重損害。

    因此本研究針對淡江大學網頁應用程式,透過弱點掃瞄工具偵測應用程式潛在之弱點後,以駭客角度進行入侵滲透測試,驗證弱點是否確實存在或存在其它潛在弱點,最後彙總出11種攻擊手法,以供網頁應用程式維護者檢測參考之用。瞭解網頁應用程式安全現況,以事前洞悉網頁應用程式潛在之弱點。研究發現,淡江大學之網頁應用程式弱點分佈為:資訊揭露與不適當的錯誤處置,佔23.26%;不安全的物件參考,佔15.95%;疏於限制URL存取,佔14.95%及其他,佔45.84%,而入侵滲透測試結果,實際造成瀏覽者、後端資料庫、管理者等密碼遭竊取與網頁資料遭修改之嚴重威脅,佔21.05%,共取得3個網頁應用程式之相關重要帳號、密碼;修改5個網頁應用程式內容。期望透過網頁應用程式弱點分析及11種攻擊手法,供網頁應用程式維護者及未來開發者較駭客早一步發現問題。
    Cenzic "Web Application Security Trends Report Q1-Q2, 2009" pointed out that 90 percent of Web Applications were invaded by data leakage, cross-site attacks. During the first half of 2009, Cenzic discovered that the total number of reported vulnerabilities were up to 3100 incidents, and the percentage of Web vulnerabilities continued account for 78 percent, compared with the weaknesses found in the second half of 2008 increased by 10%. According to the present status of Web Application security, once the malicious attacks occur, often cause serious damage. While the post-processing often leads to inevitably affects on information leaks.
    For the reason above, we take Tamkang University Web Application vulnerability as an experiment with an view to observe the outcome through scanning tools and detect the application potential of weakness. The summary contains 11 methods of attack for the cyber administrator to test web applications as a defend reference. As for Web Application security condition, in order to advance insight into the potential of Web Application vulnerabilities.The distribution of Tamkang University Web Applications vulnerabilities is consisted as below: Information leakage and improper error handling 23.26%; Insecure direct object reference 15.95%; Failure to restrict URL access 14.95% and other 45.84%. While the invasion of penetration test results, the actual cause viewers, back-end database administrator password was stolen and other information with the page was to edit a serious threat 21.05%, a total of three important Web Applications related account password; modify the content of 5 web applications. We hoped that through the Web Application vulnerability analysis, and 11 methods of attack for the defenders and future web applications developers could find problems earlier than the hackers do.
    顯示於類別:[資訊管理學系暨研究所] 學位論文

    文件中的檔案:

    檔案 大小格式瀏覽次數
    index.html0KbHTML200檢視/開啟

    在機構典藏中所有的資料項目都受到原著作權保護.

    TAIR相關文章

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - 回饋