淡江大學機構典藏:Item 987654321/52142
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 62805/95882 (66%)
Visitors : 3991857      Online Users : 435
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: https://tkuir.lib.tku.edu.tw/dspace/handle/987654321/52142


    Title: 網頁應用程式攻擊之研究 : 以淡江大學為例
    Other Titles: A study of web application attack : a case study of Tamkang university
    Authors: 姚依君;Yau, Yi-jiun
    Contributors: 淡江大學資訊管理學系碩士班
    黃明達
    Keywords: 網頁攻擊;網頁應用程式安全;網頁應用程式弱點;Web Application Security;Web Application Vulnerability
    Date: 2010
    Issue Date: 2010-09-23 16:55:01 (UTC+8)
    Abstract: Cenzic於《2009年1~2季度web應用安全趨勢報告》中評估,9成的網頁應用程式皆有資料外洩、跨站攻擊等弱點,並指出,2009年上半年發現3,100多個安全弱點,其中有78%屬於網頁應用程式弱點,較2008年下半年發現的弱點數量增加了10%以上。依目前網頁應用程式安全現況,一旦遭惡意攻擊,必然造成影響,而事後處理,往往可能造成資訊外洩等嚴重損害。

    因此本研究針對淡江大學網頁應用程式,透過弱點掃瞄工具偵測應用程式潛在之弱點後,以駭客角度進行入侵滲透測試,驗證弱點是否確實存在或存在其它潛在弱點,最後彙總出11種攻擊手法,以供網頁應用程式維護者檢測參考之用。瞭解網頁應用程式安全現況,以事前洞悉網頁應用程式潛在之弱點。研究發現,淡江大學之網頁應用程式弱點分佈為:資訊揭露與不適當的錯誤處置,佔23.26%;不安全的物件參考,佔15.95%;疏於限制URL存取,佔14.95%及其他,佔45.84%,而入侵滲透測試結果,實際造成瀏覽者、後端資料庫、管理者等密碼遭竊取與網頁資料遭修改之嚴重威脅,佔21.05%,共取得3個網頁應用程式之相關重要帳號、密碼;修改5個網頁應用程式內容。期望透過網頁應用程式弱點分析及11種攻擊手法,供網頁應用程式維護者及未來開發者較駭客早一步發現問題。
    Cenzic "Web Application Security Trends Report Q1-Q2, 2009" pointed out that 90 percent of Web Applications were invaded by data leakage, cross-site attacks. During the first half of 2009, Cenzic discovered that the total number of reported vulnerabilities were up to 3100 incidents, and the percentage of Web vulnerabilities continued account for 78 percent, compared with the weaknesses found in the second half of 2008 increased by 10%. According to the present status of Web Application security, once the malicious attacks occur, often cause serious damage. While the post-processing often leads to inevitably affects on information leaks.
    For the reason above, we take Tamkang University Web Application vulnerability as an experiment with an view to observe the outcome through scanning tools and detect the application potential of weakness. The summary contains 11 methods of attack for the cyber administrator to test web applications as a defend reference. As for Web Application security condition, in order to advance insight into the potential of Web Application vulnerabilities.The distribution of Tamkang University Web Applications vulnerabilities is consisted as below: Information leakage and improper error handling 23.26%; Insecure direct object reference 15.95%; Failure to restrict URL access 14.95% and other 45.84%. While the invasion of penetration test results, the actual cause viewers, back-end database administrator password was stolen and other information with the page was to edit a serious threat 21.05%, a total of three important Web Applications related account password; modify the content of 5 web applications. We hoped that through the Web Application vulnerability analysis, and 11 methods of attack for the defenders and future web applications developers could find problems earlier than the hackers do.
    Appears in Collections:[Graduate Institute & Department of Information Management] Thesis

    Files in This Item:

    File SizeFormat
    index.html0KbHTML235View/Open

    All items in 機構典藏 are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback