信息网络安全 ›› 2014, Vol. 14 ›› Issue (9): 180-183.doi: 10.3969/j.issn.1671-1122.2014.09.041

• 入选论文 • 上一篇    下一篇

网站安全扫描产品的分析与比较

邸洪波, 于绍辉, 苏吉成   

  1. 大连市公安局网络安全保卫分局,辽宁大连 116011
  • 收稿日期:2014-08-06 出版日期:2014-09-01
  • 作者简介:邸洪波(1983-),男,辽宁,硕士,主要研究方向:图像处理与模式识别;于绍辉(1973-),男,辽宁,硕士,主要研究方向:信息网络安全;苏吉成(1977-),男,辽宁,本科,主要研究方向:信息网络安全。

The Analysis and Comparison of Website Security Scanning Products

DI Hong-bo, YU Shao-hui, SU Ji-cheng   

  1. Network Security Division of Dalian Municipal Public Security Bureau,Dalian Liaoning 116011, China
  • Received:2014-08-06 Online:2014-09-01

摘要: 随着互联网的飞速发展,网站安全问题日趋严峻,几乎每天都有大量网站被篡改,被植入木马、后门等恶意程序。网站安全扫描产品也如雨后春笋般出现,这种产品虽然不能像安全防护设备那样有效保护网站,但也能帮助管理员迅速了解网站存在的安全隐患。但是产品的好坏如何定义?文章根据网站安全扫描原理进行了详细阐述,并通过实际测试后的对比分析,提出了一些完善化的建议,希望提高网站安全扫描产品的扫描能力。

关键词: 漏洞, 网络爬虫, SQL注入, XSS漏洞

Abstract: With the rapid development of the internet, the problems of Web security are more and more serious, almost everyday lots of websites have been tampered, or injected with trojans horse, backdoors and other malicious programs. The scanning products of website security have sprung up, although these products cannot protect websites, they can help administrators understand vulnerabilities and security risks. But how to define the quality of these products? In this paper, website security scanning principles are explained in detail, after the comparative analysis, some suggestions on how to improve the capability of website security scanner are put forward.

Key words: vulnerability, Web spider, SQL injection, XSS vulnerability