基于PHP技术的web系统安全性分析 摘 要:PHP语言是当今最热门的网站开发语言,已经有越来越多的PHP网站涌现在互联网上。但是,由于程序员本身缺乏安全意识以及各种PHP网站攻击手段层出不穷,PHP网站的安全性问题也暴露的越来越多。因此,研究总结一套应对各种攻击的防范方法来指导程序员编写安全可靠的PHP应用程序也显得愈发重要了。本文重点分析了文件上传漏洞攻击的攻击原理、跨站请求伪造攻击过程以及攻击所造成的危害、以及跨站脚本攻击和SQL注入攻击,同时本文也针对这些攻击手段,研究了相应的防范方法。
关键词:PHP技术;web安全
Web Security Analysis Based on PHP Technology
Abstract:PHP language is one of the most popular web programming languages, so there are more and more PHP websites in the internet. But because of Programmers’ lack of awareness of programming security, various attacks on PHP websites have made the web security become a serious issue. For this reason, it is growingly important to establish a scheme for defending against web attacks and as a guide for programmers to build reliable PHP websites. This thesis aims to research and analyze on various ways of PHP website attacks and their respective defensive methods, with an emphasis on the principle, process, and potential damage of and defensive techniques for file uploading loophole attacks, Cross Site Request Forgery, Cross Site Script attacks and SQL Injections.
Keywords: PHP technologies; Web attacks
目 录
摘 要 1
引言 2
1.选题的背景及意义 2
1.1课题的背景及意义 2
1.2 PHP技术简介 3
2.基于PHP技术的Web系统漏洞攻击的分析 3
2.1文件上传漏洞攻击的分析 3
2.2 CSRF跨站请求伪造攻击的分析 4
2.3 XSS跨站脚本攻击的分析 6
2.4 SQL注入攻击的分析 7
3.基于PHP技术的Web系统安全防范方法 9
3.1文件上传漏洞攻击的防范方法 9
3.2 CSRF防范方法 9
3.3 跨站脚本攻击注入的防范方法 10
3.4 SQL注入的防范方法 11
4.论文工作总结和展望 12
参考文献 13
致 谢 14,3021