CAJ | 학술논문

随着互联网的发展及经济利益的驱动，黑客已将攻击重点转到Web应用服务器上，由此危害了服务器安全及客户端安全。针对这一现状，文章首先采用广度优先算法实现网络爬虫来获取目标网站的架构信息；然后用网页动态参数判定、网站架构分析、信息智能识别等技术对网站安全进行辅助检测，用正则表达式过滤非法跨站请求，实现跨站脚本攻击检测；最后，用正则表达式和Python强大的库资源编程实现了应用安全的实时检测和评估功能。实验表明：该系统在一定程度上减少了Web恶意攻击行为所带来的损失，提高了应对网页信息安全突发事件的响应速度。
수착호련망적발전급경제이익적구동，흑객이장공격중점전도Web응용복무기상，유차위해료복무기안전급객호단안전。침대저일현상，문장수선채용엄도우선산법실현망락파충래획취목표망참적가구신식；연후용망혈동태삼수판정、망참가구분석、신식지능식별등기술대망참안전진행보조검측，용정칙표체식과려비법과참청구，실현과참각본공격검측；최후，용정칙표체식화Python강대적고자원편정실현료응용안전적실시검측화평고공능。실험표명：해계통재일정정도상감소료Web악의공격행위소대래적손실，제고료응대망혈신식안전돌발사건적향응속도。
With the development of the Internet and the economic beneifts derived from it, hackers have been focused on in the Web application servers, which endanger the safety of the server and the client security and is against the status quo. First of all, the Web crawler works by using breadth-ifrst algorithms to get the target site architecture information. Second, use page dynamic parameter determination, website structure analysis, information intelligent identiifcation technology (such as auxiliary detection), and guard the security of the website with regular expressions to filter illegal cross-site requests. Then implement cross-site scripting attack detection. Finally, with regular expressions and powerful Python library resources programming create the real-time detection and assessment of the application security function. Experiments show that the system to a certain extent, reduces the loss on the Web due to malicious attacks and improves the response speed of the Web information security incidents.