基于Session欺骗攻击的Web应用程序防护
Protection of Web Application Programming Based on Session Spoofing Attacks
摘要: 本文对Web应用程序开发中的Session欺骗攻击进行了阐述,详细讲解了防范Session欺骗攻击的三种传统方法,并给出了防范代码,分析了三种传统防范方法的不足,新设计了一种通过Referer信息验证来加强对Session欺骗的防范,并给出了详细的实现代码和调用方法,最后提出了综合防护策略,将四种防范方法集成到一个模块中,通过调用该模块,方便实现了Session欺骗攻击的防范,增加了Web应用程序的安全性。
Abstract: This paper provides an in-depth examination of Session spoofing attacks in Web application development. It elucidates the three conventional methods of preventing Session spoofing attacks and presents prevention codes. The shortcomings of the three traditional prevention methods are analyzed. A new method is designed to strengthen the prevention of Session spoofing through Referer information verification, and detailed implementation codes and calling methods are provided. Finally, a comprehensive protection strategy is proposed; the four prevention methods are integrated into a module, which can be conveniently called to implement the prevention of Session spoofing attacks and thus increase the security of Web applications.
参考文献
|
[1]
|
Cherckesova, L., Revyakina, E., Roshchina, E. and Porksheyan, V. (2024) The Development of Countermeasures against Session Hijacking. E3S Web of Conferences, 531, Article No. 03019. [Google Scholar] [CrossRef]
|
|
[2]
|
Muzammil, M.B., Bilal, M., Ajmal, S., Shongwe, S.C. and Ghadi, Y.Y. (2024) Unveiling Vulnerabilities of Web Attacks Considering Man in the Middle Attack and Session Hijacking. IEEE Access, 12, 6365-6375. [Google Scholar] [CrossRef]
|
|
[3]
|
Xuan, N.Y., Juremi J. and Saad, N.H.M. (2021) Securing E-Commerce against SQL Injection, Cross Site Scripting and Broken Authentication. Journal of Applied Technology and Innovation, 5, 73-77.
https://api.semanticscholar.org/CorpusID:245667954
|
|
[4]
|
李家梁, 彭建山. 函数语义识别的PHP漏洞检测[J]. 信息工程大学学报, 2025, 26(1): 90-96.
|
|
[5]
|
徐杰, 陈宇琪, 兰浩良, 等. 基于PHP会话劫持的网络安全教学研究[J]. 电脑知识与技术, 2024, 20(10): 100-103, 107.
|