摘要
在web应用自动渗透测试技术的发展中,由于在web应用响应分析的自动化与智能化方面的研究不足,现有web应用自动渗透测试中仍然需要人为经验干预,限制了渗透测试的效率,因此,在研究了关键字响应分析技术与被动提取技术的基础上提出了自学习响应分析算法,该算法利用关键字词库对响应结果进行分析,若没有匹配成功再利用启发式分析技术进行分析,当分析结果有效则提取响应的关键字加入词库以达到自学习的目的;实验证明,该算法能够对测试响应结果自动地进行分析,突破了关键字分析技术只能分析含有关键字的响应这一局限,同时,比单纯被动响应提取技术具有更高的效率。
Little research about the analysis of web applications~ s response has been done . Its level of automation and intelligence is very low. And web penetration still requires human intervention which directly limit its efficiency. To solve this problem, key words analy sis and negative response extraction have been studied, and with the help of the two technology a algorithm named self--learnning response analysis is proposed. At first the algorithm use key words to ananlyse the response. If it fails, heuristic analysis technology is used to work it out. The key words extracted from the response will be stored in the database which is used to keep key words. Experimental results show that the algorithm can analyse the response quickly and correctly. And it can analyse the response that key words analysis can not. At the same time, it is more efficient than negative response extraction.
出处
《计算机测量与控制》
2016年第2期251-254,共4页
Computer Measurement &Control
基金
国家自然科学基金项目(61303230)
四川省科技支撑计划项目(11ZS2010)
关键词
WEB应用
响应分析
自学习
web application
response analysis
self--learning
