关键词: Web安全, 渗透测试, 跨站请求伪造, 跨域资源共享, JSON劫持

Abstract: With the rapid development of the digital industry, the number of Internet companies has increased year by year. Compared with other types of enterprises, a significant feature of Internet companies is that the main business is based on a large number of Web systems, so the high security of Web systems is particularly important in Internet companies. Web systems bring convenience to users through rich functions, and also introduce many security issues, especially the leakage of user privacy information that have occurred frequently in recent years, mostly due to security flaws in Web systems. More and more Internet companies have begun to build security emergency response centers to conduct security testing and evaluation of enterprise systems through the security forces of all parties, and to collect and handle security vulnerabilities. It can be seen that modern Internet companies have given increasing attention to security. Based on the security status of the Web system, the typical vulnerabilities that are easily overlooked in the three types of Internet companies are analyzed and summarized, and corresponding solutions are provided to improve the security of the Web systems of Internet companies and ensure user information security

Key words: Web security, penetration test, cross-site request forgery, cross-domain resource sharing, JSON hijacking