基于静态分析的Web身份认证缺陷的检测方法研究

s a rapidly developing and highly popular technology, Web applications cover all aspects of our work and life. As a very important line of defense for Web applications, identity authentication protects users\' privacy and property security. However, with the rapid expansion of the application scope of Web applications, in the complex and volatile Internet environment, identity authentication defects make Web systems more vulnerable. Therefore, methods are needed to detect such defects in advance. This paper proposes an identity authentication flaw data flow analysis detection algorithm to detect identity authentication flaws in Web applications, and proposes a run-time feature analysis algorithm to solve the problem of missing call links caused by three types of run-time features, improving the accuracy of static detection of identity authentication flaws in Web applications. The experimental results show that the identity authentication defect data flow analysis and detection algorithm can accurately identify the defective call link without deterioration of the analysis time, and the detection results in the experimental data achieve zero false positives, which proves the effectiveness of the method in this paper.