| In recent years,with the rapid development of Internet technology,the open transformation of traditional services in the civil aviation industry,the development of new online services that are constantly changing,and the Internet of Things,blockchain,big data,and the growing popularity of artificial intelligence technologies.At present,the development of China’s civil aviation industry is more and more dependent on new technologies,but the application of these new technologies has also brought new challenges to the network security work of civil aviation.On July 20,2020,the Civil Aviation Administration of China issu ed the network security classified protection regulations and the standard was officially implemented on October 1,2020.Therefore,civil aviation units attach great importance to the evaluation of classified protection,and conduct detailed security assessments of information systems through classified protection evaluations,so as to discover the vulnerabilities faced by the system in a timely manner and ensure the safe and stable operation of the system.Under the background of the severe situation of civil aviation network security and the implementation of civil aviation classified protection standards,from the perspective of the security requirements of classified protection,combined with the civil aviation classified protection requirements,this thesis studies various web vulnerabilities,and proposes a web application suitable for civil aviation web applications.Based on the penetration testing method,an automated penetration testing system was designed,which deployed the system and testing environment using virtualization technology,conducted penetration testing on civil aviation web applications,discovered network security risks and visualized them.This strengthens the civil aviation industry’s ability to perceive cyber security hazards and enhances the security of civil aviation systems,thereby effectively reducing the occurrence of insecure incidents. |
PDF Full Text Request