With the rapid development of Internet technologies, web systems have become essential infrastructures for modern information exchange and business operations. However, alongside their expansion, numerous security vulnerabilities have emerged, making web security a critical research focus within the broader field of cybersecurity. These issues are closely related to data protection, privacy preservation, and business continuity, and systematic research on web security is crucial for mitigating malicious attacks and enhancing the reliability and robustness of network systems. This paper first reviews the OWASP Top 10, summarizing the types, causes, and impacts of common web vulnerabilities, and illustrates their exploitation mechanisms through representative cases. Building upon this, the Gruyere platform is adopted as an experimental subject for analyzing known vulnerabilities. The study presents detailed reproduction steps for specific vulnerabilities, proposes comprehensive remediation strategies, and further compares Gruyere's vulnerabilities with contemporary real-world cases. The findings suggest that, although Gruyere's vulnerabilities are relatively outdated, their underlying principles remain highly relevant for explaining a wide range of modern security flaws. Overall, this research demonstrates that web system security analysis based on Gruyere not only deepens the understanding of vulnerability mechanisms but also provides practical support for technological innovation and security defense.

翻译：随着互联网技术的飞速发展，Web系统已成为现代信息交换与业务运营不可或缺的基础设施。然而，在其规模不断扩大的同时，大量安全漏洞也随之显现，使得Web安全成为网络安全领域中的一个关键研究方向。这些问题与数据保护、隐私维护及业务连续性密切相关，对Web安全开展系统性研究对于抵御恶意攻击、提升网络系统的可靠性与鲁棒性至关重要。本文首先回顾了OWASP Top 10，总结了常见Web漏洞的类型、成因与影响，并通过典型案例阐释了其利用机制。在此基础上，采用Gruyere平台作为实验对象，对已知漏洞进行分析。研究针对具体漏洞给出了详细的复现步骤，提出了全面的修复策略，并进一步将Gruyere中的漏洞与当代现实案例进行了对比。研究结果表明，尽管Gruyere中的漏洞相对陈旧，但其背后的原理对于解释众多现代安全缺陷仍具有高度参考价值。总体而言，本研究表明，基于Gruyere的Web系统安全分析不仅深化了对漏洞机制的理解，也为技术创新与安全防御提供了实践支持。