[1]窦 浩,武艳文,段升强.Web应用安全风险防护分析与防护研究[J].西安建筑科技大学学报:自然科学版,2012,44(03):446-451.[doi:10.15986/j.1006-7930.2012.03.024]
 DOU Hao,WU Yan-wen,DUAN Sheng-qiang.Analysis and research on security risk of Web application[J].J.Xi’an Univ. of Arch. & Tech.:Natural Science Edition,2012,44(03):446-451.[doi:10.15986/j.1006-7930.2012.03.024]
点击复制

Web应用安全风险防护分析与防护研究()
分享到:

西安建筑科技大学学报:自然科学版[ISSN:1006-7930/CN:61-1295/TU]

卷:
44
期数:
2012年03期
页码:
446-451
栏目:
出版日期:
2012-06-30

文章信息/Info

Title:
Analysis and research on security risk of Web application
文章编号:
1006-7930(2012)03-0446-06
作者:
窦 浩武艳文段升强
(西安建筑科技大学信息网络中心,陕西 西安 710055)
Author(s):
DOU Hao WU Yan-wen DUAN Sheng-qiang
(Information and Network Center, Xian University of Architecture and Technology, Xian 710055, China)
关键词:
安全性Web应用安全特性安全风险安全技术
Keywords:
security Web application security property security risk security technique
分类号:
TP393.08
DOI:
10.15986/j.1006-7930.2012.03.024
文献标志码:
A
摘要:
分析了当前Web应用所面临的安全性问题以及重要性,同时分析了Web应用安全特性,给出了十大安全风险的描述并针对每一个安全风险给出了切实有效的防范措施与解决方案,包括注入式攻击、跨站点脚本攻击、错误的认证和会话管理、不安全的直接对象引用、跨站点伪造请求、不安全的配置管理、不安全的密码存储器、无法限制URL访问、薄弱的传输层保护、未验证的网址重定向.针对当前的各种Web应用安全的问题,给出了常见的安全技术及其描述
Abstract:
The security problem of Web application and its importance are analyzed in this paper. At the same time, the security property of the Web application is also analyzed and the description of the ten security risks and the responsed precautionary measure and resolution are given including Injection, Cross-Site Scripting (XSS),Broken Authentication and Session Management, Insecure Direct Object References, Cross-Site Request Forgery (CSRF), Security Misconfiguration, Insecure Cryptographic Storage, Failure to Restrict URL Access, Insufficient Transport Layer Protection, Invalidated Redirects and Forwards. For various security problems of Web application, the conventional security technique and its description are recommended

参考文献/References:

[1] 2006-2010中国被黑站点数量统计[EB/OL].http://www.zone-h.com.cn/
2006-2010the statistics of sites behacked in China[EB/OL].http://www.zone-h.com.cn/.
[2] 2010年Web应用的十大安全风险[EB/OL].https://www.owasp.org/index.php/OWASPTop10-2010-PressRelease.
Top10security risks of Web applications[EB/OL].https://www.owasp.org/index.php/OWASPTop10-2010-PressRelease.
[3] 丁 妮.Web应用安全研究[D].南京:南京信息工程大学,2007.
Ding Ni.Research on security of Web applications[D].Nanjing:Nanjing University of Information Science & Technology,2007.
[4] WILLIAM Z,EDWARD W F.Cross-Site Request Forgeries:Exploitation and Prevention[EB/OL].http://www.freedom-to-tmker.com/sites/default/files/csrf.pdf,2008-09-29.
[5] Cloud Computing Security from an Enterprise perspective[EB/OL].http://cloudsecurity.org/.
[6] Security issues associated with the cloud,Dimensions of the cloud security,Security and Privacy,etc[EB/OL].http://en.wikipedia.org/wiki/Cloud_computing_security.

相似文献/References:

[1]王德明,龙腾锐,罗 成,等.高温热网系统氮气稳压及效果[J].西安建筑科技大学学报:自然科学版,2012,44(01):120.[doi:10.15986/j.1006-7930.2012.01.020]
 WANG De-ming,LONG Teng-rui,LUO Cheng,et al.Nitrogen regulating and its effects in the heating network system[J].J.Xi’an Univ. of Arch. & Tech.:Natural Science Edition,2012,44(03):120.[doi:10.15986/j.1006-7930.2012.01.020]
[2]宋长华,罗 成,丁 力,等.制冷系统优化及热力学分析[J].西安建筑科技大学学报:自然科学版,2012,44(04):548.[doi:10.15986/j.1006-7930.2012.04.017]
 SONG Chang-hua,LUO Cheng,DING Li,et al.Optimization and thermo-dynamic analysis of the refrigerating system[J].J.Xi’an Univ. of Arch. & Tech.:Natural Science Edition,2012,44(03):548.[doi:10.15986/j.1006-7930.2012.04.017]

备注/Memo

备注/Memo:
收稿日期:2011-10-24 修改稿日期:2012-05-03
基金项目:国家2008年下一代互联网业务试商用及设备产业化专项(CNGI2008-060);国家科技支撑计划资助项目(2008BAH37B05060)
作者简介:窦 浩(1976-),男,陕西西安人,硕士,工程师,主要从事网络管理、网络安全工作.
更新日期/Last Update: 2015-09-01