| Web应用安全风险及其防护体系研究 |
| |
| 引用本文: | 彭淑芬.Web应用安全风险及其防护体系研究[J].网络安全技术与应用,2014(7):146-147. |
| |
| 作者姓名: | 彭淑芬 |
| |
| 作者单位: | 国家安全生产监督管理总局通信信息中心,北京100713 |
| |
| 摘 要: | 为了建立全方位的有效的Web应用安全防护体系,首先分析了2013OWASP Top 10中发布的十大Web安全风险,然后根据《信息系统安全等级保护基本要求GB/T 22239-2008》分析了技术和管理方面如何规避十大Web安全风险,最后提出了以漏洞扫描、网页防篡改、域名防劫持、Web应用防火墙和Web实时监测等为主要措施的Web应用安全防护体系.该安全防护体系在Web应用系统的部署、运行维护和评估等环节从检测、防护、监测和审计等方面对Web应用系统进行有效保护.
|
| 关 键 词: | Web应用 安全风险 防护体系 漏洞扫描 实时监测 |
Study on Web Application Security Risks and its Protection Hierarchy |
| |
| Peng Shufen.Study on Web Application Security Risks and its Protection Hierarchy[J].Net Security Technologies and Application,2014(7):146-147. |
| |
| Authors: | Peng Shufen |
| |
| Affiliation: | Peng Shufen |
| |
| Abstract: | In order to establish an effective security protection hierarchy for Web application, the top 10 Web security risks published by OWASP in 2013 are analysed. Then on the base of Information System Security Level Protection basic Demands ( GB/T 22239-2008 ) , the methods of avoiding the top 10 risks are analysed form technology and management. Finally, the Web application security protection hierarchy is proposed. The hierarchy is mainly made of vulnerability scanning, Webpage anti-tamper, domain name anti-hijacking, Web application firewall, Web real-time monitoring and etc. During the deployment, running, maintenance and assessment of Web application system, the hierarchy can protect Web application systems by detection, protection, monitoring and audit. |
| |
| Keywords: | Web application security risks protection hierarchy vulnerability scanning real-time monitoring |
| 本文献已被 维普 等数据库收录! |
|
