| Web应用中的ReDoS检测方法研究 |
| |
| 引用本文: | 梁兴开,赵泽茂,黄亮.Web应用中的ReDoS检测方法研究[J].杭州电子科技大学学报,2011(5):75-78. |
| |
| 作者姓名: | 梁兴开 赵泽茂 黄亮 |
| |
| 作者单位: | 杭州电子科技大学通信工程学院; |
| |
| 基金项目: | 上海市信息安全综合管理技术研究重点实验室开放课题资助项目(AGK2009008) |
| |
| 摘 要: | 该文分析了一种Web应用中新型的拒绝服务攻击-正则表达式拒绝服务攻击.在深入分析形成的原因和机理的基础上,该文提出了一个防范此攻击的检测模型.该模型从静态分析人手,检测网页源代码中可能存在的有漏洞的正则表达式,从渗透测试的角度对提取到的正则表达式进行动态测试,给出相应的漏洞防范措施,从而确保Web应用系统的可用性.
|
| 关 键 词: | 应用安全 正则表达式 拒绝服务攻击 渗透测试 |
A Research on Detection of ReDoS Attack in Web Application |
| |
| LIANG Xing-kai,ZHAO Ze-mao,HUANG Liang.A Research on Detection of ReDoS Attack in Web Application[J].Journal of Hangzhou Dianzi University,2011(5):75-78. |
| |
| Authors: | LIANG Xing-kai ZHAO Ze-mao HUANG Liang |
| |
| Affiliation: | LIANG Xing-kai,ZHAO Ze-mao,HUANG Liang(School of Communication Engineering,Hangzhou Dianzi University,Hangzhou Zhejiang 310018,China) |
| |
| Abstract: | A new type of denial of service called as ReDoS in the Web applications is analyzed.Through deeply analyzing the cause and mechanism of ReDoS,a detection module against ReDoS attack is proposed.This detection module presents a method to identity evil regular expressions in the Web source code with static analysis and penetration test.A countermeasure aiming at ReDoS is also given to make sure the availability of Web applications. |
| |
| Keywords: | application security regular expression denial of service penetration test |
| 本文献已被 CNKI 维普 等数据库收录! |
