| Web服务安全性测试技术研究 |
| |
| 引用本文: | 施寅生,邓世伟,谷天阳.Web服务安全性测试技术研究[J].计算机工程与科学,2007,29(10):11-13. |
| |
| 作者姓名: | 施寅生 邓世伟 谷天阳 |
| |
| 作者单位: | 北京系统工程研究所,北京,100101 |
| |
| 摘 要: | Web服务的应用越来越广泛,Web服务中的安全缺陷与漏洞也在不断增多,Web服务安全性问题日益突出。Web服务安全性测试是保证Web服务软件安全性、降低安全风险的重要手段。本文提出了一种Web服务安全性测试框架,论述了Web服务主要的安全功能需求、实现标准及实施安全功能测试的一般原理,并从攻击Web服务的角度对Web服务安全漏洞测试进行了系统介绍,分析了Web服务常见的安全漏洞及测试方法。
|
| 关 键 词: | Web服务 安全性测试 模式中毒 路由劫持 WSDL扫描 |
| 文章编号: | 1007-130X(2007)10-0011-03 |
| 修稿时间: | 2007-03-292007-07-09 |
Research on the Web Services Security Testing Technology |
| |
| SHI Yin-sheng,DENG Shi-wei,GU Tian-yang.Research on the Web Services Security Testing Technology[J].Computer Engineering & Science,2007,29(10):11-13. |
| |
| Authors: | SHI Yin-sheng DENG Shi-wei GU Tian-yang |
| |
| Affiliation: | Beijing System Engineering Institute,Beijing 100101 ,China |
| |
| Abstract: | Web services are applied more and more widely. The security flaws and vulnerabilities in Web services are growing. Web services security have become increasingly prominent. Web services security testing is an important means to ensure Web services security and decrease security risks. This paper presents a Web services security testing framework, and investigates the main security function requirements and implementation standards of Web services. It also discusses the principle of implementing security function testing. From the perspective of Web services attacking, it discusses the Web services security vulnerability testing,and analyzes the test methods for the common vulnerabilities. |
| |
| Keywords: | Web services security testing schema poisoning routing detours WSDL scanning |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与科学》浏览原始摘要信息 |
|
点击此处可从《计算机工程与科学》下载全文 |
