|
|||||
|
|
| Web安全性测试技术综述 | |
| 引用本文: | 于莉莉,杜蒙杉,张 平,纪玲利. Web安全性测试技术综述[J]. 计算机应用研究, 2012, 29(11): 4001-4005 |
| 作者姓名: | 于莉莉 杜蒙杉 张 平 纪玲利 |
| 作者单位: | 1. 1. 北京航空航天大学 计算机科学与技术系, 北京 100191; 2. 二炮软件测评中心, 北京 100085 2. 空军装备研究院 通信导航与指挥自动化研究所,北京,100085 3. 北京航空航天大学 计算机科学与技术系,北京,100191 4. 二炮装备研究院, 北京 100085 |
| 基金项目: | 二炮研究院青年创新基金资助项目(2011619); 国家自然科学基金资助项目(90718018) |
| 摘 要: | 对Web应用程序进行有效彻底的测试是及早发现安全漏洞、提高Web应用安全质量的一种重要手段。首先介绍了Web应用安全威胁分类,总结了常见的Web应用安全漏洞;然后对当前Web安全性测试技术的研究进行了全面概述,比较了静态技术和动态技术各自的优缺点,同时对在Web安全性测试中新兴涌现的模糊测试技术进行了详细的介绍和总结;最后指出了Web安全测试中有待解决的问题以及未来的研究方向。 |
| 关 键 词: | Web应用安全漏洞 静态分析 动态分析 模糊测试 |
Survey on Web security testing technologies |
|
| YU Li-li,DU Meng-shan,ZHANG Ping,JI Lin-li. Survey on Web security testing technologies[J]. Application Research of Computers, 2012, 29(11): 4001-4005 | |
| Authors: | YU Li-li DU Meng-shan ZHANG Ping JI Lin-li |
| Affiliation: | 1. Dept. of Computer Science & Technology, Beihang University, Beijing 100191, China; 2. Software Testing & Evaluation Center of the Second Artillery Force, Beijing 100085, China; 3. Communication Navigation & Auto Command Institute, Air Force Equipment Academy, Beijing 100085, China; 4. The Second Artillery Force Equipment Academy, Beijing 100085, China |
| Abstract: | A thorough test for Web application programs can be beneficial to finding security vulnerabilities promptly and improving the security quality of Web application. This paper, firstly introduced the classification of Web application security threat and summarized common Web application security vulnerabilities. Then comprehensively surveyed the state of Web security testing technology research, respectively compared weaknesses and merits of the static technologies and the dynamic technologies. At the same time, it introduced and concluded in detail fuzzing, the new emerging technology in Web security testing. At last, This paper presented the problem to be solved and the future research direction. |
| Keywords: | Web application security vulnerabilities static analysis dynamic analysis fuzzing |
| 本文献已被 CNKI 万方数据 等数据库收录! | |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 | |
| 点击此处可从《计算机应用研究》下载全文 | |