| 一种针对Web电子邮件的攻击方法研究 |
| |
| 引用本文: | 宋琦,施勇,薛质.一种针对Web电子邮件的攻击方法研究[J].信息安全与通信保密,2009(10):99-101. |
| |
| 作者姓名: | 宋琦 施勇 薛质 |
| |
| 作者单位: | 上海交通大学信息安全工程学院,上海,200240 |
| |
| 摘 要: | 随着互联网的发展和各种Web服务的普及,Web安全问题日益凸显。作为一种常见的Web服务,Web电子邮件承担了互联网传输信息载体的重要作用,因此其安全性也越来越受到关注。文中首先研究了Phishing攻击和跨站脚本攻击这两种目前主要的Web客户端的攻击方法,并在此基础上提出了一种针对Web电子邮件服务的攻击方法,详细分析了该方法的实现原理,并将其与主要的Web客户端攻击方法做了比较,同时提出了针对该攻击方法的防范措施。
|
| 关 键 词: | Web安全 Phishing攻击 跨站脚本 Web邮件 安全防范 |
Research on An Attack Method Aiming at Web Email |
| |
| SONG Qi,SHI Yong,XUE Zhi.Research on An Attack Method Aiming at Web Email[J].China Information Security,2009(10):99-101. |
| |
| Authors: | SONG Qi SHI Yong XUE Zhi |
| |
| Affiliation: | (Department of Information Security, Shanghai Jiaotong University, Shanghai 200240, China) |
| |
| Abstract: | With the development of internet and popularity of various Web services, Web security is becoming more and more important. As a usual Web service, Web mail plays an important role as carrier for transporting information in internet, and thus its security attracts more and more attention. Based on research of client-oriented Web attacking methods such as phishing and XSS, this paper proposes a modified attacking method aiming at Web Email services. It also makes a detail analysis of its implementation, gives comparison of these methods and suggests some defending measures for avoiding this attacking method. |
| |
| Keywords: | Web security phishing XSS Web email security defense |
| 本文献已被 维普 万方数据 等数据库收录! |
|
