摘要
Web服务的应用越来越广泛,Web服务中的安全缺陷与漏洞也在不断增多,Web服务安全性问题日益突出。Web服务安全性测试是保证Web服务软件安全性、降低安全风险的重要手段。本文提出了一种Web服务安全性测试框架,论述了Web服务主要的安全功能需求、实现标准及实施安全功能测试的一般原理,并从攻击Web服务的角度对Web服务安全漏洞测试进行了系统介绍,分析了Web服务常见的安全漏洞及测试方法。
Web services are applied more and more widely. The security flaws and vulnerabilities in Web services are growing. Web services security have become increasingly prominent. Web services security testing is an important means to ensure Web services security and decrease security risks. This paper presents a Web services security testing framework, and investigates the main security function requirements and implementation standards of Web services. It also discusses the principle of implementing security function testing. From the perspective of Web services attacking, it discusses the Web services security vulnerability testing,and analyzes the test methods for the common vulnerabilities.
出处
《计算机工程与科学》
CSCD
2007年第10期11-13,28,共4页
Computer Engineering & Science
