摘要
网站日益受到黑客的青睐,针对Web应用程序的攻击事例屡见不鲜。如何全面、准确地分析网站面临的最大威胁成为专业信息安全公司和网站管理员的不可回避的难题。本论文借鉴攻击图的基本思想设计了漏洞威胁测试模型(VTTM),并以SQL注入漏洞为例对其进行建模,并利用两种算法分别计算了网站的最大威胁值及最优测试序列。
Now,there are more hackers who are interested in websites than before,web-attacking becomes common in recent years.It's quite a difficult problem for Information Security companies and web administrators to find a way to analyse the biggest threat to a website entirely and accurately.This article has designed Vulnerability Threats Testing Model(VTTM)which is based on the basis of Attack Graph,taking SQL Injection for example to construct its model and introducing two algorisms to calculate the biggest threat value and the best testing sequence respectively.
出处
《微型电脑应用》
2008年第5期56-58,6,共3页
Microcomputer Applications
关键词
渗透测试
攻击图
SQL
注入
贪婪算法
动态规划
Penetration test
Attack graph
SQL Injection
Greedy algorism
Dynamic programming
