摘要
随着Web应用程序特别是Web2.0应用的日益广泛,针对Web应用程序的恶意代码开始大肆传播,成为网络安全的重大威胁。本文首先介绍了目前Web应用程序面临的威胁状况,然后讨论了Web应用程序客户端恶意代码技术以及Web浏览器的漏洞研究和利用技术,最后对Web应用程序客户端恶意代码技术的发展趋势进行了展望,并给出了Web应用程序客户端安全的加固策略。
Web application and in particular Web 2.0 application gains more and more popularity nowadays, while malicious codes are now targeting more at Web application. In this paper, we provide a detailed overview of threats to Web application at first and then turn to the discussion on malicious scripts at the client-side of Web application, which includes the history, variation and upgrade of XSS, JavaScript function hook technology at runtime and the new trends of client-side malicious scripts in the context of Web 2.0 application. The Web browser's vulnerability discovery and exploit related technologies are also introduced. At last, we predict the future development of client-side malicious code of Web application and give some advices on the security enhancements of Web application client-side.
出处
《电信科学》
北大核心
2009年第2期72-79,共8页
Telecommunications Science
基金
国家"863"计划基金资助项目(No.2007AA01Z466和No.2008AA011004)
