摘要
研究了环境错误与状态错误引发Web应用软件安全问题的途径,在此基础上提出了一种用于进行Web应用软件安全漏洞分类的层次分析模型。使用该模型对CVE漏洞数据库中抽取的Web软件安全漏洞进行了分类,并与使用EAI模型分类的结果做了对比。评估结果表明,该模型具备良好的漏洞分类能力,适用于指导Web应用软件的安全测试和安全防御工作。
This paper studies how the environmental fault and states fault cause the security problems of Web application,and describes a taxonomy model using analytic hierarchy process for classifying security flaws of Web application.Then design an experiment to apply the taxonomy model to classify 152 security flaws from the CVE security flaw database,and compare the classification results with that of using EAI model to classify security flaws.The results of the experiment reveals that the taxonomy model is effective and applicable to the security testing and defending of Web-based application.
出处
《计算机工程与应用》
CSCD
北大核心
2009年第25期10-14,20,共6页
Computer Engineering and Applications
基金
国家部委项目