期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于操作劫持模式的Web攻击与防御技术研究 被引量:6

Study on Web Attack and Defense Technology based on Operation Jacking
原文传递
导出
摘要 Web攻击方式日新月异,从2006年开始到2010年,平均每年都会有几十种新的Web攻击方式出现。这其中不乏新的Web攻击概念,以及从旧的Web攻击概念中引申出的新攻击手法。因此深入研究和积极跟进Web攻击方式是有必要的。这里在详细分析了基于操作劫持模式的Web攻击技术发展历程的基础上,将其划分为3个技术发展阶段,并对每个阶段的技术原理、技术特点和危害程度进行了深入的研究,给出了两种抵御操作劫持攻击的技术方法,并对比了两种方法在防护效果上的差异。 Web attack develops with each passing day, and from 2006 to 2010, dozens of new Web attack occurs on an average a year, many of them have no lack of new Web attack concept, and some attacks are even derived from the old concept of Web attack. So it is necessary to carry out in-depth study on Web attack. With detailed analysis on Web attack development process based on hijacking operation mode, its technology development is divided into three stages, the technology and principles, technical characteristics and harm degree of each stage are explored in-depth. Two technical methods are given in resistance of the clickjacking attacks, and their differences in protection are compared.
作者 徐少培 姚崎
机构地区 北京天融信公司
出处 《信息安全与通信保密》 2011年第1期86-89,共4页 Information Security and Communications Privacy
关键词 WEB安全 点击劫持 拖放劫持 触摸劫持 Web security clickjacking drag& drop jacking tabjacking
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献6

  • 1Robert Lemos. Mobile Flaw Could Cloak Clicks[EB/LO]. [2010-08-17]. http://www.technologyreview.com/ communications/26057/.
  • 2Paul Stone. BlackHat-EU-2010-Stone-Next-Generation- Clickjacking-slides[EB/OL]. [2010-04-19]. http://www.contextis. co.uk/resources/white-papers/clickj acking/Context-Clickj acking_ white paper.pdf.
  • 3Zakas N C. Professional JavaScript for WebDevelopers[M]. 2ndEdition. USA: John Wiley&Sons, Inc, 2009.
  • 4IEblog. MSDN Blogs.ClickJackingDefenses[EB/OL]. [2009- 01-27]. http://blogs.msdn.com/b/ie/archive/2009/01/27/ieS- security-part-vii-clickjacking-defenses.aspx.
  • 5EricLaw. MSDN Blogs. Combating ClickJacking With X-Frame-Options[EB/OL]. [2010-03-30]. hnp://blogs.msdn.com/ b/ieinternals/archive/2010/03/30/combating-clickj acking-with- x-frame-options.aspx.
  • 6Collin Jackson. Busting Frame Busting: a Study of Clickjacking Vulnerabilities on Popular Sites[EB/OL]. [2010-06-25]. http:// seclab.stanford.edu/websec/framebusting/framebust.pdf.

同被引文献28

  • 1应东颍.Web威胁肆虐的年代 主动式防御引导2008年安全大局[J].信息网络安全,2008(2). 被引量:1
  • 2吴瀚清.白帽子讲Web安全[M].北京:电子工业出版社,2012.
  • 3zciii.跨域通信与实验[EB/OL].(2012-8-30)[2012-12-20].http://zciii.com/blogwp/crossdomain/.
  • 4STUTTARDD,PINTOM.黑客攻防技术宝典Web实战篇[M].石光耀等,译.北京:人民邮电出版社,2012.
  • 5淘宝支付前端.也来谈谈“完美”跨域[EB/OL].(2008-12-17)[2012-12-20].http://ued.alipay.com/wd/2008/12/17/.
  • 6SecurityXploded. Browser Password Decryptor[EB/OL]. (2011-5-19)[2012-12-30]. http: //securityxploded.com/ browser-password-decryptor.php.
  • 7SecurityXploded. Google Password Decryptor[EB/OL]. (2012-10-6)[2013-1-5]. http : //securityxploded. com/ googlepassworddecryptor.php.
  • 8SecurityXploded. IE Password Decryptor[EB/OL].(2011-3-19) [2012-12-25]. http: //securityxploded.com/iepassworddecryptor.php.
  • 9wxSQLite3, wxSQLite3 Source Code[EB/OL]. (2011-2-12) [2012-9-15]. http: //wxcode.sourceforge.net/components/wxsqlite3/.
  • 10CHRISTIAN KANAMUGIRE. A Client - Side Solution Against Session Hijacking Through Xss Attacks [ D ].长沙:中南大学,2012.

引证文献6

二级引证文献11

信息安全与通信保密
2011年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部