摘要
Web技术在网络上的广泛应用,使得Web网站系统时刻都在遭受着各种攻击与入侵,网络上越来越泛滥的各种垃圾邮件、网络欺诈或诱骗钓鱼软件及盗号木马程序更加剧了网络用户在进行安全防护方面的困难,Web应用安全面临的问题与挑战日益严峻。针对当前常见的SQL注入与溢出、ASP攻击与破坏,列举Web应用程序不同的入侵漏洞及造成的危害程度,详细分析了应用程序代码存在的不足及防范措施,从代码设计上提出解决漏洞修补的安全技术与方法,总结出一套完整的Web应用防攻击解决方案,得出在Web应用漏洞方面防御时重点关注的几项关键内容,确保整个网络应用服务系统的安全运行。
Web technology is widely used on network, Web thus always suffers from a variety of attacks and intrusions, and, Web application increasingly faces serious security problems and challenges. In light of SQL injection and overflow, ASP attack and destruction, various intrusion loopholes of and their resulted harms on Web application are cited, shortcomings of the application code and preventive measures are analyzed in detail, and the technologies and measures to solve these problems are proposed, Thus a complete solution in resistance of attacks against Web application and for ensuring safe operation of the system is achieved.
出处
《信息安全与通信保密》
2011年第2期58-60,63,共4页
Information Security and Communications Privacy
