期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

B/S应用系统上线前的安全性测试研究与实施 被引量:3

Research and Implementation of Safety Test for Browser/Server Application System Before Operation
下载PDF
导出
摘要 应用系统的安全性越来越受到重视,不少企业在应用系统上线之前都要进行安全性测试,但测试方法不尽相同,且缺乏可参照的标准。介绍针对B/S结构应用系统上线前的安全性测试方法和流程,该方法已在浙江省电力企业实施,具有较大实际应用价值。 As more and more importance is attached to the safety of application systems,many enterprises perform the safety tests before the system operation with different methods.However,the problem is the lack of standards.This paper introduces the method and flow of the safety test for Browser/Server(B/S) application system before operation.This method has been used in the electric power enterprises in Zhejiang and is of high application value.
作者 孙歆 张闻
机构地区 浙江省电力试验研究院
出处 《浙江电力》 2011年第6期49-52,共4页 Zhejiang Electric Power
关键词 安全性测试 B/S应用安全 渗透测试 safety test Browser/Server application safety penetration test
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献7

  • 1刘述景.基于风险评估的渗透测试方案的研究与实施[D].北京邮电大学,2009.
  • 2杨广华,齐璇,施寅生.基于威胁模型的软件安全性测试[J].计算机安全,2010(2):11-13. 被引量:2
  • 3施寅生,邓世伟,谷天阳.软件安全性测试方法与工具[J].计算机工程与设计,2008,29(1):27-30. 被引量:21
  • 4MICHAEL CROSS,STEVEN KAPINOS.Web Application Vulnerabilities Detect, Exploit, Prevent[ M ].Syngress, 2007.
  • 5JUSTIN CLARKE,SQL Injection Attacks and Defense[ M ]. Syngress, 2009.
  • 6JEREMIAH GROSSMAN,XSS Attacks Exploits and De- fense[ M ].Syngress, 2007.
  • 7ANURAG AGARWWAL, OWASP Testing Guide [ S ]. OWASP, 2008.

二级参考文献13

  • 1龚嘉宇,李宣东,郑国梁.UML时间顺序图的可达性分析[J].计算机科学,2005,32(6):169-175. 被引量:5
  • 2B.Potter,G.McGraw.Software security testing[J].Security and Privacy Magazine,IEEE.2004.2(5):81-85.
  • 3J.Pauli,D.Xu.Threat-Driven Architectural Design of Secure Information Systems,In Proceeding of First International Workshop on Protection by Adaptation,2005.
  • 4WANG LinZhang,Eric WONG,XU DianXiang.A threat model driven approach for security testing[C].proceedings of the 29th International Conference on Software Engineering Workshop,2007.
  • 5[1]Gary McCrraw,Bruee Potter.Soil-ware security testing[J].IEEE Security & Privacy,2004,2(5):81-85.
  • 6[2]David P Gilliam,John D Powell,Matt Bishop.Application of lightweight formal methods to software security[C].Linkoping,Sweden:Proc 14th IEEE International Workshops on Enabling Technologies,2005:160-165.
  • 7[4]Ramaswamy Chandramouli,Mark Blackburn.Automated testing of security functions using a combined model and interface-driven approach[C].Big Island,HI,USA:Proc 37th Hawaii Inter-national Conference on System Sciences,2004:5-8.
  • 8[5]Oded Tal,Scott Knight,Tom Dean.Syntax-based vulnerability testing of frame-based network protocols[C].Fredericton,New Brunswick,Canada:Proc Second Annual Conference on Privacy,Security and Trust,2004:155-160.
  • 9[6]Du Wenliang,Mathur A P.Vulnerability testing of software sys-tem using fault injection[R].Coast TR 98-02,1998.
  • 10[7]Du Wenliang,Aditya P Mathur.Testing for software vulnerability using environment perturbation[C].New York:Proc in Int Conf on Dependable Systems and Networks,2000:603-612.

共引文献21

同被引文献8

引证文献3

二级引证文献5

浙江电力
2011年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部