Web代码安全人工审计内容的研究

A Study of Web Artificial Code Security Audit

Web系统的大量应用,各种安全事故频发,除了操作系统的安全漏洞以外,web系统的代码在编制的时候,不良的编码习惯、对操作过程中在代码中显露出安全重视不够等因素,导致系统在生产线中存在或大或小的隐患。web系统上线之前,系统一般会进行白盒、黑盒测试,但是并不能保障足够的安全,还应对代码和运行环境等进行详细的人工审计,可以大大减少安全事故。

Web system are commonly applicated in many enterprises, frequent accidents of all kinds of security are occured, in addition to the security bugs of the operating system, during programming, poor coding practices, exhibited in the operation code factors such as insufficient attention to safety, causing the system to present on the production line or greater or lesser risk. Generally web system should make the white box and black box testing, but does not guarantee adequate security. This article before the detailed manual audit code and runtime environment, can significantly reduce safty problem.