期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

Web应用系统信息安全漏洞利用技术研究 被引量:1

Research on Information Security Vulnerability Exploit Technology of Web Application System
下载PDF
导出
摘要 Web应用系统是使用最广泛的网络应用系统,针对这种系统的攻击活动也不断地增加。首先,介绍了当前计算机网络应用系统面临的主要信息安全问题;其次,分别根据威胁类型和漏洞利用的位置对Web应用系统存在的信息安全漏洞进行了分类;然后,分析了常规网络应用系统信息安全漏洞的形成原理并给出了具体的利用方法;最后,介绍了自动化的漏洞利用技术。 Web application system is the most widely used Internet application system, and the attacks against the system are increasing. Firstly, the major information security issues faced by computer network application system are introduced. Secondly, the information security vulnerabilities existing in Web application system are classified according to threat type and the position of vulnerability exploitation respectively. Thirdly, the formation principle of the information security vulnerability in the conventional network application system is analyzed and the specific exploitation methods are presented. Finally, the automated exploit technology is described and the whole article is summarized.
作者 万紫骞 吴波
机构地区 工业和信息化部电子第五研究所
出处 《电子产品可靠性与环境试验》 2015年第6期30-33,共4页 Electronic Product Reliability and Environmental Testing
关键词 信息安全 漏洞利用 漏洞分析 网络攻击 information security vulnerability exploit vulnerability analysis network attack
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献9

  • 1RODRIGUEZ C, MARTINEZ R. The growing hacking threat to websites: an ongoing commitment to web applica- tion searit [ R/OL] . ( 2012 -09 -05) [ 2015 -12 -04] https: //www.htbridge.com/blog/the growing hacking threat to websites an ongoing commitment_towebapplication_ sewrity.html. CENZIC Corporation.
  • 2Cenzic application security trends re- port 2014 [R/OL] . (2014-11-01) [2015-12-04] http: //www.cenzic.com/downloads/Cenzic_Vulnerability _Report_2014.vdf.
  • 3TESTA, ALBERTO Gustavo Solino. System and method for providing application penetration testing: U S 8484738[P/ OL]. 2013 -07 -09 [2015 -12 -04]https :www.google.com/ patents~US 8484738.
  • 4COTRONEO, Domenico. Innovative technologies for De- pendable OTS-based critical systems [ M] Berlin: Springer, 2013: 145-157.
  • 5NILSOM G, WILLS K, STUCKMAN J, et ol. BugBox: A vulnerability corpus for PHP Web applications [C] //(;SET, 2013.
  • 6SAJJADI, S M S, POUR BT. Study of SQL injection at- tacks and countermeasures [ J] . International Journal of Computer and Communication Engineering, 2013, 2 (5) : 539-542.
  • 7王明华,应凌云,冯登国.基于异常控制流识别的漏洞利用攻击检测方法[J].通信学报,2014,35(9):20-31. 被引量:9
  • 8吴伟民,郭朝伟,黄志伟,苏庆,陈秋伟.基于Windows的结构化异常处理漏洞利用技术[J].计算机工程,2012,38(20):5-8. 被引量:5
  • 9倪涛,叶星.写任意内存模式内核漏洞提权利用技术研究[J].信息工程大学学报,2014,15(2):232-236. 被引量:3

二级参考文献36

  • 1夏一民,罗军,张民选.基于静态分析的安全漏洞检测技术研究[J].计算机科学,2006,33(10):279-282. 被引量:29
  • 2王彤彤,韩文报,王航.基于安全需求的软件漏洞分析模型[J].计算机科学,2007,34(9):287-289. 被引量:5
  • 3Berre S. Bypassing SEHOP[EB/OL]. (2009-09-09). http://www. exploit-db.com/download_pdf/15379/.
  • 4Anley C, Heasman J. The Shellcoder’s Handbook——Discovering and Exploiting Security Holes[M]. 2nd ed. New York, USA: Wiley Publishing Inc., 2007.
  • 5Williams C C, Hollingsworth J K. Automatic Mining of Source Code Repositories to Improve Bug Finding Techniques[J]. IEEE Trans. on Software Engineering, 2005, 31(6): 466-480.
  • 6Wang T, Wei T, Gu G, et al. Checksum-aware fuzzing combined with dynamic taint analysis and symbolic execution[ J]. ACM Transactions on Information and System Security (TISSEC) , 2011, 14(2) : 15.
  • 7Li C, Wei Q, Wang Q. RankFuzz: Fuzz Testing Based on Comprehensive Evaluation[ C]//Proceedings of Multimedia Infor- mation Networking and Security (MINES). 2012: 939-942.
  • 8HowardM,LipnerS.软件安全生命开发周期[M].北京:电子工业出版社,2008:3-10.
  • 9Tian D, Zeng Q, Wu D, et al. Kruiser: Semi-synchronized Non-blocking Concurrent Kernel Heap Buffer Overflow Monitoring [ C]//Proceedings of the 18th Annual Network and Distributed System Security Symposium(NDSS). 2012:536-542.
  • 10Zeng Q, Wu D, Liu P. Cruiser: Concurrent heap buffer overflow monitoring using lock-free data structures[ C ]//Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation. 2011:367-377.

共引文献14

同被引文献9

引证文献1

二级引证文献2

电子产品可靠性与环境试验
2015年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部