摘要
[目的/意义]通过Web应用安全风险的量化评估,提高图书馆行业对Web应用安全的关注度和防范意识。[方法/过程]利用个案研究法,参照QWASPTop10漏洞风险评估标准,对东北财经大学图书馆网络中部署的各类Web站点和Web程序安全风险进行定量分析和评估。[结果/结论]图书馆Web应用暴露的风险数量多,威胁程度高,图书馆Web应用安全风险存在普遍性和严重性。图书馆应从重视Web应用安全意识、让数据商主动承担Web应用安全责任、建立Web应用安全评估机制、实施一体化Web应用风险防控措施等方面预防和应对图书馆Web应用安全风险。
[Purpose/significance]The paper is to increase the attention and guard consciousness of the Web application security for library industry through the quantitative evaluation of the Web application security risk.[Method/process]The paper uses case study method and refers to QWASP Top10 vulnerability risk assessment standard to quantitatively analyze and evaluate the security risks of various Web sites and Web programs deployed in the library network of Dongbei University of Finance and Economics.[Result/conclusion]The risks exposed in library Web applications are large in number and high in threat.The security risks of libraries’Web applications exists universality and seriousness.Libraries should prevent and deal with the security risks of libraries’Web applications from such aspects as attaching importance to the security awareness of Web applications,letting the data providers take the initiative to assume the security responsibilities of Web applications,establishing the security assessment mechanism of Web applications,and implementing the integrating risk prevention and control measures of Web applications.
作者
李荣
李双
Li Rong;Li Shuang(Dongbei University of Finance and Economics Library,Dalian Liaoning 116025)
出处
《情报探索》
2019年第10期70-77,共8页
Information Research
关键词
WEB应用安全
风险
漏洞
图书馆
网络安全
信息安全
web application security
risk
vulnerability
library
network security
information security