| Web应用中代码注入漏洞的测试方法 |
| |
| 引用本文: | 朱辉,沈明星,李善平.Web应用中代码注入漏洞的测试方法[J].计算机工程,2010,36(10):173-175. |
| |
| 作者姓名: | 朱辉 沈明星 李善平 |
| |
| 作者单位: | 浙江大学计算机科学与技术学院,杭州,310027 |
| |
| 摘 要: | 研究Web应用中的代码注入漏洞,总结分析该类漏洞的特征,修正并扩展其定义,把漏洞的产生原因归纳为2类编码错误。提出一套通过识别2类编码错误发现Web应用中代码注入漏洞的测试方法。实验结果证明,该方法可减少测试工作量,能全面有效地测试Web应用中的代码注入漏洞和潜在的风险点。
|
| 关 键 词: | Web应用 代码注入 漏洞测试 |
Test Method on Code Injection Vulnerabilities of Web Application |
| |
| ZHU Hui,SHEN Ming-xing,LI Shan-ping.Test Method on Code Injection Vulnerabilities of Web Application[J].Computer Engineering,2010,36(10):173-175. |
| |
| Authors: | ZHU Hui SHEN Ming-xing LI Shan-ping |
| |
| Affiliation: | (College of Computer Science and Technology, Zhejiang University, Hangzhou 310027) |
| |
| Abstract: | This paper studies the code injection vulnerabilities of Web application, modifies and expands the definition of this kind of vulnerabilities with summarizing and analyzing the features of them, and transforms the causes of vulnerabilities into two kinds of coding errors to present a new test method based on testing the two kinds of coding errors. Experimental result shows that the test method can test all the code injection vulnerabilities of Web application effectively with less test workload. |
| |
| Keywords: | Web application code injection vulnerability test |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
