B/S应用系统上线前的安全性测试研究与实施Research and Implementation of Safety Test for Browser/Server Application System Before Operation
孙歆,张闻
SUN Xin,ZHANG Wen(Zhejiang Electric Power Test and Research Institute
摘要(Abstract):
应用系统的安全性越来越受到重视,不少企业在应用系统上线之前都要进行安全性测试,但测试方法不尽相同,且缺乏可参照的标准。介绍针对B/S结构应用系统上线前的安全性测试方法和流程,该方法已在浙江省电力企业实施,具有较大实际应用价值。
As more and more importance is attached to the safety of application systems,many enterprises perform the safety tests before the system operation with different methods.However,the problem is the lack of standards.This paper introduces the method and flow of the safety test for Browser/Server(B/S) application system before operation.This method has been used in the electric power enterprises in Zhejiang and is of high application value.
关键词(KeyWords):
安全性测试;B/S应用安全;渗透测试
safety test;Browser/Server application safety;penetration test
基金项目(Foundation):
作者(Author):
孙歆,张闻
SUN Xin,ZHANG Wen(Zhejiang Electric Power Test and Research Institute
DOI: 10.19585/j.zjdl.2011.06.014
参考文献(References):
- 中国信息安全测评中心.Web系统安全和渗透性测试基础[M].北京:航空工业出版社,2009.
- 刘述景.基于风险评估的渗透测试方案的研究与实施[D].北京邮电大学,2009.
- 杨广华,齐璇,施寅生.基于威胁模型的软件安全性测试[J].计算机安全,2010(02):11-13.
- 施寅生,邓世伟,谷天阳.软件安全性测试方法与工具[J].计算机工程与设计,2008,29(01):27-30.
- 刘文晋.远程渗透测试中的SQL注入攻击技术研究[D].北京交通大学,2009.
- MICHAEL CROSS,STEVEN KAPINOS.Web ApplicationVulnerabilities Detect,Exploit,Prevent[M].Syngress,2007.
- JUSTIN CLARKE,SQL Injection Attacks and Defense[M].Syngress,2009.
- JEREMIAH GROSSMAN,XSS Attacks Exploits and De-fense[M].Syngress,2007.
- ANURAG AGARWWAL,OWASP Testing Guide[S].OWASP,2008.