互联网企业Web系统易忽视漏洞分析  被引量:5

Analysis on the Vulnerability of Internet Enterprise Web System to Being Easily Lgnored

在线阅读下载全文

作  者:潘志岗 Pan Zhigang(School of Computer Science and Engineeing,Beihang University,Beijing 100191)

机构地区:[1]北京航空航天大学计算机学院

出  处:《信息安全研究》2020年第2期181-187,共7页Journal of Information Security Research

摘  要:随着数字产业的快速发展,互联网企业的数量逐年增长.相比于其他类型的企业,互联网企业的一个显著特征是主体业务基于大量Web系统,因此Web系统的高安全性在互联网企业中尤为重要.Web系统通过丰富的功能给用户带来便捷的同时也引入了许多安全问题,尤其是近些年频繁发生的用户隐私信息泄露事件,起因大多来源于Web系统的安全缺陷.越来越多的互联网企业开始建设安全应急响应中心,通过各方的安全力量对企业系统进行安全测试和评估,进行安全漏洞的收集和处理,由此可见现代互联网企业对于安全的重视不断提高.基于Web系统的安全现状,通过分析归纳3类互联网企业中易被忽略的典型漏洞,并给出相应的解决办法,以提高互联网企业Web系统的安全性,保障用户信息安全.With the rapid development of the digital industry,the number of Internet companies has increased year by year.Compared with other types of enterprises,a significant feature of Internet companies is that the main business is based on a large number of Web systems,so the high security of Web systems is particularly important in Internet companies.Web systems bring convenience to users through rich functions,and also introduce many security issues,especially the leakage of user privacy information that have occurred frequently in recent years,mostly due to security flaws in Web systems.More and more Internet companies have begun to build security emergency response centers to conduct security testing and evaluation of enterprise systems through the security forces of all parties,and to collect and handle security vulnerabilities.It can be seen that modern Internet companies have given increasing attention to security.Based on the security status of the Web system,the typical vulnerabilities that are easily overlooked in the three types of Internet companies are analyzed and summarized,and corresponding solutions are provided to improve the security of the Web systems of Internet companies and ensure user information security.

关 键 词:WEB安全 渗透测试 跨站请求伪造 跨域资源共享 JSON劫持 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象