计算机工程 ›› 2010, Vol. 36 ›› Issue (10): 173-175.doi: 10.3969/j.issn.1000-3428.2010.10.059

• 安全技术 • 上一篇    下一篇

Web应用中代码注入漏洞的测试方法

朱 辉,沈明星,李善平   

  1. (浙江大学计算机科学与技术学院,杭州 310027)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2010-05-20 发布日期:2010-05-20

Test Method on Code Injection Vulnerabilities of Web Application

ZHU Hui, SHEN Ming-xing, LI Shan-ping   

  1. (College of Computer Science and Technology, Zhejiang University, Hangzhou 310027)
  • Received:1900-01-01 Revised:1900-01-01 Online:2010-05-20 Published:2010-05-20

摘要: 研究Web应用中的代码注入漏洞,总结分析该类漏洞的特征,修正并扩展其定义,把漏洞的产生原因归纳为2类编码错误。提出一套通过识别2类编码错误发现Web应用中代码注入漏洞的测试方法。实验结果证明,该方法可减少测试工作量,能全面有效地测试Web应用中的代码注入漏洞和潜在的风险点。

关键词: Web应用, 代码注入, 漏洞测试

Abstract: This paper studies the code injection vulnerabilities of Web application, modifies and expands the definition of this kind of vulnerabilities with summarizing and analyzing the features of them, and transforms the causes of vulnerabilities into two kinds of coding errors to present a new test method based on testing the two kinds of coding errors. Experimental result shows that the test method can test all the code injection vulnerabilities of Web application effectively with less test workload.

Key words: Web application, code injection, vulnerability test

中图分类号: