计算机工程与应用 ›› 2009, Vol. 45 ›› Issue (25): 10-14.DOI: 10.3778/j.issn.1002-8331.2009.25.004

• 博士论坛 • 上一篇    下一篇

一种Web软件安全漏洞分类方法

杜经农,卢炎生   

  1. 华中科技大学 计算机科学与技术学院,武汉 430074
  • 收稿日期:2009-05-05 修回日期:2009-06-18 出版日期:2009-09-01 发布日期:2009-09-01
  • 通讯作者: 杜经农

Taxonomy of Web-based application vulnerabilities

DU Jing-nong,LU Yan-sheng   

  1. College of Computer Science and Technology at Huazhong University of Science and Technology,Wuhan 430074,China
  • Received:2009-05-05 Revised:2009-06-18 Online:2009-09-01 Published:2009-09-01
  • Contact: DU Jing-nong

摘要: 研究了环境错误与状态错误引发Web应用软件安全问题的途径,在此基础上提出了一种用于进行Web应用软件安全漏洞分类的层次分析模型。使用该模型对CVE漏洞数据库中抽取的Web软件安全漏洞进行了分类,并与使用EAI模型分类的结果做了对比。评估结果表明,该模型具备良好的漏洞分类能力,适用于指导Web应用软件的安全测试和安全防御工作。

关键词: Web应用软件, 安全漏洞, 分类模型

Abstract: This paper studies how the environmental fault and states fault cause the security problems of Web application,and describes a taxonomy model using analytic hierarchy process for classifying security flaws of Web application.Then design an experiment to apply the taxonomy model to classify 152 security flaws from the CVE security flaw database,and compare the classification results with that of using EAI model to classify security flaws.The results of the experiment reveals that the taxonomy model is effective and applicable to the security testing and defending of Web-based application.

Key words: Web-based application, security flaw, taxonomy model

中图分类号: