RASP based Web security detection method
At present,the traditional Web security detection methods act on the input and output of the program,which can not prevent malicious code entering the program after being distorted and confused,and it is difficult to meet the new requirements of Web application security protection.Based on the in-de...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Beijing Xintong Media Co., Ltd
2020-11-01
|
| Series: | Dianxin kexue |
| Subjects: | |
| Online Access: | http://www.telecomsci.com/zh/article/doi/10.11959/j.issn.1000-0801.2020294/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | At present,the traditional Web security detection methods act on the input and output of the program,which can not prevent malicious code entering the program after being distorted and confused,and it is difficult to meet the new requirements of Web application security protection.Based on the in-depth analysis of the risk of traditional data flow monitoring methods,combined with the technical characteristics of rasp,a Web security detection method based on rasp was proposed.The rasp probe was embedded in the parameters of authority discrimination function,system command execution function and database operation function in Web application,and the change of data flow was detected in real-time at the code interpreter level.This method was implemented based on Java language.It was proved in the laboratory that this method is better than the traditional Web security detection method in accuracy and detection time.Finally,the deployment and application scenarios of this method were analyzed and proposed. |
|---|---|
| ISSN: | 1000-0801 |