English  |  正體中文  |  简体中文  |  Items with full text/Total items : 52047/87178 (60%)
Visitors : 8719192      Online Users : 124
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/52140

    Title: 網頁應用程式原始碼弱點分析之研究 : 以淡江大學為例
    Other Titles: Source code vulnerability analysis study of web application : a case study of Tamkang university
    Authors: 蔡震天;Tsai, Chen-tien
    Contributors: 淡江大學資訊管理學系碩士班
    Keywords: 網頁應用程式安全;原始碼檢測;網頁弱點;Web Application Security;Source Code Analysis;Web Vulnerability
    Date: 2010
    Issue Date: 2010-09-23 16:54:38 (UTC+8)
    Abstract: 根據IBM Internet Security Systems 2009年 「X-Force年中安全趨勢與風險評估報告」中指出在 2009 年上半年間,X-Force 共分析並記錄 3,240 筆弱點,其中有50.4%是網頁應用程式弱點,然而從2006年至2009年,每年均有高達6,000多筆以上新弱點被揭露,但2009年上半年統計卻有49%已知弱點尚未進行修補。目前網頁應用程式主要有兩種弱點檢測手法:原始碼檢測(Source Code Analysis)與弱點掃描(Vulnerability Assessment),弱點掃描可從駭客角度實際對系統進行測試,但卻有高漏報率、低準確性與無法明確指出原因等特性,且模擬攻擊的行為可能直接影響資料庫造成運行不便。而原始碼檢測則是最基本的網頁應用程式稽核方式,也是可以找出最多網頁弱點的檢測類型,並可直接指出原始碼弱點處,易於改善。
    According to IBM Internet Security Systems 2009 "X-Force security trends in the risk assessment report" in the first half of 2009, the total record of 3,240 document analysis and weaknesses, among 50.4% were web application vulnerabilities; however, during 2006 to 2009, each year up to more than 6,000 new vulnerabilities were discovered. Solely in the first half of 2009, there are 49% of known vulnerabilities yet to be repaired .Currently, there are two web application techniques for vulnerability detection: Source Code Analysis and Vulnerability Assessment, while the Source Code Analysis is the basic model, which is able to identify most types of Web vulnerability detection and is able to direct the easy way to improve weaknesses Department.
    This research contains the collected web application source code of some departments in Tamkang University. By conducting source code analysis and vulnerability assessment could further resolve the aftermath of vulnerable exploitation. The dedication of this study is discovering web application vulnerability proportion among campus. The distribution on web application vulnerability includes 15.04% of Cross-Site Scripting, 14.75% of Cross-Site Request Forgery, 3.7% of Injection Flaw, 3.67% of Leakage and Improper Error Handling, 2.82% of Insecure Cryptographic Storage and other vulnerability which can’t be classified into that of OWASP. With a view to make the best of Source Code Analysis software installed by Tamkang University Centre, we perform a series of vulnerability detection and resolution process by working with information security think-tank on campus. Through the operation of this process, the results can be used as a reference for future web security improvement. In addition, for the most serious weaknesses of the categories, our research has come up with a total of 6 groups overall 13 solutions. Hopefully, in the future it will help to reduce the potential weaknesses.
    Appears in Collections:[資訊管理學系暨研究所] 學位論文

    Files in This Item:

    File SizeFormat

    All items in 機構典藏 are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback