English  |  正體中文  |  简体中文  |  Items with full text/Total items : 51883/87052 (60%)
Visitors : 8460878      Online Users : 162
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/87756

    Title: 校園網頁應用程式安全之研究 : 以淡江大學為例
    Other Titles: A study of campus web application security : a case study of Tamkang University
    Authors: 詹益璋;Chan, Yi-Chang
    Contributors: 淡江大學資訊管理學系碩士班
    黃明達;Hwang, Ming-Dar
    Keywords: 網頁應用程式弱點;Web application vulnerabilities;校園資訊安全;網頁應用程式安全;Information Security of Campus;OWASP;Web Application Security
    Date: 2012
    Issue Date: 2013-04-13 11:41:06 (UTC+8)
    Abstract: 現今網頁應用程式應用相較於過去更加複雜,因此產生漏洞可能性也越大,本研究透過IBM的網頁應用程式弱點掃描軟體AppScan,針對淡江大學學術單位一、二級與一級行政單位,進行網頁應用程式的弱點掃描,研究目的有二,其一,透過弱點掃描之報告經過歸納整理後,找出學校內網頁應用程式最主要的弱點。其二,針對校內各單位目前之網頁應用程式弱點,提出網頁應用程式之弱點改善建議。
    本研究採用OWASP 2010十大弱點分類,與AppScan的弱點分類對照,針對校內的網頁應用程式弱點進行歸納整理,並利用AppScan的掃描報告,將AppScan所提出的弱點改善建議提供給各單位,讓各單位了解本身的網頁應用程式弱點概況,也在改善網頁應用程式弱點時能有依據。
    本研究發現目前淡江大學校內網頁應用程式弱點,以OWASP 2010十大弱點分類排名前四名依序為注入弱點風險(Injection)、遭破壞的鑑別與連線管理(Broken Authentication and Session Management)、跨站請求偽造(Cross Site Request Forgery)與跨腳本攻擊(Cross Site Scripting(XSS)),此四種弱點佔了校內網頁應用程式弱點超過89%。因此若針對此四種網頁應用程式弱點改善,將能有效改善校內網頁應用程式的安全。
    The web applications today use more complex, resulting the safety problem in a greater danger. In this study, by IBM’s web application vulnerability detection software AppScan, we aim at the Tamkang University primary and secondary academic unit and primary administrative unit to do our web application scanning. There are two purposes in this study. First, by the report of the vulnerability detection, we can identify the major weakness of web applications in Tamkang University. Second, improve the existing weakness of web applications in Tamkang University.
    In this study, we contrast the OWASP 2010 Top Ten weakness with AppScan''s vulnerability classification. Found Tamkang University campus to the current the OWASP rank the top four in order to inject, Broken authentication and session management, Cross site request forgery and Cross site scripting four weaknesses.For this four weaknesses to improve, we can effectively improve the safety of the campus web applications.
    Appears in Collections:[資訊管理學系暨研究所] 學位論文

    Files in This Item:

    File SizeFormat

    All items in 機構典藏 are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback