节点文献
基于静态代码分析的JSP安全漏洞检测系统的研究与设计
Research and Design of JSP Security Vulnerabilities Detection System Based on Static Source Code Analysis
【Author】 Bo ZHAO~1,Miao ZHANG~2,Shaozhang NIU~3 1.Information Security Center,Beijing University of Posts and Telecommunications,Beijing,China,100876 2.Information Security Center,Beijing University of Posts and Telecommunications,Beijing,China,100876 3.School of Computer Science,Beijing University of Posts and Telecommunications,Beijing,China,100876
【机构】 北京邮电大学信息安全中心; 北京邮电大学计算机学院;
【摘要】 本文在研究JSP安全问题的基础上,设计了一种基于静态代码分析的JSP安全漏洞检测系统。该系统在分析源代码的同时可直接处理可执行文件,利用语言识别和静态代码分析,匹配安全规则,报告JSP应用中的安全漏洞。该系统在架构和性能等方面相比常用代码分析工具有所改进。
【Abstract】 Based on studying JSP security problems,this paper designs a JSP security vulnerability detection system based on static source code analysis.The system can analyze executive files as well as source code,do language recognizing and static source code analyzing,match security rules,and finally report the security vulnerabilities in the JSP application.The system has improvements in structure and performance compared with other commonly used tools.
【Key words】 JSP security; static source code analysis; language recognition; security vulnerabilities detection;
- 【会议录名称】 2011年通信与信息技术新进展——第八届中国通信学会学术年会论文集
- 【会议名称】“智慧城市和绿色IT”2011年通信与信息技术新进展——第八届中国通信学会学术年会
- 【会议时间】2011-11-02
- 【会议地点】中国湖北武汉
- 【分类号】TP309
- 【主办单位】中国通信学会、湖北省通信管理局