CAJ | 학술논문

当前,Web应用日益成为信息共享和资源发布的重要平台. 然而,根据开放式Web应用程序安全项目最新公布的2013十大安全漏洞,目前的Web应用正在面临着诸多安全挑战. 因此,在部署Web应用程序之前,对其进行安全性的渗透测试就显得尤为重要. 而自动化Web安全漏洞的渗透测试工具就成为了首选. 在本论文中,通过3款知名的漏洞扫描器对20个公开的可用web应用程序进行测试评估, 验证了Web应用程序中存在的安全缺陷. 对比3款扫描器的检测结果, 不同的扫描器会检测到不同类型的漏洞以及自动化扫描工具在对Web应用程序的漏洞检测方面的局限性.
당전,Web응용일익성위신식공향화자원발포적중요평태. 연이,근거개방식Web응용정서안전항목최신공포적2013십대안전루동,목전적Web응용정재면림착제다안전도전. 인차,재부서Web응용정서지전,대기진행안전성적삼투측시취현득우위중요. 이자동화Web안전루동적삼투측시공구취성위료수선. 재본논문중,통과3관지명적루동소묘기대20개공개적가용web응용정서진행측시평고, 험증료Web응용정서중존재적안전결함. 대비3관소묘기적검측결과, 불동적소묘기회검측도불동류형적루동이급자동화소묘공구재대Web응용정서적루동검측방면적국한성.
Currently, Web application are increasingly becoming an essential platform for information sharing and content distribution. However, Web Services have been facing with various security challenges, according to the TOP Ten 2013 released by Open Web Application Security Project. Thus, it is particularly important to perform security penetration testing for Web applications before they are deployed. As automated web vulnerability scanners become the first choice for penetration testing. In this paper, three well know vulnerability scanners have been used to identify security flaws in web applications by performing a evaluation for 20 publicly available web applications. It is observed that different scanners detect different types of vulnerabilities and the limitations of web vulnerability scanners on detecting security vulnerabilities in web services by comparing the results detected of 3 vulnerability scanners.