中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 期刊论文
Subject: Computer Science
Title:
一种基于Web应用防火墙的主动安全加固方案
Alternative Title: web security enhancement scheme based on web application firewall
Author: 李莉 ; 翟征德
Keyword: Web应用防火墙 ; Web攻击 ; Web安全加固 ; 攻击防御
Source: 计算机工程与应用
Issued Date: 2011
Volume: 47, Issue:25, Pages:104-106
Indexed Type: CNKI ; CSCD ; WANFANG
Department: 安徽大学计算机教学部;中国科学院软件所信息安全国家重点实验室;
Abstract: 传统的Web应用防火墙(WAF)只能基于攻击特征对HTTP流量进行规则匹配,而无法检测对HTTP状态数据的窃取和篡改。提出WAF主动安全防御的思想,使得WAF可以深度介入到客户端与服务器的会话过程中采取主动性的安全机制来加固HTTP交互过程,给出了对抗会话劫持、HTTP隐藏按钮篡改、Cookie篡改攻击的安全加固算法,提高了WAF对于Web攻击的防护能力,增强了Web应用的整体安全性。
English Abstract: Traditional Web Application Firewalls(WAF)detect attacks are based on inner attack fingerprints and can not detect those kinds of status stealing and tamper.Active security based on WAF is proposed,which enables WAFs to participate in and enhance the security of the HTTP sessions between clients and servers.Security enhancement schemes to defend against HTTP session hijacking,hidden button value manipulation,cookie manipulation are explained.Those schemes can be used to enhance WAF defense ability and improve Web application security.
Language: 中文
Citation statistics:
Content Type: 期刊论文
URI: http://ir.iscas.ac.cn/handle/311060/16026
Appears in Collections:软件所图书馆_期刊论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
李莉,翟征德. 一种基于Web应用防火墙的主动安全加固方案[J]. 计算机工程与应用,2011-01-01,47(25):104-106.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[李莉]'s Articles
[翟征德]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[李莉]‘s Articles
[翟征德]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace