A thorough test for Web application programs can be beneficial to finding security vulnerabilities promptly and improving the security quality of Web application. This paper firstly introduced the classification of Web application security threat and summarized common Web application security vulnerabilities. Then it comprehensively surveyed the state of Web security testing technology research, respectively compared weaknesses and merits of the static technologies and the dynamic technologies. At the same time, it introduced and concluded the detail of fuzzing, which was the new emerging technology in Web security testing. At last, this paper presented the problem to be solved and the future research direction.%对Web应用程序进行有效彻底的测试是及早发现安全漏洞、提高Web应用安全质量的一种重要手段.首先介绍了Web应用安全威胁分类,总结了常见的Web应用安全漏洞;然后对当前Web安全性测试技术的研究进行了全面概述,比较了静态技术和动态技术各自的优缺点,同时对在Web安全性测试中新兴涌现的模糊测试技术进行了详细的介绍和总结;最后指出了Web安全测试中有待解决的问题以及未来的研究方向.
展开▼
机译:Rapporti IsTIsaN 11/30:ETHICsWEB技术指南:创建关于道德和科学知识组织系统信息的标准和指南的手册。 (指南tecniche di ETHICsWEB.manuale per la creazione di standard e linee guida per la condivisione di informazioni sui sistemi per l'organizzazione della conoscenza in etica scienza)