• • 上一篇    下一篇

常见源代码安全漏洞分析与研究

朱圣才%徐御%王火剑   

  • 基金资助:
    国家科技支撑计划(H50B02)

Common Source Code Vulnerability Analysis and Research

ZHU Sheng-cai%XU Yu%WANG Huo-jian   

  • About author:上海市信息安全测评认证中心,上海,200011%浙江省公安厅网警总队,浙江杭州,310009

摘要: 源代码安全作为软件安全最为重要的安全点之一,是软件安全最底层的关键点。文章提出了源代码安全的一些常见的检测指标,结合SQL注入、跨站脚本、路径篡改和空指针4个比较常见的源代码安全漏洞对源代码安全进行了详细的分析研究。文章提出了源代码安全必须规避的一些基本方法,提高了源代码的安全和质量。

Abstract: As one of the most important safety points in software security, source code security is the lowest key point of software security. This paper presents some of the common source code security testing indicators, carries out a detailed analysis on the four common source code security vulnerabilities of SQL injection, cross-site scripting, path tampering and pointer. This paper proposes some basic methods that the source code security must circumvent to improve the safety and quality of the source code.