本文已被:浏览 2777次 下载 3979次
Received:April 24, 2013 Revised:May 08, 2013
Received:April 24, 2013 Revised:May 08, 2013
中文摘要: 本文研究了国内外Web漏洞库及建设的现状, 设计并实现了一个专注于Web漏洞发布的Web漏洞数据库. 文中兼顾了Web漏洞的固有特点及其与传统漏洞的属性差别, 设计了Web漏洞库描述模型, 丰富了Web漏洞的收集方法, 定义了Web漏洞的漏洞评价属性标准, 并在Web漏洞库中添加了Web漏洞重现模块. 我们所设计的Web漏洞库确保了全面的Web漏洞信息收集和Web漏洞信息发布的标准化, 可更好地对Web漏洞信息和数据进行分析研究, 也为Web安全提供了有力的技术支撑.
Abstract:Based on the research of Web vulnerability database and the situation of vulnerability database construction at home and aboard, the paper designed and implemented a vulnerability database focused on Web vulnerabilities. In consideration of both the features of Web vulnerability and the differences with traditional vulnerability, the paper designed the Web vulnerability database description model, enriched the ways of Web vulnerability collection, redefined the Web vulnerability scoring attributes and added the Web vulnerability reproduce function. The Web vulnerability database guarantees the comprehensive collection of Web vulnerability information and the standard release of Web vulnerability information, helps analyze the Web vulnerability information and data better, and provides a powerful technical support to Web security.
keywords: Web vulnerability attribute extraction vulnerability reproduction Web vulnerability database
文章编号: 中图分类号: 文献标志码:
基金项目:国家自然科学基金(60970140);北京自然科学基金(4122089)
引用文本:
张昊星,孙应飞.通用Web漏洞库.计算机系统应用,2013,22(11):62-69
ZHANG Hao-Xing,SUN Ying-Fei.Common Web Vulnerability Database.COMPUTER SYSTEMS APPLICATIONS,2013,22(11):62-69
张昊星,孙应飞.通用Web漏洞库.计算机系统应用,2013,22(11):62-69
ZHANG Hao-Xing,SUN Ying-Fei.Common Web Vulnerability Database.COMPUTER SYSTEMS APPLICATIONS,2013,22(11):62-69
