| With the rapid development of computers and the Internet, various industries for computer dependence increase gradually. Meanwhile, bring the computer security more and more attention, Web safety accidents issue, but also Web safety testing importance.With J2EE in Web in system development, rapid application, for such Web system safety inspection needs more and more. The traditional Web safety detecting technology already can't satisfy the demand of change. In order to improve the safety testing and comprehensive Web accuracy, the code to the Web application security audit also detection, make Web safety testing more comprehensive accurate.This issue it is based on such a background, through the J2EE in Web system of Java bytecode analysis, using Findbugs put forward one brand-new gray box code audit detection Web safe, give Web safety testing added new solutions to improve the detection results of comprehensive.This paper first explains the topic research background, this paper introduces the Web security and code audit related technologies, such as basic knowledge Findbugs, custom rules of writing, etc, at the same time for the common code audits conducted comparative analysis software. Then through the gray box code audit tools for a series of functional expansion, realized how the ash box code audit in Web safety testing. Finally the gray box code auditors and penetration test for safety testing and analysis of the results and integration, achieve more comprehensive and accurate Web safety testing. |
PDF Full Text Request