| More and more businesses and organizations use Web applications to achieve their business goals, but because of its openness and uncontrollable characteristics, Web application issues happened continuously and have reached 70% of network security issues. Web application security becomes an important area of information security. Removing security risk in the software development life cycle is the main direction and trend, is also a fundamental way to control risk.From the software development life-cycle view, a further discussion and practice for the key technologies of Web application security has been done according to the thinking of "find vulnerabilities in the detail, solve problems in the architecture and control risk in the process"1. Investigate the industry status of vulnerabilities, security testing tools and development technology.2. Put forward a testing method of code injection vulnerabilities through the deep analysis of vulnerability and expansion of the definition. The result of experiment shows that the testing methodology can test all the code injection vulnerabilities of Web application effectively with less testing workload. Expand the testing tool to improve testing scope and accuracy.3. Build a unified identity management system and authentication module to help management and audit.4. Develop and practice security development lifecycle of Web application software: do a specification for the security requirement analysis and architecture review; bring out an abstract design for access control to help reuse; bring out a whole testing process to complete security testing effectively. |
PDF Full Text Request