| At present, information system brings great convenience for people indaily work and life.However,its security is challenged by informationreveal, hacker Attacks, and so on. In order to keep information systemoperating in security, regularly safety assessment is needed. In our country,information system security evaluation has developed for a shorttime.Therelated technology of safety assessment is still not mature. Atpresent, research of safety assessment for the information system mainlystays in the methods, such as using manual questionnaire survey andvulnerability scanning tools, there is not an automation evaluation tool to meet the actual demand of information system security evaluation. Inaddition, in order to improve workingefficiency nearly everyorganizationhas built web portals. Since these web sites are mostly developed bythemselves, the security of these web application is much difficult tobeguaranteed. The existing assessment tools are lack for examing thesecurity of organization website, especially for the security of thosewebapplications constructed by themselves. Therefore, according to the projectof Henan science research project “Safety self-assessment platform based onWeb for information system”, this paper discussed relevant standards,methods and tools of information system safety assessment which areinvolved in the platform. Many technology questions, such as theevaluation index system designthe system security scanning based on theplugin technology, web sites safety evaluation model are respectivelydiscussed.Besides these, the dynamic detection of SQL injection and XSSloophole are deeply studied. |
PDF Full Text Request