Web 服务攻击技术研究综述倡.pdf

第 27 卷第 1 .1
2010 年 1 月 Vol .N20o10
Application Research puters Jan
Web 服务攻击技术研究综述倡
黄康宇a , 贺正求a , 赖海光b , 吴礼发b
(; .计算机系, 南京 210007)
a b
摘要: 服务在给基于异构平台的应用集成带来极大便利的同时,其自身各核心组件也面临着恶意攻击的
Web
威胁。详细分析了针对单个服务以及服务组合过程的各种常见攻击技术的原理、特点,探讨了相应的
Web Web
检测和防御措施,结合已有研究成果,讨论了服务攻击防护将来的研究方向以及面临的挑战。
Web
关键词: 服务; 安全; 攻击; 防御
Web
中图分类号: 303畅08 文献标志码: 文章编号: 1001唱3695(2010)01唱0017唱06
TP A
: /. .
doi j issn
Research of attack technologies for Web service
唱 a , 唱 a , 唱 b , 唱b
HUANG Kang yu HE Zheng qiu LAI Hai guang WU Li fa
( Team, , School mand Automation, PLA University of Science Technology, Nanjing 210007,
&
China)
Abstract: 唱唱,
Web service greatly facilitates the application .to application integration based on heterogeneous platform but its
ponents are faced with threats of malicious attacks This paper detai,ledly analyzed the principles and characteristics of
various familiar attacks on Web service and Web position, and pointed out the corresponding detection and
prevention countermeasures On the basis of current research also presented a discussion on the future research
dKireeyctwioonrsdas:nd the challeng;es of Web; service;defenses against attacks
Web service security attack defense
实施攻击的方法包含以下几个基本步骤:调查和评估;利用和
引言
0 渗透;逐