翻訳と辞書
Words near each other
・ "O" Is for Outlaw
・ "O"-Jung.Ban.Hap.
・ "Ode-to-Napoleon" hexachord
・ "Oh Yeah!" Live
・ "Our Contemporary" regional art exhibition (Leningrad, 1975)
・ "P" Is for Peril
・ "Pimpernel" Smith
・ "Polish death camp" controversy
・ "Pro knigi" ("About books")
・ "Prosopa" Greek Television Awards
・ "Pussy Cats" Starring the Walkmen
・ "Q" Is for Quarry
・ "R" Is for Ricochet
・ "R" The King (2016 film)
・ "Rags" Ragland
・ ! (album)
・ ! (disambiguation)
・ !!
・ !!!
・ !!! (album)
・ !!Destroy-Oh-Boy!!
・ !Action Pact!
・ !Arriba! La Pachanga
・ !Hero
・ !Hero (album)
・ !Kung language
・ !Oka Tokat
・ !PAUS3
・ !T.O.O.H.!
・ !Women Art Revolution


Dictionary Lists
翻訳と辞書 辞書検索 [ 開発暫定版 ]
スポンサード リンク

web application security scanner : ウィキペディア英語版
web application security scanner

A web application security scanner is a program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses.〔gcjggvj(Web Application Security Scanner Evaluation Criteria version 1.0 ), WASC, 2009〕 It performs a black-box test. Unlike source code scanners, web application scanners don't have access to the source code and therefore detect vulnerabilities by actually performing attacks.
Web applications have been highly popular since 2000 because they allow users to have an interactive experience on the Internet. Rather than just view static web pages, users are able to create personal accounts, add content, query databases and complete transactions. In the process of providing an interactive experience web applications frequently collect, store and use sensitive personal data to deliver their service. Customers benefit from the convenience of these applications, while tacitly taking on risk that private information stored in web applications will be compromised through hacker attacks, insider leaks etc.
According to the Privacy Rights Clearinghouse, more than 18 million customer records have been compromised in 2012 due to insufficient security controls on corporate data and web applications.
==Overview==
A web application security scanner facilitates the automated review of a web application with the expressed purpose of discovering security vulnerabilities, and are required to comply with various regulatory requirements. Web application scanners can look for a wide variety of vulnerabilities, including:
* Input/Output validation: (Cross-site scripting, SQL Injection, etc.)
* Specific application problems
* Server configuration mistakes/errors/version
In a copyrighted report published in March 2012 by security vendor (Cenzic ), the most common application vulnerabilities in recently tested applications include:
::
Web applications security scanners typically rely on fully automated scanning, however a 'hybrid' approach, pioneered by High-Tech Bridge, is emerging which aims to address the issue of false-positive reporting by having humans involved in the assessment process.

抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)
ウィキペディアで「web application security scanner」の詳細全文を読む



スポンサード リンク
翻訳と辞書 : 翻訳のためのインターネットリソース

Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.