| 移动应用安全防护技术研究 |
| |
| 引用本文: | 常玲,赵蓓,薛姗,马力鹏,吴日切夫.移动应用安全防护技术研究[J].电信工程技术与标准化,2016(9):86-91. |
| |
| 作者姓名: | 常玲 赵蓓 薛姗 马力鹏 吴日切夫 |
| |
| 作者单位: | 中国移动通信集团设计院有限公司,北京,100080 |
| |
| 摘 要: | 本文首先分析了移动应用的安全现状,提出了移动应用安全评估方法,包括客户端安全评估、服务器安全评估和业务流程安全评估,最后给出了移动应用典型安全漏洞及其检查方法与加固建议,包括敏感数据暴露、鉴权机制缺陷、代码保护不足、公共组件漏洞和应用配置错误。
|
| 关 键 词: | 移动应用 安全评估 鉴权机制 代码保护 |
| 收稿时间: | 2016/2/25 0:00:00 |
| 修稿时间: | 2016/4/22 0:00:00 |
The Research of the Security Technology on Mobile Applications |
| |
| Chang Ling,Zhao Bei,Xue Shan,Ma Lipeng and Wu Riqiefu.The Research of the Security Technology on Mobile Applications[J].Telecom Engineering Technics and Standardization,2016(9):86-91. |
| |
| Authors: | Chang Ling Zhao Bei Xue Shan Ma Lipeng and Wu Riqiefu |
| |
| Institution: | China Mobile Group Design Co.,Ltd,China Mobile Group Design Co.,Ltd,China Mobile Group Design Co.,Ltd,China Mobile Group Design Co.,Ltd,China Mobile Group Design Co.,Ltd |
| |
| Abstract: | This paper analyzes the security status of mobile applications, proposes the mobile application security assessment method, including the client security, server security and business process security. Finally, it gives the mobile application typical security vulnerabilities and examination methods and suggestions for the strengthening, including sensitive data exposed, defects of authentication mechanism, lack of code protection, vulnerabilities of public components and errors of application configuration. |
| |
| Keywords: | mobile applications security assessment authentication mechanism code protection |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《电信工程技术与标准化》浏览原始摘要信息 |
| 点击此处可从《电信工程技术与标准化》下载免费的PDF全文 |
|
