| 基于操作劫持模式的Web攻击与防御技术研究 |
| |
| 引用本文: | 徐少培,姚崎.基于操作劫持模式的Web攻击与防御技术研究[J].信息安全与通信保密,2011(1):86-89. |
| |
| 作者姓名: | 徐少培 姚崎 |
| |
| 作者单位: | 北京天融信公司,北京,100085 |
| |
| 摘 要: | Web攻击方式日新月异,从2006年开始到2010年,平均每年都会有几十种新的Web攻击方式出现。这其中不乏新的Web攻击概念,以及从旧的Web攻击概念中引申出的新攻击手法。因此深入研究和积极跟进Web攻击方式是有必要的。这里在详细分析了基于操作劫持模式的Web攻击技术发展历程的基础上,将其划分为3个技术发展阶段,并对每个阶段的技术原理、技术特点和危害程度进行了深入的研究,给出了两种抵御操作劫持攻击的技术方法,并对比了两种方法在防护效果上的差异。
|
| 关 键 词: | Web安全 点击劫持 拖放劫持 触摸劫持 |
Study on Web Attack and Defense Technology based on Operation Jacking |
| |
| XU Shao-pei,YAO Qi.Study on Web Attack and Defense Technology based on Operation Jacking[J].China Information Security,2011(1):86-89. |
| |
| Authors: | XU Shao-pei YAO Qi |
| |
| Institution: | XU Shao-pei,YAO Qi (Beijing Topsec LTD.,Beijing 100085,China) |
| |
| Abstract: | Web attack develops with each passing day,and from 2006 to 2010,dozens of new Web attack occurs on an average a year,many of them have no lack of new Web attack concept,and some attacks are even derived from the old concept of Web attack. So it is necessary to carry out in-depth study on Web attack. With detailed analysis on Web attack development process based on hijacking operation mode,its technology development is divided into three stages,the technology and principles,technical characteristics and harm... |
| |
| Keywords: | Web security clickjacking drag & drop jacking tabjacking |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
