以弱點掃描結合修補函數提昇Web App安全品質

10.30007/JICTA.201201.0012

賴森堂

弱點掃描 ； 修補函數 ； Web App ； 安全漏洞 ； WASIP ； vulnerability scanning ； repair function ； Web app ； security holes ； WASIP

電腦稽核

25期（2012 / 01 / 01）

156 - 165

繁體中文

提供客戶最新的資訊、最順暢的溝通管道及最完善的服務品質是各行各業提昇競爭力的重要指標，Web應用軟體（Web Applications; Web App）則是達成這些任務的必要資產。資訊安全的問題對於電腦設備及軟體系統的危害愈來愈嚴重，網際網路的入侵攻擊與系統本身的安全漏洞持續衝擊正常運作的軟體系統，使得Web App安全品質受到嚴重的考驗，為了避免外部入侵與軟體本身的安全漏洞造成用戶重大的損失，如何有效改善Web App安全品質，已成為值得深入探究的課題。早期開發的Web App未能有效的融入安全性，使得運作中的Web App充滿許多安全漏洞與缺失，利用弱點掃描可以找出Web App的安全漏洞與缺失，再結合高品質函數進行修補作業，可以有效改善安全問題與缺失。為此，本文以弱點掃描為基礎，結合可再用修補函數，提出一套Web App安全品質改善程序（Web App Security Improvement Procedure; WASIP），用以修補Web App的安全漏洞與缺失，具體提昇運作中Web App安全品質。

Providing customers new information, convenience communication channels, and the best service quality are important indicator to enhance industries competitivity. Web app is a necessary asset to accomplish these missions. However, information security issues of computer facility and software system are more and more serious. Internet intrusion, system security vulnerabilities continuously attack the normal operation software system to cause Web App security face to serious challenge. How to effectively improve Web App security becomes a topic which worth deeply discuss. In the early, security issues did not be respected in Web App development process often cause Web App full of a lot of security holes and defects. Vulnerability scanner can help identify the secure holes and defects of Web app. Then, combining high quality function to repair the vulnerability can effectively increase Web app security. In this paper, based on vulnerability scanning and reusable repair functions, propose a Web App Security Improvement procedure (WASIP). Applied WASIP to repair Web app secure holes and defects can concretely improve Web app operating security.