52ky 发表于 2022-9-11 10:02:54

安全先锋AppScan

IBMRationalAppScan是一个面向Web使用安全检测的自动化检测工具,使用它能够自动化检测Web使用的安全漏洞。从7.5版本今后,RationalAppscan提供了扩展机制——AppScaneXtensionFramework。这篇文章通过一个详细的实例展现了如何使用AppScaneXtensionFramework,在Microsoft?VisualStudio?2008中基于C#来创建RationalAppScan插件然后增强RationalAppScan的使用才能。AppScan简介IBMRationalAppScan是一个面向Web使用安全检测的自动化工具,使用它能够自动化检测Web使用的安全漏洞,比方跨站点脚本攻击(CrossSiteScriptingFlaws)、注入式攻击(InjectionFlaws)、失效的访问控制(BrokenAcceSSControl)、缓存溢出问题(BufferOverflows)等等。这些安全漏洞大多包括在OWASP(OpenWebApplicationSecurityProject,开放式Web使用程序安全项目)所发布的Web使用安全漏洞中

(IBMRationalAppScan is an automated detection tool for web usage security detection, which can be used to automatically detect security vulnerabilities in web usage. From version 7.5 onwards, RationalAppscan provides an extension mechanism - AppScaneXtensionFramework. This article shows how to use AppScaneXtensionFramework through a detailed example to create a RationalAppScan plug-in based on C# in Microsoft?VisualStudio?2008 and then enhance the use of RationalAppScan. Introduction to AppScan IBM Rational AppScan is an automated tool for web usage security detection. It can be used to automatically detect security vulnerabilities in web usage, such as cross-site scripting attacks (CrossSiteScriptingFlaws), injection attacks (InjectionFlaws), invalid access control (BrokenAcceSSControl), cache Overflow problems (BufferOverflows) and so on. Most of these security vulnerabilities are included in the web usage security vulnerabilities published by OWASP (OpenWebApplicationSecurityProject, Open Web Application Security Project).)




页: [1]
查看完整版本: 安全先锋AppScan