| 摘要 |
A web application is more efficiently analyzed by intelligently generating attack sequences to be used in the assessment. Rather than simply sending a canned list of static strings at a web application, the operation of the web application is analyzed to determine the filtering and acceptance characteristics of the web site. As this information is ascertained, a vocabulary of allowed symbols is created. This vocabulary is used in the building of attack strings and as such, the number of attack strings fired at the web application is greatly reduced, as well as the number of false positives.
|
