这一分析不会揭示内部应用程序漏洞,但会揭示其他大多数漏洞。
This analysis doesn't uncover internal application vulnerabilities, but does expose most others.
在法国格拉斯一家法庭受理这一案子后,他的律师大卫-安德烈-达尔蒙告诉法新社,“我的客户是应用程序漏洞的受害者。”
"My client was the victim of a bug in an application, " his lawyer David-André Darmon told AFP news agency after the case was lodged at a court in Grasse.
简言之,漏洞扫描器是专门设计用于查找和暴露应用程序和操作系统中的弱点的软件。
Simply put, a vulnerability scanner is a piece of software specifically designed to search for and reveal weaknesses in an application or operating system.
很多应用程序本身没有问题,但是存在潜在的安全漏洞,比如这种应用程序所使用的某个端口或协议存在漏洞。
There are lots of applications that aren't troublesome in themselves, but have potential security holes, like when a port or protocol used normally by that app has vulnerabilities.
如果您关心应用程序隔离,则应小心地对每个使用场景进行评估,并查找潜在的漏洞,并据此采取相应措施。
If you are concerned about application isolation, you should carefully evaluate every usage scenario and look for potential weaknesses and act accordingly.
漏洞攻击开发出来后,您可以确定您的应用程序和系统是否能够经受缓存溢出等攻击和SQL注入等漏洞的威胁。
After developing exploits, you can determine whether your applications and systems are vulnerable to exploits such as buffer overflows and holes such as SQL injections.
如果这些漏洞被人利用,应用程序或系统的性能将受到损害。
When these vulnerabilities are exploited, the system or applications will perform poorly.
应用程序逻辑越复杂,攻击者找到漏洞的机会也就越多。
The more complicated the application logic, the more chances there are for attackers to find a hole.
通过提供更多的功能访问点(即服务),SOA有可能会大幅度增加组合应用程序中的漏洞。
By providing more access points to functionality (that is, services), SOA has the potential to greatly increase vulnerability in composite applications.
这种方法与这个应用程序的运行实例相互影响,从而有效地执行轻度攻击(绝大多数是无害的)来检查安全漏洞。
This approach interacts with a running instance of the application, effectively attempting to perform light hacks (mostly harmless) to identify security holes.
有漏洞的虚拟机模板镜像会导致许多操作系统或应用程序上的漏洞传播到更多系统。
Vulnerable virtual machine template images cause OS or application vulnerabilities to spread over many systems.
确定应用程序是否有内存漏洞。
漏洞扫描过程可以划分为一系列步骤,每个步骤都是查找应用程序或操作系统中的弱点所需的关键任务。
The process of vulnerability scanning can be broken down into a series of steps, each of which is a vital task needed to locate the weaknesses in an application or operating system.
mashup应用程序或页面必须解决CSRF、Ajax漏洞、XSS和其他潜在的安全漏洞。
A mashup application or page must address CSRF, Ajax vulnerabilities, XSS, and other potential security weaknesses.
使用通过jQueryMobile、PHP和MySQL构建的示例应用程序展示所有漏洞和对策。
All vulnerabilities and countermeasures are demonstrated using a sample application built with jQuery Mobile, PHP, and MySQL.
让我们检查一下三种容器,其中任意一种都与您在Web服务中用于描述应用程序安全漏洞的响应类型相关。
Let's take a look at three containers, each of which is associated with a response type that you could use in describing application security vulnerability in a Web service.
而更严重的问题是,大量的通信会使Ajax应用程序受到Web服务漏洞的威胁。
A more important concern, in turn, is that the large amount of traffic exposes Ajax applications to Web services vulnerabilities.
尽管不能将与Web站点或应用程序联机相关的风险完全消除,但可以对其保持警惕并修补可能存在的漏洞。
Although you can never fully eliminate the risks associated with putting a Web site or application online, you can be smart about it and address the weaknesses you may have.
要提高Ajax应用程序的性能,同时避开Web服务漏洞,您的团队需要由开发人员、测试人员、系统管理员和潜在用户组成。
You'll need a team of developers, testers, system administrators, and potential users to speed up Ajax applications while dodging Web services vulnerabilities.
本文介绍一些实用的建议,帮助您在避开Web服务漏洞的同时改善Ajax应用程序的性能。
This article gives practical advice on dodging Web services vulnerabilities while speeding up your Ajax applications.
我们已经描述了两个典型的Web应用程序技术漏洞:会话控制和劫持漏洞,以及注入漏洞。
We've already described two typical vulnerabilities for Web application technologies: session riding and hijacking vulnerabilities and injection vulnerabilities.
有许多购物车应用程序把价格存储在用户可编辑的参数中,这导致了安全漏洞。
There are many horror stories of shopping cart applications which stored a calculated price in a parameter editable by the user.
黑客的目的就是利用自动攻击来寻找应用程序中的漏洞,进而破解应用程序,将数据直接转移到自己手中。
The goal for hackers is to break applications with automated attacks searching for vulnerabilities until the apps crack and spill data straight into the hands of the hackers.
即使以后发现这些组件的安全性漏洞,也可以迅速修复,并将修正后的组件应用到所有使用该组件的应用程序中。
Even if vulnerabilities are found later, they can be fixed once and the fix applies to every application that USES the component.
我猜想,该应用程序中意外出现的内存漏洞是由那些没有真正理解别人开发的代码的程序员造成的。
The memory leaks that cropped up within the application were caused, I suspect, by programmers who did not truly understand the code that had been developed elsewhere.
JR:我们还没有深入研究其他平台,但我们肯定,还有更多平台、网站及应用程序存在同样的漏洞。
JR: we have not looked in detail to any other platform yet, but we are sure there are more platforms, applications and sites vulnerable to the same attack.
在不利用应用服务器安全性的应用程序中,常常会发现很严重的安全性漏洞。
Applications that did not leverage application server security were typically found to have serious security holes.
在前一篇文章中(见参考资料),我讨论了如何使用漏洞扫描作为工具,以查找宿主和应用程序基础设施中存在的问题。
In previous articles (see Resources), I covered the topic of vulnerability scanning as a tool for finding problems in your hosting and application infrastructure.
如果应用程序有xss漏洞,攻击者就可能会发送能被应用程序执行的恶意脚本,导致XSS侵入。
If the application has XSS holes, the attacker may send a malicious script that can still be executed by the application and lead to XSS intrusions.
应用程序安全吗?存在我们不知道的漏洞和安全隐患吗?
Is that application secure, or is there a hole or vulnerability that you don't know about?
应用推荐