这种技术保持使系统安全的一种有效的方法,但是因为并没有真正地清除数据(仅仅以它作为条件),那么当前的静态分析工具就不能适当地分析这样的代码。
This technique is a valid way to keep the system secure, but because there is no real sanitization of the data (only conditions on it), current static analysis tools do not properly analyze such code.
一些工具就Web应用程序的安全问题分析代码,而其他的为相关性问题扫描代码。
Some analyze code for security problems for Web applications, and others scan code for dependency problems.
一名优秀的安全分析师还需要使用一种好的审计工具(如tacacs +)来记录攻击。
A good security analyst also needs to employ a good auditing tool, such as Tacacs +, to log attacks.
应用推荐