바로가기 메뉴
본문으로 바로가기
메인 메뉴로 바로가기

현재위치

Home >자료실>KISA Library>연구보고서

연구보고서

연구보고서 상세보기
제목 웹 취약점 점검 및 연구 보고서
등록일 2015-08-27 보고서번호 KISA-WP-2014-0049
첨부파일 웹_취약점_점검_및_연구_보고서.pdf    첨부파일 미리보기
목 차
제 1 장 서론 ···········································································1
제 2 장 취약점 점검 상황 ···················································3
제 1 절 통계자료 ················································································3
제 2 절 진행 상황 및 점검 방법 ·················································· 10
제 3 장 취약점 점검 결과의 검토 절차 ························22
제 1 절 서비스 진단 프로세스 ······················································ 22
제 2 절 주요 취약점 ········································································ 23
제 3 절 발견 되는 오탐 리스트 ···················································· 28
제 4 절 원격 웹 취약점 점검 서비스 업무 지원 FAQ ············ 34
제 5 절 원격 웹 취약점 점검 서비스 운영 지원 FAQ ············ 38
제 4 장 취약점 점검 능력을 향상시키기 위한 교육 활
동 ·······························································································42
제 1 절 전공과목을 통해 이론학습 및 모의서버에 대한 실습 42
제 2 절 실제 서버에 대한 문제수정 실습 ·································· 63
제 3 절 외부 전문가 초청을 통한 주기적인 세미나 및 실습 86
제 4 절 주기적인 미팅을 통한 문제 및 해결책 공유 ············ 112
제 5 절 포트폴리오 ········································································117
제 5 장 웹 취약점 보안 가이드 ·····································144
제 1 절 크로스 사이트 요청 위조 ··············································144
제 2 절 크로스 사이트 스크립트 ················································157
제 3 절 검증되지 않은 리다이렉트와 포워드 ·························· 168
제 4 절 기능 수준의 접근 통제 누락 ········································ 176
제 5 절 민감 데이터 노출 ····························································184
제 6 절 파일 업로드 취약점 ························································189
제 6 장 결론 ········································································201
[ 참고문헌 ] ··········································································202
[ 부록 ] ··················································································203
이전글,다음글 보기
이전글 [KISA-WP-2014-0067] 기록물 관리기준 및 분류체계 개발사업
다음글 [KISA-WP-2014-0048] 웹 취약점 분석 및 기술지원

담당자

내용문의 : 운영지원팀 권정아          전화061-820-1169 이메일

Home

메뉴선택

닫기