《应用程序所面临的威胁》由会员分享,可在线阅读,更多相关《应用程序所面临的威胁(24页珍藏版)》请在金锄头文库上搜索。
1、IT 类:类: 1. Threats faced by an application can be categorized based on the goals and purposes of the attacks: Spoofing is attempting to gain access to a system by using a false identity. This can be accomplished using stolen user credentials or a false IP address. After the attacker successfully gai
2、ns access as a legitimate user or host, elevation of privileges or abuse using authorization can begin. Tampering is the unauthorized modification of data, for example as it flows over a network between two computers. Repudiation is the ability of users (legitimate or otherwise) to deny that they pe
3、rformed specific actions or transactions. Without adequate auditing, repudiation attacks are difficult to prove. Information disclosure is the unwanted exposure of private data. Some examples of information disclosure vulnerabilities include the use of hidden form fields, comments embedded in Web pa
4、ges that contain database connection strings and connection details, and weak exception handling that can lead to internal system level details being revealed to the client. Denial of Service (DoS) is the process of making a system or application unavailable. For example, a DoS attack might be accom
5、plished by bombarding a server with requests to consume all available system resources or by passing it malformed input data that can crash an application process. Elevation of privilege occurs when a user with limited privileges assumes the identity of a privileged user to gain privileged access to
6、 an application. 1.1. 应用程序所面临的威胁,可以根据攻击的目标和意图进行分类: 欺骗是通过用一个假的 ID 来试图获取一个系统的访问。这可以通过偷盗用户的凭证或者用一个假的 IP 地址来实现。在 攻击者伪装成一个合法使用者或者主人成功获取访问后, 他便可以拥有更多的特权或者滥用授权。 篡改是对数据的非授权修改。例如当数据在两计算机间的网络进行传输时。 否认是指使用者(合法或非法的)可以否认曾经采取过某种特殊行为或处理。没有足够的审核,否认攻击很难被证明。 信息泄露是指私人数据的非自愿暴露。信息泄露攻击包括运用那些包含数据库连接字符串以及连接信息的网页中的隐藏 格式字段和嵌
7、入式注释,以及轻微异常处理从而导致内部系统详细资料暴露给客户。 拒绝服务(DoS)是指能导致系统或者应用程序不可用的攻击。例如,一个 DoS 攻击的实现可以通过请求调用所有可用 系统资源来使得服务器崩溃或者通过传送错误的输入(原始)数据从而破坏一个应用程序。权限提升是指有限权限用户获取了特权用户的身份,进而可以对某个应用程序进行特许访问。1. Because the information required to connect to different external systems varies, the Connection documents require different in
8、formation based on which system is being accessed. 由于连接不同的外部系统需要不同的信息(或数据) ,因此,链接文件也需要不同的信息(或数据) ,以便据此进入系统。 2. With server-side browsing in LEI 6, you can install the external system connectivity software on only the Domino server where the LEI server and administrator are installed. 使用 LEI 6 中的服务器端
9、浏览,您可以只在安装了 LEI 服务器和管理器的 Domino 服务器上安装外部系统连接软件。 3. The finally block ensures that if the file and stream connections have been opened, they get closed whether an exception has been thrown or not. 如果文件与流的联系已被打开,不管异样事件是否已排除,终结程序块都能保证使文件和流关闭。Simple page layouts work well with Linux documentation tools.
10、 For example, a technical book with a few flow charts and images can be easily produced and maintained using Groff or TeX documentation tools. Letters and memos are also easy to do with these tools. And, of course, Linux man pages are created with text-based tools. Additionally, Linux likes PostScri
11、pt. Although people think of PostScript as a printing language, it is really more of a programming language (you could write PostScript code directly). Most Linux document-processing software includes print drivers for PostScript. Some documents on the Web are distributed in PostScript (.ps). 用 Linu
12、x 的文件处理工具可较好进行简单的页面编排。比如可以为技术类书刊轻松编制流程图表和图像,Groff 或 TeX 文 件工具在此得以继续使用。信件和备忘录自然也不在话下。当然,Linux 帮助文件要由基于文本语言的工具创建。 另外,Linux 与 PostScript 相似。虽然人们把 PostScript 看作一种版画语言,实则它更是一种编程语言(可直接编写 PostScript 源代码)。多数 Linux 下的文件处理软件包含了支持 PostScript 的版画语言驱动。一些网络文件在 PostScript 中呈分布式性质。合同类:合同类: CONTRACT SALE AND PURCHAS
13、E USED RAILS R50-R65 BY TELEGRAPHIC TRANSFERTHIS CONTRACT IS VALID FOR 7 (SEVEN) BANKING DAYS AFTER BOTH BUYER AND SELLER HAS SIGNED. THEREAFTER IT IS TO BE DEEMED NULL AND VOID AUTOMATICALLY WITHOUT ANY NOTICEContract Number : Mandate : AQSIQ : Date Issued : THE SELLER NAME :. ADDRESS : TEL : FAX :
14、 WEB : EMAIL : SIGNATORY :THE BUYER NAME : ADDRESS : COUNTRY : TELEPHONE : FAX : EMAIL : SIGNATORY :PREAMBLE:This Contract is made by and between the Buyer and the Seller, whereas the Buyer agrees to buy and the Seller agrees to sell the under-mentioned commodity as per the following terms and condi
15、tions:1. NAME OF COMMODITY1.1 The seller herewith sells and the Buyer herewith purchases steel melting scrap ISRI 27 (R50 - R65) in accordance with the specifications and quality described in this contract (hereinafter called “Goods“).2. SPECIFICATIONSUSED RAIL ISRI 27 (R50 - R65). All goods sold by
16、 the seller will be totally free of any types of radiation, bombs, arms and ammunition, mines, shells, cartridges, sealed containers, penguins, gas cylinders, explosive shells and/or explosive materials in any form, used or otherwise, as per the specification below: ISRI Code: 27 - The scrap consists of R50-R65 of Rails as R50 (51.67 kg/m GOST - 7173-75), R65 (64.72 kg/m GOST 8165-75) and Length: Fr, according to INCOTERMS 2000.3. QUANTITY OF GOODS3
