Professional Documents
Culture Documents
DANNY ALLAN
.................................................................................................................................... 1
.................................................................................................................................... 1
................................................................................................................ 2
.................................................................................................................... 2
.................................................................................................................... 3
.................................................................................................................................... 3
.................................................................................................................................... 3
............................................................................................ 5
Watchfire Watchfire
www.watchfire.com
Web
Web
1
Web
o
o
o
o
Web 1999 2 Web
Web
Web
1
2
http://www.imperva.com/company/news/2004-feb-02.html
http://patft.uspto.gov/
Web 2
XSS
2002
Microsoft Hotmail 3 1
Microsoft
Hotmail 4 1
30
70
5 1
2,000 30 x 70 XSS
1 80%
6
Web
100%
URL
JavaScript
URL ID Web
Web
http://www.computeruser.com/news/02/02/13/news2.html
https://accountservices.passport.net/reg.srf?roid=2&sl=1&vv=310&lc=1033
5 http://ha.ckers.org/xss.html
6 http://www.imperva.com/company/news/2004-feb-02.html
3
4
Web
IDC
Web
A
B C B
A C
100 Web 7
36% Web
17 % Web
46 % Web
80 20 80 % 20 %
80% 1
Web
http://www.webappsec.org/lists/websecurity/archive/2005-06/msg00014.html
Web
Web
Web
Web
AXA FinancialSunTrustHSBC
VodafoneVeteran's AffairsDell 500
HP/IAPP InfoSecurity Product Guide 2006
Computerworld Computer Reseller News 2006
SC Magazine
IDC Web
IBM
PricewaterhouseCoopersTRUSTeMicrosoftInterwovenEMC Documentum and Mercury
Massachusetts Waltham
www.watchfire.com