|
参考资料
- Imperva Web Application Attack Report,4th ed.,Imperva,2013;
- State of Software Security Report,Varacode,2013;
- A. Lane,“No SQL and No Security”,blog,9 Aug. 2011;
- L. Okman et al. “Security Issues in NoSQL Databases”,Proc. IEEE 10th Int’l Conf. Trust,Security and Privacy in Computing and Communications (TrustCom),2011,pp. 541–547.
- E. Sahafizadeh and M.A. Nematbakhsh. “A Survey on Security Issues in Big Data and NoSQL”,Int’l J. Advances in Computer Science,vol. 4,no. 4,2015,pp. 2322–5157.
- M. Factor et al. “Secure Logical Isolation for Multi- tenancy in Cloud Storage”,Proc. IEEE 29th Symp. Mass Storage Systems and Technologies (MSST),2013,pp. 1–5.
- “Security”,MongoDB 3.2 Manual,2016;
- I. Novikov,“The New Page of Injections Book: Memcached Injections”,Proc. Black Hat USA,2014;
- J. Williams,“7 Advantages of Interactive Application Security Testing (IAST) over Static (SAST) and Dynamic (DAST) Testing”,30 June 2015;
- K. Zeidenstein,“Organizations Ramp up on NoSQL Databases,but What about Security?”,1 June 2015;
- V. Haldar,D. Chandra,and M. Franz,“Dynamic Taint Propagation for Java”,Proc. IEEE 21st Computer Security Applications Conf.,2005,pp. 303–311.
- S.M. Kerner,“Glass Box: The Next Phase of Web Application Security Testing?”,3 Feb. 2012;
- I. Ristic,“Protocol-Level Evasion of Web Application Firewalls”,2012.
关于作者
- Aviv Ron 是IBM网络安全卓越中心的安全研究员.他的研究兴趣包括应用安全,特别是云环境的安全.Ron拥有Ben Gurion大学的计算机科学学士学位.Alexandra Shulman-Peleg 是花旗银行云安全领域的一名负责人.在准备这篇文章的期间,她是IBM网络安全卓越中心的高级研究员.她的研究兴趣包括云安全.Shulman-Peleg拥有Tel Aviv大学的计算机科学博士学位.她曾在顶级期刊、大会和书籍中发表了30多篇科学出版物.Anton Puzanov 是IBM网络安全卓越中心的安全研究员.他的研究兴趣包括应用安全测试产品.Puzanov拥有Ben Gurion大学的通信系统工程学士学位.本篇文章已经在 IEEE Software 杂志上首发.IEEE Software 就今天的战略性技术问题提供了可靠的、经专家评审过的信息.IT管理者和技术领导应依靠新先进解决方案的IT专业人员,以迎接运行可靠的、灵活的企业这一挑战.
文章来微信公众号:高效开发运维
(编辑:ASP站长网)
|
Redis未授权检测漏洞G
严峻Web对抗环境下的W
遭黑客盗走AMD GPU 部
企业级信息防泄漏大方