期刊名称:International Journal of Computer Science and Network Security
印刷版ISSN:1738-7906
出版年度:2009
卷号:9
期号:8
页码:277-286
出版社:International Journal of Computer Science and Network Security
摘要:Our objective in web security is to move black box to white box in enterprise practices. In this paper, we explain how our approaches achieve the goal in terms of static and dynamic analysis. To better explain the framework and roadmap of analysis work, we describe our approaches by using macro and micro views individually. Based on this foundation, we explore dynamic analysis in string validation and node tracking, and introduce micro and macro views to architect comprehensive approaches. Micro view is related to the mechanism inside the node, so the event triggers and string validation are both under its coverage. Macro view is related to the node tracking which is under investigation of pattern benchmarking. Our evaluation reflects that a configurable and well-tuned topology helps architectural collaboration, consequently it achieve a better security governance. This paper further explains the architectural coherence of identification, validation and tracking. It started with node identification with further exploration to the issue identification.
