현재 위치: WiKi Security Spirit » 응용 계층 보안

차이

문서의 선택한 두 판 사이의 차이를 보여줍니다.

차이 보기로 링크

다음 판		이전 판
응용계층_보안 [2013/11/14 04:50] – 새로 만듦 wiki1122응용계층_보안 [2024/04/04 05:12] (현재) – 바깥 편집 127.0.0.1
줄 1: 줄 1:
-====== 서비스 계층 보안 ======+* 사업 등 관련 문의: T) 02-322-4688, F) 02-322-4646, E) [[info@wikisecurity.net]] 
  
-The services security layer addresses security of services that service providers provide to their +===== 응용 계층 보안 =====
-customers. These services range from basic transport and connectivity to service enablers like those +
-that are necessary for providing Internet access (e.g., AAA services, dynamic host configuration +
-services, domain name services, etc.) to value-added services such as freephone service, QoS, VPN, +
-location services, instant messaging, etc. The services security layer is used to protect the service +
-providers and their customers, both of which are potential targets of security threats. For example, +
-the attackers may attempt to deny the service provider's ability to offer the services, or they may +
-attempt to disrupt service for an individual customer of the service provider (e.g., a corporation).+
  
 +(출처 : wikisecurity)\\
 +Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.\\
 +\\
 +Applications only control the use of resources granted to them, and not which resources are granted to them. They, in turn, determine the use of these resources by users of the application through application security.\\
 +\\
 +Open Web Application Security Project (OWASP) and Web Application Security Consortium (WASC) updates on the latest threats which impair web based applications. This aids developers, security testers and architects to focus on better design and mitigation strategy. OWASP Top 10 has become an industrial norm in assessing Web Applications.\\
  
-서비스에 대한 보안으로 접속과 전송은 물론 인터넷전화나 VPN, 메세징서비스와 같이 인터넷 접속을 제공할 필요가 있는  + 
-서비스업자도 이에 다. 인터넷 서비스 사업자와 사용자 모두게 필요한 보안으로 누군가가 서비스를 취소하거나  +어플리케이션은 허용된 부분만 제어해야 하며 어플리케션 보안을 통해 사용자는 해당 리소를 사용해야 하는데, 그렇지 않을 경우  
-방해하는 것으로부터 보호한다.+어플리케이션의 설계, 개발, 이관, 그레드나 유지관리서 발생할 수 있는 결다.   
 +웹어플리케이션 위협은 최근 OWASP와 WASC에 업데이트되었다. 

추적: