应用系统安全开发技术规范V1.3

应用系统安全开发技术规范

（版本号 V1.3）

朗新科技股份有限公司 二〇一五年十二月

更改履历

更改的 版本号 0.5 1.0 1.1 1.2 1.3 修改编号 更改时间 图表和章节号 2013-11-24 2015-11-19 2015-11-30 2015-12-3 2015-12-3 初稿 修改 修改 修改 修改 施伟 宋月欣 宋月欣 宋月欣 施伟 施伟 陈志明 陈志明 施伟 更改简要描述 更改人 批准人 注：更改人除形成初稿，以后每次修改在未批准确认前均需采用修订的方式进行修改。

目录

1 2

背景与目标 ............................................................................................................... 1 安全编程概念 ........................................................................................................... 1 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11 2.12 2.13 2.14 2.15 2.16 2.17 2.18 2.19 2.20 2.21 2.22 2.23 3

安全编程 ......................................................................................................... 1 结构化编程 ..................................................................................................... 2 脆弱性 ............................................................................................................. 2 可信计算 ......................................................................................................... 2 安全可信模块 ................................................................................................. 3 不可信任模块 ................................................................................................. 3 敏感信息 ......................................................................................................... 3 特权 ................................................................................................................. 3 信息隐藏 ......................................................................................................... 3 中间件 ............................................................................................................. 3 死锁 ................................................................................................................. 4 可信边界 ......................................................................................................... 4 元字符 ............................................................................................................. 4 参数化查询 ..................................................................................................... 4 UNIX JAIL环境 ............................................................................................. 4 临时文件 ......................................................................................................... 5 信息熵 ............................................................................................................. 5 SSL .................................................................................................................. 5 TLS.................................................................................................................. 5 HTTPS ............................................................................................................ 5 HTTP会话 ....................................................................................................... 5 COOKIE ............................................................................................................ 6 HTTPONLY COOKIE .......................................................................................... 6

安全编程原则 ........................................................................................................... 6

本文来源：https://www.bwwdw.com/article/kr9v.html