摘要
税收信息化建设经过两期"金税工程"建设,获得了巨大的发展,现已正式启动"金税工程"三期建设,网络和信息安全问题已成为亟待解决的问题,特别是Web安全问题,已成为税务信息系统安全的瓶颈。作者通过对广西国税信息系统进行调研,对其部分重要Web应用系统进行渗透测试和风险评估,发现相当数量的网站存在XSS漏洞,并根据存在的问题提出有效的安全防护措施。
After two" Golden Tax Project" constructions which have obtained the huge development,tax information construction is now officially launched the third period construction,the network and information security has become a problem to be solved urgently,especially the Web security has become the bottleneck of the tax information system security.The paper studies the tax information system in Guangxi State Tax Bureau,and makes penetration testing and risks evaluation to the important parts of the Web application system.The results show that there are some XSS vulnerabilities in many websites.Aiming at the existing problems,this paper puts forward some effective protection measures for the Web security.
出处
《广西职业技术学院学报》
2012年第3期1-8,共8页
Journal of Guangxi Vocational and Technical College
