2024Web應(yīng)用防火墻產(chǎn)品標(biāo)準(zhǔn)

GB191GB2894GB4798-90電子電工產(chǎn)品應(yīng)用環(huán)境條件機(jī)械和試驗(yàn)環(huán)境條件GB3047.4高度進(jìn)制為44.45mm的插箱、插件的基本尺寸系列GB/T3047.2高度進(jìn)制為44.45mmGB/T17626GB/T14733-1993GB/T17618-2015電工電子產(chǎn)品環(huán)境試驗(yàn)第2AGAT403.1-2014GBT28451-2012GBT30279-2013信息安全技術(shù)安全漏洞等級(jí)劃分指南GBT26269-2010ETSIEN300386電磁兼容和無(wú)線(xiàn)頻譜管理（ERM）：通信設(shè)備：電磁兼容性（EMC）（ElectromagneticcompatibilityandRadiospectrumMatters(ERM);Telecommunicationnetworkequipment;ElectroMagneticCompatibility(EMC)requirements.）IEC62151（（Safetyofequipmentconnectedtoatelecommunication

Telecommunicationsandinformationexchangebetweensystems--Localmetropolitanareanetworks--Specificrequirements--Part3:CarrierSenseMultipleAccesswithCollisionDetection(CSMA/CD)AccessMethodandPhysicalLayerSpecificatiIEC62351Powersystemsmanagementandassociatedinformationexchange-DatacommunicationssecurityIEC61588Precisionclocksynchronizationprotocolfornetworkedmeasurementand IEC61588Precisionclocksynchronizationprotocolfornetworkedmeasurementand

Telecommunicationnetworkequipment;ElectroMagneticCompatibility(EMC)IEC62351-6IEC62351-7IEC62439YD/T1391.1-2005（MPLS）YD/T1453-2014IPv6網(wǎng)絡(luò)設(shè)備測(cè)試方法—支持Pv6YD/T1455-2014IPv6網(wǎng)絡(luò)設(shè)備測(cè)試方法—支持Pv6SJ/T11364—2006SJ/T10630-1995IEC60950-1-2013GJB908AGJB726A-2004GJB571A-2005GJB1442A-

GJB1362A-2007軍工產(chǎn)品定型程序和要求IPC-A-610電子組件的可接受性EnglishChinese LocalAreaMediumAccessAccessControlQualityof\h產(chǎn)品細(xì)分檔產(chǎn)品細(xì)分檔產(chǎn)品檔SStandardMMiddle，定位為該檔次的中間型產(chǎn)品，具有該檔次完整功能，同時(shí)在硬件AAdvanced，定位為該檔次的高級(jí)型產(chǎn)品，具有該檔次完整功能，并提供高EEnhanced，定位為該檔次的增強(qiáng)型產(chǎn)品，具有該檔次完整功能，并提供高整機(jī)高度符合GB/T3047.2IEEEIEEEIEEE應(yīng)符合GB4943相關(guān)規(guī)定。對(duì)下面相關(guān)的危險(xiǎn)采取適當(dāng)?shù)姆雷o(hù)措施，減少或避免由于下列各種危險(xiǎn)1GE100M、1000MIPv4頭域訪(fǎng)問(wèn)控Console依據(jù)GJB908-90、GJB726A-2004、GJB1442-1992及IPC-A-610、SJ/T10630-19952BOMBOM;3456用電網(wǎng)供電的產(chǎn)品機(jī)箱內(nèi)無(wú)≥3mm7振動(dòng)：按照GB/T2423.10“試驗(yàn)Fc”的試驗(yàn)方法進(jìn)行。沖擊：按照GB/T2423.5“試驗(yàn)Ea”的試驗(yàn)方法進(jìn)行。碰撞：按照GB/T2423.6“試驗(yàn)Eb”的試驗(yàn)方法進(jìn)行。PC2pingPC1WEBWAFWEB修改請(qǐng)求方法和客戶(hù)端IPHTTPHTTPURLipipURLipipSYNHTTPFloodhttpflood5（基于服務(wù)器相應(yīng)站點(diǎn)），WAFHTTPHTTPURL22IP2惡意的WebWeb造成WebDoSWAFUser-Agent，特殊的攻WEBURLWeb\hFlaws>NumericSQLInjection測(cè)試項(xiàng)。IE訪(fǎng)問(wèn)，打開(kāi)WebScarab，進(jìn)行手動(dòng)輸入payload： id=9527and user=test'and keyword=test%'and9527=9527andpage=1orbenchmark(10000000,MD5(1))#EMSSQLpayload:page=1;waitfordelayFPostgreSQLpayload：page=1orid=-1andselect1union/*!select*/version();id=9527and(ascii(substring((selectusernamefromadmin),1,1)))>97id=1andselect*fromsyscat.dbauthwheregrantee=currentuser;id=1';execmaster..xp_cmdshell'ping'—id=1'and1=(selectcount(*)fromtablenames);-id=1'AND1=utl_inaddr.get_host_address((SELECTbannerFROMv$versionWHEREROWNUM=1))AND'i'='iid=1'union(selectNULL,NULL,(select@@version))–id=1'andselectcurrent_user;跨站腳本攻擊(CrossSiteScripting)Webhtml3\h04/WebGoat/attackXSS->StoredXSSAttacksmessageMIMEtype、文件的大小進(jìn)行過(guò)濾。100byteCSRF（Cross-siterequestforgery）跨站請(qǐng)求偽造攻擊通過(guò)偽裝來(lái)自受信任用戶(hù)的WebWEBCSRF（跨站請(qǐng)求偽造）<formname="form1"id=”form1”<inputname="act"value="add"<inputname="username"value="hack"<inputname="password"value="hack"<inputname="password2"value="hack"<inputname="userid"value="0"<scriptlanguage="javascript">WEB（0Day攻擊）ATPWebSQLWebWebATP開(kāi)啟WAF404aspphpWEBaspphp的目的（可以上傳下載文件，查看數(shù)據(jù)庫(kù)，執(zhí)行任意程序命令等）WEBWebShell4webShellGET/HTTP/1.1\r\nWAF1NCWAF /xx?yy=zz%20and%201=1%20or%201=2Host:\hGET/GET/xx?yy=zz%20and%201=1%20or%201=2Host:\hGET/HTTP/1.1\r\nHost:\h如果WAFHostWebWAFHTTPHostGET/xx?yy=zz%20and%201=1%20or%201=2HTTP/1.1\r\nHost:testhost\r\nGET/index.asp?id=%u0049%u0048HTTP/1.1\r\n本測(cè)試項(xiàng)目的目的是測(cè)試WAF對(duì)于HTTPunicodeGET/xx?yy=zz%u0027HTTP/1.1\r\nHost:\hWAFGET/xx?yy=zz0x00%20and%201=1%20or%201=2HTTP/1.1\r\n在特定WebWebWAFWAF1WAFsqlGET/xx?yy=zz~~%20and%201=1%20or%201=2HTTP/1.1\r\nHost:\h\r\nWAFWAFGET/xx?yy=zz&yy=tt%20and%201=1%20or%201=2HTTP/1.1\r\nHost:\h\r\nWAFGET/