应用系统安全开发技术规范(版本号V1.3)朗新科技股份有限公司二〇一五年十二月更改履历版本号修改编号更改时间更改的图表和章节号更改简要描述更改人批准人0.52013-11-24初稿施伟施伟1.02015-11-19修改宋月欣陈志明1.12015-11-30修改宋月欣陈志明1.22015-12-3修改宋月欣施伟1.32015-12-3修改施伟注:更改人除形成初稿,以后每次修改在未批准确认前均需采用修订的方式进行修改。目录1背景与目标................................................................................................................12安全编程概念............................................................................................................12.1安全编程..........................................................................................................12.2结构化编程......................................................................................................22.3脆弱性..............................................................................................................22.4可信计算..........................................................................................................22.5安全可信模块..................................................................................................32.6不可信任模块..................................................................................................32.7敏感信息..........................................................................................................32.8特权..................................................................................................................32.9信息隐藏..........................................................................................................32.10中间件..............................................................................................................32.11死锁..................................................................................................................42.12可信边界..........................................................................................................42.13元字符..............................................................................................................42.14参数化查询......................................................................................................42.15UNIXJAIL环境..............................................................................................42.16临时文件..........................................................................................................42.17信息熵..............................................................................................................52.18SSL...................................................................................................................52.19TLS..................................................................................................................52.20HTTPS.............................................................................................................52.21HTTP会话........................................................................................................52.22COOKIE.............................................................................................................62.23HTTPONLYCOOKIE..........................................................................................63安全编程...