Difference between revisions of "Taiwan"

Latest revision as of 16:07, 3 October 2019

This OWASP Chapter is inactive.  If you are interested in restarting this Chapter contact us for more information or apply to restart this chapter .

1 OWASP Taiwan
2 Upcoming Events
3 Participation
4 Sponsorship/Membership
5 Local News

OWASP Taiwan

Welcome to the Taiwan chapter homepage. The chapter leader position is OPEN.

Upcoming Events

[CHANGEME ] [CHANGEME Taiwan Schedule of Events]

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?

Local News

Meeting Location

Everyone is welcome to join us at our chapter meetings.

@@ Line 1: / Line 1: @@
-http://www.textletoeltd.com
+{{Inactive Chapter}}
-[[Image:OWASP_TW_Banner.png]]
-æ¡è¿å å¥OWASPå°ç£åæï¼ãç¶²ç«å®å¨çç¬¬ä¸æ¥ï¼å¾å å¥OWASPå°ç£åæéå§ãã
+{{Chapter Template|chaptername=Taiwan|extra=The chapter leader position is '''OPEN'''.
+|meetupurl=CHANGEME|region=Asia/Pacific/Middle East}}
-<paypal>Taiwan</paypal>
+== Local News ==
-å°ç£åææé·[mailto:[email protected] é»èæåçï¼Wayne Huangï¼]æ¨åæå·¥ä½åä»è¡·å¿è¯å®æ¨çåèï¼ä¸ç®¡æ¨å¨ä½èï¼çè³æ¨åæ¾çä¸ç¶²è·¯è¶³è·¡æ¼å°ç£ï¼æè¬æ¨é¡æè·å¤§å®¶ä¸èµ·åäº«ï¼è®æåç¨æ´å¤ä¸åçè§åº¦ä¾æª¢è¦Webå®å¨çè¶¨å¢ãå¨èãåé¡èè§£æ±ºæ¹æ¡ã
+ '''Meeting Location'''
-== æ¡è¿åè¨ OWASP å°ç£åæ ==
+Everyone is welcome to join us at our chapter meetings.
-== ææ°æ´»å ==
+[[Category:OWASP Chapter]]
-=== [[OWASP_AppSec_Asia_2007|ç¬¬ä¸å±OWASPå®æ¹äºæ´²å¹´æ(OWASP Asia 2007)]] ===
-'''Security 3.0 in Web 2.0 Age â Practices and Challenges of Web 2.0 Security'''
-[OWASP_AppSec_Asia_2007 http://www.owasp.org/images/f/f7/Owasp_taiwan_2007small.png]
-Whitehat Securityãç¾åéé(American Express)ãé¿ç¢¼ç§æ(Armorize)ãQualysçè·¨åä¼æ¥èè³å®å¬å¸çé«éä¸»ç®¡èé¦å¸ç ç©¶å¡é½èå°ç£ï¼æ¨ç¥éä»åå¦ä½çå¾Web 2.0æä»£ä¹ Security 3.0åï¼å°å°ç£èå¨ççå«ææ¯ä»éº¼ï¼ææ¿åºãä¼æ¥èä¸è¬ä½¿ç¨èåè©²å¦ä½å æï¼å¾ä¸é¢éäº2007å¹´çè³å®çå¤§æ°èï¼éé²èææ¨£çè¨æ¯ï¼
-* 5æ11æ¥èµ·ï¼Googleéå§ç£æ§éé§ç¶²ç«ï¼ä¸¦è²¼ä¸å±éªç¶²ç«ä¹æ¨ç±¤!
-* 5æ15æ¥æOWASPå¬ä½2007å¹´ææ°çåå¤§Webå¼±é»ï¼è·¨ç«è³æ¬æ»æ(XSS)ç»ä¸æ¦é¦!
-* 6æ6æ¥IBMè³¼ä½µWatchfireï¼HPé¨å³æ¼6æ19æ¥è³¼ä½µSPI Dynamics!èååçCenzicä»¥æ»²éæ¸¬è©¦æè¡æ¼6æ18æ¥ç²å¾ç¾åå°å©!
-* Web 2.0çè³å®å¨èï¼å æä¹éï¼Security 3.0ï¼æåçå¯¦åæ¡ä¾ï¼
-[[OWASP_AppSec_Asia_2007|ç¬¬ä¸å±OWASPå®æ¹äºæ´²å¹´æ]]å°æ¼9æ27æ¥(é±å)ä¸å1é»æ¼å°å¤§é«é¢åéæè°ä¸å¿201å®¤(å°åå¸ä¸æ£åå¾å·è·¯äºè)'''èè¾¦ï¼æ¡è¿æ¨ä¾å±è¥çèï¼æ»¿è¼èæ¸![[OWASP_AppSec_Asia_2007|éææ´å¤...]]
-=== [http://hitcon.org ç¬¬ä¸å±å°ç£é§å®¢å¹´æ(HIT 2007)] ===
-[http://hitcon.org ç¬¬ä¸å±å°ç£é§å®¢å¹´æ(HIT 2007)]å·²æ¼2007å¹´7æ21æ¥(é±å)è³22æ¥(é±æ¥)å¨åç«èºç£ç§æå¤§å¸å¬é¤¨æ ¡ååæ»¿è½å¹ï¼æ´»åçæ³ç©ºåï¼è©³æè«è¦ HIT 2007 å®æ¹ç¶²ç«:
-[http://hitcon.org http://www.owasp.org/images/b/b5/Owasp_taiwan_HIT-linkLOGO.gif] http://hitcon.org
-== æ¡è¿æ¨çåè ==
-å å¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨ï¼æå¡è³æ ¼å®å¨éæ¾çµ¦ä»»ä½å°æ¼æç¨ç¨å¼å®å¨æèè¶£çäººå£«ï¼
-æåé¼åµæå¡æ¼OWASPå°ç£åæåäº«ä»åçç¥èä¸¦æä¾å°é¡æ¼è¬ï¼
-èå¨å å¥æå¡åï¼è«æ¨ä»ç´°é±è®[https://www.owasp.org/index.php/Chapter_Rules åææå¡æå]ã
-è¥è¦å å¥æ¬åæçmailing listï¼è«é£çµå°[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]ç¶²é ï¼
-ææçæ´»åè¨è«èæ´»åå°é»å°éééåæ¸å®ä¾è¨è«ï¼
-æ¨ä¹å¯ä»¥å¾[http://lists.owasp.org/pipermail/owasp-taiwan/ email è¨è«åä»½]ä¸æ¾å°æåä¹åè¨è«çåä»½ã
-æå¾æéæ¨ï¼åå æ´»ååï¼è«åæ¬¡æª¢æ¥æ¨mailing listçä¿¡ä»¶ä»¥ç¢ºå®æ´»åå°é»èæéï¼ææ¯ä»»ä½æéæ´»åè¨éçäºé ã
-== æéOWASP (About OWASP) ==
-OWASP(éæ¾Webè»é«å®å¨è¨ç« - Open Web Application Security Project)æ¯ä¸åéæ¾ç¤¾ç¾¤ãéçå©æ§çµç¹ï¼ç®åå¨çæ82ååæè¿è¬åæå¡ï¼å¶ä¸»è¦ç®æ¨æ¯ç è°åå©è§£æ±ºWebè»é«å®å¨ä¹æ¨æºãå·¥å·èæè¡æä»¶ï¼é·æè´åæ¼åå©æ¿åºæä¼æ¥çè§£ä¸¦æ¹åç¶²é æç¨ç¨å¼èç¶²é æåçå®å¨æ§ãç±æ¼æç¨ç¯åæ¥å»£ï¼ç¶²é æç¨å®å¨å·²ç¶éæ¼¸çåå°éè¦ï¼ä¸¦æ¼¸æ¼¸æçºå¨å®å¨é åçä¸åç±éè©±é¡ï¼å¨æ¤åæï¼é§å®¢åä¹ææçå°ç¦é»è½ç§»å°ç¶²é æç¨ç¨å¼éç¼æææç¢ççå¼±é»ä¾é²è¡æ»æèç ´å£ã
-ç¾åè¯é¦è²¿æå§å¡æ(FTC)å¼·çå»ºè°ææä¼æ¥ééµå¾ªOWASPæç¼ä½çåå¤§Webå¼±é»é²è·å®åãç¾ååé²é¨äº¦åçºæä½³å¯¦åï¼åéä¿¡ç¨å¡è³æå®å¨æè¡PCIæ¨æºæ´å°å¶åçºå¿è¦åä»¶ãç®åOWASPæ30å¤åé²è¡ä¸çè¨ç«ï¼åæ¬æç¥åçOWASP Top 10(åå¤§Webå¼±é»)ãWebGoat(ä»£ç½ªç¾ç¾)ç·´ç¿å¹³å°ãå®å¨PHP/Java/ASP.Netçè¨ç«ï¼éå°ä¸åçè»é«å®å¨åé¡å¨é²è¡è¨è«èç ç©¶ã
-ç¶è²´å®ä½æ±ºå®éæ¾ç¶²é æåæï¼å°±å¿é è®ä¾èªæ¼å¨ççç¶²é è«æ±é²å¥å®ä½å§é¨çç¶²é ä¼ºæå¨ãé§å®¢å¯ä»¥èç±é±èå¨åæ³çç¶²é è«æ±å§ï¼ééé²ç«çãå¥ä¾µåµæ¸¬ç³»çµ±æå¶ä»é²ç¦¦ç³»çµ±çåµæ¸¬ï¼å èçä¹çé²å¥å®ä½å§é¨æèç±å®ä½ç¶²ç«åç¶è·³æ¿èä¸ç¹¼ç«èåå¶ä»åå®³èç¼åæ»æãéæå³èä¼æ¥çç¶²é ç¨å¼ç¢¼ä¹å¿é æçºæ©é(æ§)å®ä½å¨éçå®å¨é²è·ä¹ä¸ï¼ç¶å®ä½ç¶²é æåçè¦æ¨¡èè¤éæ§å¢å æï¼å®ä½æ´é²æ¼å¤çé¢¨éªä¹éæ¼¸å¢å ã
-== OWASP å°ç£åæ (OWASP Taiwan Chapter) ==
-*ç¶²é :http://www.owasp.org.tw
-*é»éµ:[email protected]
-*ç¾¤çµ:[email protected]
-*ä½å:å°åå¸115åæ¸¯åä¸éè·¯19-13è(åæ¸¯è»é«åå)Eæ£5æ¨554å®¤
-{{Chapter Template|chaptername=Taiwan|extra=The chapter leader is [mailto:[email protected] Wayne Huang]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-taiwan|emailarchives=http://lists.owasp.org/pipermail/owasp-taiwan}}
-Chapter meetings are held several times a year, typically in the offices of our sponsor.
-Please subscribe to the mailing list for meeting announcements.
-== åè²»å å¥OWASPå°ç£åæ ==
-<font color="#FF0000">
-'''å å¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨'''
-'''å å¥æå¡æ¹æ³è«è¦æ¬é ä¸æ¹'''</font> '''[[#å¦ä½å å¥æå¡|å¦ä½å å¥æå¡]]'''
-å å¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨ï¼æå¡è³æ ¼å®å¨éæ¾çµ¦ä»»ä½å°æ¼æç¨ç¨å¼å®å¨æèè¶£çäººå£«ï¼<br>
-æåé¼åµæå¡æ¼OWASPå°ç£åæåäº«ä»åçç¥èä¸¦æä¾å°é¡æ¼è¬ï¼<br>
-èå¨å å¥æå¡åï¼è«æ¨ä»ç´°é±è®[https://www.owasp.org/index.php/Chapter_Rules åææå¡æå]ã
-è¥è¦å å¥æ¬åæçmailing listï¼è«é£çµå°[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]ç¶²é ï¼<br>
-ææçæ´»åè¨è«èæ´»åå°é»å°éééåæ¸å®ä¾è¨è«ï¼<br>
-æ¨ä¹å¯ä»¥å¾[http://lists.owasp.org/pipermail/owasp-taiwan/ email è¨è«åä»½]ä¸æ¾å°æåä¹åè¨è«çåä»½ã
-æå¾æéæ¨ï¼åå æ´»ååï¼è«åæ¬¡æª¢æ¥æ¨mailing listçä¿¡ä»¶ä»¥ç¢ºå®æ´»åå°é»èæéï¼ææ¯ä»»ä½æéæ´»åè¨éçäºé ã
-== OWASPå°ç£åæ é¨è½æ ¼ blog ==
-<font color="#FF0000">éè¦ä¸æè³å®æå ±ï¼æè¡åæï¼å¸å ´è³è¨åï¼
-æ¡è¿å¸¸ä¾ [http://www.owasp.org.tw/blog OWASPå°ç£åæ é¨è½æ ¼ blog]
-[http://www.owasp.org.tw/blog http://www.owasp.org/images/d/da/OWASP_Banner_Blog.png]
-</font>
-== å¦ä½å å¥æå¡ ==
-æ¡è¿åè²»å å¥OWASP Taiwanå°ç£åæï¼å å¥æ¹å¼æä¸ç¨®ï¼ç·ä¸å ±åï¼emailå ±åä»¥åå³çå ±åï¼
-å·¥ä½åä»ææçºéç¥æææå¡æéOWASPææ°æ´»åè³è¨èåº§è«æè°ç¨.
-=== ç·ä¸å ±å ===
-è«[http://www.owasp.org.tw/member/registration.php ææ¤å¡«å¯«ç·ä¸å ±åå®]
-=== Emailå ±å ===
-è«emailï¼[mailto:[email protected] [email protected]]å å¥å°ç£åæ,è«è¨»æä¸åè³è¨.
-#å§å
-#å®ä½
-#è·ç¨±
-#é»åéµä»¶
-#è¯çµ¡é»è©±
-=== å³çå ±å ===
-è«åå°æ¤å ±åè¡¨,å¡«å¯«å¾å³çè³(02)6616-1100å³å¯.
-[[Image:owasp_taiwan_opening.jpg|800px]]
-== è¿ææ¶æ¯ ==
-*Webæç¨ç¨å¼å®å¨ç è¨æ:å¨2008å¹´7æ22æ¥èµ·ï¼è¡æ¿é¢ç èæèè³éå®å¨æå ±ææä¸å¿èè¾¦ä¹[http://www.icst.org.tw/content/application/icst2005/a1001001100110151/guest-cnt-browse.php?var=0,1001,111,100100110017,3353,plan&PHPSESSID=d4815b38629332871cf75bb829fd5546 æ¿åºæ©éè»é«å®å¨æè¡ç è¨æ]ï¼ééWeb æç¨ç¨å¼å®å¨åèæå¼å°å¥æ¡ä¾ï¼çè§£Webæç¨ç¨å¼å¯è½å¼±é»ï¼æä¾åæ©é(æ§)å§å¤ç®¡çåèã
-*Webå®å¨æ°è:å¨2007å¹´6æ11æ¥ï¼iThomeå ±å°ã[http://www.ithome.com.tw/itadm/article.php?c=43813 ç¶²ç«å®å¨æ½°å ¤ï¼ä¸å®å¨å°±æ²é¡§å®¢]ãï¼æ·±å¥è¿½è¹¤Googleæå°å¼æå ææ¡æç¶²ç«ä¹æ°æªæ½ï¼å¶æå°çµææçºæè³å®åé¡çç¶²ç«è²¼ä¸è¦åæ¨ç±¤ï¼ä¸¦é»æ¢ä½¿ç¨èç´æ¥çè¦½ã
-*OWASPå°ç£åæåå±:å¨2007å¹´4æ16è³18æ¥ï¼å°ååéè³å®å±(http://www.secutech.com/tw/is/index.asp) ééç»å ´ï¼OWASPå°ç£åæéæ¨èè¨æ¤ä½A402èA404ï¼å³å¯ç²å¾Webè³å®åç¢ä¸å¼µï¼ä¸¦è¦ªèªåæé«é©æ¯æ»²éæ¸¬è©¦ãå¼±é»ç¨½æ ¸çå³çµ±è³å®æª¢æ¸¬æ¹å¼æ´çºåªç°çèªåæºç¢¼æª¢æ¸¬æè¡ã
-*Webå®å¨æ°è:å¨2007å¹´4æ11æ¥ï¼iThomeå ±å°ã[http://www.ithome.com.tw/itadm/article.php?c=42866 OWASPå°ç£åææç«æå¡åè²»æåä¸ï¼ç¼å©æåWebå®å¨é²è·è·ä¸åéè¶¨å¢]ãã
-*Webå®å¨æ°è:å¨2007å¹´4æ9æ¥ï¼èææ¥å ±å ±å°å°ç£å·²æESPNé«è²å°çè¨±å¤èæ°ç¾çæ´»æ¯æ¯ç¸éçäºåä¸åå®ç¶²ï¼ä¸æä»¥ä¾é¸çºéé§å®¢æ¤å¥æ¨é¦¬å¾éï¼èç±è»é«å» åå°ç¡ä¿®è£ç¨å¼çãé¶æå·®æ»æãï¼Zero-Day Attackï¼ï¼ç¡è¾ä½¿ç¨èåªè¦é£ä¸ç¶²çè¦½ï¼é»è¦å°±ä¸çï¼è¼èå¸³èãå¯ç¢¼éç«ï¼èº«åè¢«çç¨ï¼éèæ©æè³æå¤æ´©æè²¡ç©æå¤±ã
-*Webæç¨ç¨å¼å®å¨ç è¨æ:å¨2007å¹´3æ27è³4æ11æ¥ï¼è¡æ¿é¢ç èæèè³éå®å¨æå ±ææä¸å¿èè¾¦ä¹[http://sid.iii.org.tw/96Q1_ISMS/ æ¿åºè³éå®å¨é²è·å·¡è¿´ç è¨æï¼è³å®ç¼å±è¶¨å¢åç¶²è·¯æç¨æåè³è¨å®å¨]ï¼æ¡è¿æ¿åºæ©é(æ§)è² è²¬è³éå®å¨ç¸éäººå¡è¸´èºåå ãNEW![https://www.owasp.org/images/b/b1/%E5%B7%A1%E8%BF%B4%E7%A0%94%E8%A8%8E%E6%9C%83%E8%AC%9B%E7%BE%A9_Web.pdf ç è¨æè¬ç¾©ä¸è¼]
-*Webå®å¨æ°è:å¨2007å¹´3æ21æ¥ï¼ä¸åæå ±å ±å°ãä¸ç¶²æä¸å®å¨åå®¶ï¼å°ç£é«å±ç¬¬äºãï¼ç±æ³åé¨èª¿æ¥å±ãåäºå±çå®ä½å±åéå°å°ç£ç¶²è·¯å®å¨é²è¡è§å¯ç¼ç¾ï¼å°ç£ç¶²è·¯çè³è¨å®å¨å¨èï¼é«å±äºæ´²ç¬¬äºï¼åæ¬¡æ¼ä¸åã2007å¹´åè³ä»ï¼å¹³åæ¯å¤©é½æç¼ç5ä»¶é§å®¢å¥ä¾µäºä»¶ã
-*Webå®å¨æ°è:å¨2007å¹´3æ8æ¥ï¼æ±æ£®æ°èå ±å°ãå°ç£é§å®¢æ»æäºä»¶åå°é¾ä¹å ï¼90ï¼éè¡æ¾éå¥ä¾µãï¼ç¶èè¨±å¤ä¼æ¥é½ä»¥æ²æé ç®çºç±ï¼ä¸é¡æå¢å é²è·è¨åèäººåï¼è¢«é§å®¢ç«æ¹å¥ä¾µç¶²é ï¼ä¸çè§£èå¾å´éçæç¾©ï¼ç¶²é æ¹åå¾ï¼ä¸¦æ²æå¢å é²è·è¨åï¼çè³éæå®ä¸ä¼æ¥è¢«é§é£çºé«é82æ¬¡ã[http://www.ettoday.com/2007/03/08/339-2063921.htm åæ°èé£çµ]
-[[Image:Owasp taiwan first gathering.png]]
-== ç¶²ç«èWebæåçäºå¤§è³å®å°å¢ ==
-#ITäººå¡ä¸è¶³
-#ç¼ºä¹è³å®é åå°æ¥ç¥è
-#åè½æ§é©æ¶çºä¸»
-#ç¼ºä¹èªååå·¥å·
-#ææ¬ãæçå°åå°æ¡æ¨¡å¼ä¸å©ç¢ºä¿å°æ¡åè³ª
-==ææ°2007å¹´OWASPåå¤§Webè³å®æ¼æ´ (2007 OWASP Top 10)==
-===åå¤§Webè³å®æ¼æ´åè¡¨===
-*A1. è·¨ç¶²ç«çå¥ä¾µåä¸²(Cross Site Scriptingï¼ç°¡ç¨±XSSï¼äº¦ç¨±çºè·¨ç«è³æ¬æ»æ)ï¼Webæç¨ç¨å¼ç´æ¥å°ä¾èªä½¿ç¨èçå·è¡è«æ±éåçè¦½å¨å·è¡ï¼ä½¿å¾æ»æèå¯æ·åä½¿ç¨èçCookieæSessionè³æèè½ååç´æ¥ç»å¥çºåæ³ä½¿ç¨èã
-*A2. æ³¨å¥ç¼ºå¤±(Injection Flaw)ï¼Webæç¨ç¨å¼å·è¡ä¾èªå¤é¨åæ¬è³æåº«å¨å§çæ¡ææä»¤ï¼SQL InjectionèCommand Injectionçæ»æåæ¬å¨å§ã
-*A3. æ¡ææªæ¡å·è¡(Malicious File Execution)ï¼Webæç¨ç¨å¼å¼å¥ä¾èªå¤é¨çæ¡ææªæ¡ä¸¦å·è¡æªæ¡å§å®¹ã
-*A4. ä¸å®å¨çç©ä»¶åè(Insecure Direct Object Reference)ï¼æ»æèå©ç¨Webæç¨ç¨å¼æ¬èº«çæªæ¡è®ååè½ä»»æååæªæ¡æéè¦è³æï¼æ¡ä¾åæ¬http://example/read.php?file=../../../../../../../c:\boot.iniã
-*A5. è·¨ç¶²ç«çå½é è¦æ± (Cross-Site Request Forgeryï¼ç°¡ç¨±CSRF): å·²ç»å¥Webæç¨ç¨å¼çåæ³ä½¿ç¨èå·è¡å°æ¡æçHTTPæä»¤ï¼ä½Webæç¨ç¨å¼å»ç¶æåæ³éæ±èçï¼ä½¿å¾æ¡ææä»¤è¢«æ£å¸¸å·è¡ï¼æ¡ä¾åæ¬ç¤¾äº¤ç¶²ç«åäº«ç QuickTimeãFlashå½±çä¸èææ¡æçHTTPè«æ±ã
-*A6. è³è¨æé²èä¸é©ç¶é¯èª¤èç½® (Information Leakage and Improper Error Handling)ï¼Webæç¨ç¨å¼çå·è¡é¯èª¤è¨æ¯åå«ææè³æï¼æ¡ä¾åæ¬:ç³»çµ±æªæ¡è·¯å¾çæé²æè³æåº«æ¬ä½åç¨±ã
-*A7. éç ´å£çéå¥èé£ç·ç®¡ç(Broken Authentication and Session Management)ï¼Webæç¨ç¨å¼ä¸èªè¡æ°å¯«çèº«åé©èç¸éåè½æç¼ºé·ã
-*A8. ä¸å®å¨çå¯ç¢¼å²åå¨ (Insecure Cryptographic Storage)ï¼Webæç¨ç¨å¼æ²æå°æææ§è³æä½¿ç¨å å¯ãä½¿ç¨è¼å¼±çå å¯æ¼ç®æ³æå°éé°å²åæ¼å®¹æè¢«åå¾ä¹èã
-*A9. ä¸å®å¨çéè¨(Insecure Communication)ï¼å³éæææ§è³ææä¸¦æªä½¿ç¨HTTPSæå¶ä»å å¯æ¹å¼ã
-*A10. çæ¼éå¶URLåå(Failure to Restrict URL Access)ï¼æäºç¶²é å çºæ²ææ¬éæ§å¶ï¼ä½¿å¾æ»æèå¯ééç¶²åç´æ¥ååï¼æ¡ä¾åæ¬åè¨±ç´æ¥ä¿®æ¹WikiæBlogç¶²é å§å®¹ã
-éæ¬¡OWASPå¬å¸æ°çTop 10åæ åºç®åçæ»æç¾æ³ï¼ä»¥ä»å¹´çºä¾ï¼Cross-Site Scripting(XSS)èª¿æ´çº10å¤§æ»æä¹é¦ï¼çå¯¦çåæ åºç®åç¶²è·¯é£éèè©æ¬ºçæ»ææ¿«ç¨XSSçæå½¢ï¼äºå¯¦ä¸ï¼ç¾ååé²é¨çBSIè¨ç«(Build-Security In,https://buildsecurityin.us-cert.gov/) åMitreç ç©¶æ©æ§çCVEè³å®èå¼±æ§åè¡¨(http://cve.mitre.org/) äº¦é¡¯ç¤º1)Cross Site Scriptingè2)SQL Injectionå·²é£çºå©å¹´åçºå¨çé èå´éè³å®å¼±é».
-===ç´æ¥èç¨å¼ç¢¼å®å¨åè³ªæé===
-*[å¿è¦*]A1. è·¨ç¶²ç«å¥ä¾µåä¸²(Cross Site Scripting)
-*[å¿è¦*]A2. æ³¨å¥ç¼ºå¤±(Injection Flaw)
-*[å»ºè°*]A3. æ¡ææªæ¡å·è¡(Malicious File Execution)
-*[å»ºè°*]A4. ä¸å®å¨çç©ä»¶åè(Insecure Direct Object Reference)
-*[é¸æ*]A5. è·¨ç¶²ç«è¦æ±å½é  (Cross-Site Request Forgery)
-<nowiki>*</nowiki>OWASPå°ç£åæå¼·çå»ºè°åå®ä½å¨é²è¡æºç¢¼æª¢æ¸¬æï¼å°¤ä»¥æ¿åºæ©é(æ§)ï¼æéµå¾ªæ¿åºè³éå®å¨ä½æ¥è¦ç¯(http://www.giscc.org.tw) ä¹ãWebæç¨ç¨å¼å®å¨åèæå¼ãï¼ä¸¦å°1è2åçºå¿è¦æª¢æ¸¬é ç®ï¼3è4åçºå»ºè°æª¢æ¸¬é ç®ï¼è5åçºé¸ææª¢æ¸¬é ç®ã
-ï¼å¨å¯¦åæ¡ä¾ä¸ï¼æª¢æ¸¬ä¸¦ä¿®æ£1è2å³å¯é¿åçµå¤§å¤æ¸çWebè³å®å¨èã
-===å ä¸è¿°æ¼æ´éæ¥é ææèWebä¼ºæå¨åå¤é¨è¨å®æé===
-*Information Leakage and Improper Error Handling
-*Broken Authentication and Session Management
-*Insecure Cryptographic Storage
-*Insecure Communications
-*Failure to Restrict URL Access
-== æå¡åè¡¨ (Member List) ==
-Coming up soon!
-[http://www.owasp.org.tw http://www.owasp.org.tw/dot.png]

Difference between revisions of "Taiwan"

Latest revision as of 16:07, 3 October 2019

OWASP Taiwan

Upcoming Events

Participation

Sponsorship/Membership

Local News

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools