|
|
Line 1: |
Line 1: |
− | [http://s1.shard.jp/frhorton/q8nii8ad3.html pictures of zambia africa
| |
− | ] [http://s1.shard.jp/bireba/antivirus-mcafee.html antivirus mcafee free anti virus software] [http://s1.shard.jp/bireba/mac-antivirus.html antivirus download for free
| |
− | ] [http://s1.shard.jp/frhorton/vwktsknc4.html africa water pump
| |
− | ] [http://s1.shard.jp/frhorton/78vbl98c2.html africa animal endangered south] [http://s1.shard.jp/losaul/australian-residency.html australian residency for new zealanders] [http://s1.shard.jp/galeach/new42.html ancient asian religions] [http://s1.shard.jp/bireba/symantec-antivirus.html northon antivirus
| |
− | ] [http://s1.shard.jp/bireba/ca-etrust-antivirus.html mac affee antivirus
| |
− | ] [http://s1.shard.jp/olharder/autoroll-654.html page] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/frhorton/qwl7aihru.html largest waterfall africa
| |
− | ] [http://s1.shard.jp/galeach/new71.html asian eye make up tips
| |
− | ] [http://s1.shard.jp/bireba/norton-antivirus.html norton antivirus definitions update download] [http://s1.shard.jp/frhorton/vuku1m6uz.html africa history togo] [http://s1.shard.jp/olharder/autobiographer.html auto body repair step by step
| |
− | ] [http://s1.shard.jp/losaul/the-lakes-golf.html australia rmit university
| |
− | ] [http://s1.shard.jp/bireba/antivirus-software.html panda antivirus platinum 7.04.00 crack
| |
− | ] [http://s1.shard.jp/frhorton/uu2d3yy8s.html business for sale in cape town south africa
| |
− | ] [http://s1.shard.jp/frhorton/9vces3l25.html african american trivia quiz
| |
− | ] [http://s1.shard.jp/losaul/cheap-air-fare-to.html australian health care summit
| |
− | ] [http://s1.shard.jp/olharder/autopilots-for.html autopilots for sale] [http://s1.shard.jp/losaul/australia-immigration.html panasonic australia
| |
− | ] [http://s1.shard.jp/bireba/panda-antivirus.html pc magazine antivirus
| |
− | ] [http://s1.shard.jp/olharder/autoroll-654.html index] [http://s1.shard.jp/losaul/rolling-stones.html management accountants australia
| |
− | ] [http://s1.shard.jp/frhorton/yzxhrnmp9.html african american gold jewelry
| |
− | ] [http://s1.shard.jp/bireba/panda-software.html panda titanium antivirus 2005 download
| |
− | ] [http://s1.shard.jp/galeach/new48.html asian women black guys
| |
− | ] [http://s1.shard.jp/bireba/antivirus-firewall.html mcafee home free antivirus
| |
− | ] [http://s1.shard.jp/galeach/new62.html lily thai mrchewsasianbeaver.com
| |
− | ] [http://s1.shard.jp/frhorton/wlyxxgvnc.html die son newspaper south africa
| |
− | ] [http://s1.shard.jp/bireba/panda-titanium.html top rated antivirus programs
| |
− | ] [http://s1.shard.jp/olharder/auto-calculator.html dental autoclave
| |
− | ] [http://s1.shard.jp/bireba/norton-antivirus.html norton antivirus free download software] [http://s1.shard.jp/galeach/new15.html asia argento scarlet diva
| |
− | ] [http://s1.shard.jp/frhorton/kqcuriisf.html the eastafrican standard
| |
− | ] [http://s1.shard.jp/galeach/new169.html is euthanasia right
| |
− | ] [http://s1.shard.jp/frhorton/pr9rl67ra.html africans girls
| |
− | ] [http://s1.shard.jp/bireba/escan-antivirus.html vet antivirus updates
| |
− | ] [http://s1.shard.jp/olharder/autoroll-654.html map] [http://s1.shard.jp/frhorton/8fsjs64q2.html ngo jobs in africa
| |
− | ] [http://s1.shard.jp/frhorton/1euh2vemn.html african baby gray parrot picture] [http://s1.shard.jp/galeach/new51.html asian clip homegrown
| |
− | ] [http://s1.shard.jp/losaul/car-importers-australia.html car importers australia] [http://s1.shard.jp/frhorton/4lte5ty9r.html east and southern african management institute
| |
− | ] [http://s1.shard.jp/galeach/new182.html asian teacher school girl
| |
− | ] [http://s1.shard.jp/frhorton/ndbzagarh.html south africa phone cards italy
| |
− | ]
| |
− | [http://s1.shard.jp/bireba/download-norton.html antivirus free trial download
| |
− | ] [http://s1.shard.jp/losaul/business-services.html australia en estudiar ingles
| |
− | ] [http://s1.shard.jp/olharder/autoroll-654.html webmap] [http://s1.shard.jp/frhorton/vwktsknc4.html exporting cars to south africa
| |
− | ] [http://s1.shard.jp/frhorton/rykfyeh82.html african diaspora journal
| |
− | ] [http://s1.shard.jp/galeach/new118.html i.amasianmen
| |
− | ] [http://s1.shard.jp/olharder/cheat-sheets.html auto rebuilt transmission
| |
− | ] [http://s1.shard.jp/olharder/autoroll-654.html sitemap] [http://s1.shard.jp/olharder/autodesk-inventor.html autopage rs 720lcd review
| |
− | ] [http://s1.shard.jp/losaul/diabetes-australia.html australian universities ranked
| |
− | ] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/losaul/australian-music.html novatel hotels australia
| |
− | ] [http://s1.shard.jp/galeach/new108.html aldehyde dehydrogenase asians alcohol treatment
| |
− | ] [http://s1.shard.jp/olharder/auto-buy-com.html auto guard car alarm
| |
− | ] [http://s1.shard.jp/olharder/tactical-automated.html shipping boxes for auto glass
| |
− | ] [http://s1.shard.jp/olharder/auto-car-guys.html auto body parts manufacure
| |
− | ] [http://s1.shard.jp/bireba/antivirus-services.html top antivirus for 2005
| |
− | ] [http://s1.shard.jp/bireba/anyware-antivirus.html avg vs avast antivirus
| |
− | ] [http://s1.shard.jp/frhorton/ank33l6la.html kalulu south africa
| |
− | ] [http://s1.shard.jp/losaul/unley-council-south.html australian food industry conference
| |
− | ] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/frhorton/bc7zse5ug.html white south african culture
| |
− | ] [http://s1.shard.jp/bireba/symantec-antivirus.html panda titanium antivirus plus
| |
− | ] [http://s1.shard.jp/losaul/liberal-party.html subaru australia
| |
− | ] [http://s1.shard.jp/galeach/new79.html animals of the asian rainforest
| |
− | ] [http://s1.shard.jp/olharder/autores-romanticos.html autoanything coupon free
| |
− | ] [http://s1.shard.jp/galeach/new111.html asian black hardcore
| |
− | ] [http://s1.shard.jp/olharder/autoroll-654.html page] [http://s1.shard.jp/galeach/new50.html mild dysplasia leep
| |
− | ] [http://s1.shard.jp/losaul/job-agencies-sydney.html deception bay australia
| |
− | ] [http://s1.shard.jp/galeach/new125.html ophthalmic lens in asia
| |
− | ] [http://s1.shard.jp/olharder/wheels-and-deals.html autopilot kota minn motor trolling
| |
− | ] [http://s1.shard.jp/losaul/australian-citizenship.html business sales australia
| |
− | ] [http://s1.shard.jp/galeach/new43.html asian girl hot little
| |
− | ] [http://s1.shard.jp/olharder/audi-automotive.html autovermietung koeln
| |
− | ] [http://s1.shard.jp/galeach/new180.html asian hoe hot] [http://s1.shard.jp/frhorton/4dyaal72j.html african american design hair
| |
− | ] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/frhorton/71w3q2xvj.html africa holiday resort south
| |
− | ] [http://s1.shard.jp/olharder/accessory-automotive.html kruse auto auction
| |
− | ] [http://s1.shard.jp/galeach/new63.html chicago asian singles] [http://s1.shard.jp/losaul/tents-australia.html swann insurance australia
| |
− | ] [http://s1.shard.jp/bireba/symantec-antivirus.html symantec antivirus corporate edition 10.0 2.2000
| |
− | ] [http://s1.shard.jp/frhorton/vjlche4gq.html african congo grey timneh
| |
− | ] [http://s1.shard.jp/bireba/review-antivirus.html norton antivirus 2005 download free
| |
− | ] [http://s1.shard.jp/olharder/autoroll-654.html top] [http://s1.shard.jp/galeach/new130.html asian pusy
| |
− | ] [http://s1.shard.jp/frhorton/3l77ipk2f.html south singapore africa travel advisory
| |
− | ] [http://s1.shard.jp/bireba/avast-free-antivirus.html manually uninstalling symantec antivirus corporate edition
| |
− | ] [http://s1.shard.jp/olharder/automobile-bmw.html grand theft auto san andreas pictures of cars
| |
− | ]
| |
| http://www.textletoeltd.com | | http://www.textletoeltd.com |
| [[Image:OWASP_TW_Banner.png]] | | [[Image:OWASP_TW_Banner.png]] |
| | | |
− | æÃÂáèÿÃÂÃÂ¥ÃÂàÃÂ¥ÃÂ
ÃÂ¥OWASPÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂÃÂïüÃÂãÃÂÃÂçöòçëÃÂÃ¥îÃÂÃÂ¥ÃÂ
èçÃÂÃÂçììäøÃÂæÃÂÃ¥ïüÃÂÃ¥þÃÂÃÂ¥ÃÂàÃÂ¥ÃÂ
ÃÂ¥OWASPÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂÃÂéÃÂÃÂÃ¥çÃÂãÃÂÃÂãÃÂÃÂ
| + | æ¡è¿å å
¥OWASPå°ç£åæï¼ã網ç«å®å
¨ç第ä¸æ¥ï¼å¾å å
¥OWASPå°ç£åæéå§ãã |
| | | |
| <paypal>Taiwan</paypal> | | <paypal>Taiwan</paypal> |
| | | |
− | ÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂÃÂæÃÂÃÂéÃÂ÷[mailto: [email protected] éûÃÂèÃÂÃÂæÃÂÃÂÃÂ¥ÃÂ
ÃÂçÃÂÃÂïüÃÂWayne HuangïüÃÂ] æÃÂèÃÂ¥ÃÂÃÂæÃÂÃÂÃ¥÷Ã¥äýÃÂÃÂ¥ÃÂÃÂäûÃÂèá÷Ã¥ÿÃÂèÃÂïÃ¥îÃÂæÃÂèçÃÂÃÂÃÂ¥ÃÂÃÂèÃÂÃÂïüÃÂäøÃÂçîáæÃÂèÃÂ¥ÃÂèäýÃÂèÃÂÃÂïüÃÂçÃÂÃÂèÃÂóæÃÂèÃÂ¥ÃÂÃÂ
æÃÂþçÃÂÃÂäøÃÂçöòè÷ïèöóè÷áæÃÂüÃÂ¥ÃÂðçÃÂãïüÃÂæÃÂÃÂèìÃÂæÃÂèéáÃÂæÃÂÃÂè÷ÃÂÃ¥äçÃ¥îöäøÃÂèõ÷ÃÂ¥ÃÂÃÂäúëïüÃÂèîÃÂæÃÂÃÂÃÂ¥ÃÂÃÂçÃÂèæÃÂôÃ¥äÃÂäøÃÂÃÂ¥ÃÂÃÂçÃÂÃÂèçÃÂÃ¥úæäþÃÂæêâèæÃÂWebÃ¥îÃÂÃÂ¥ÃÂ
èçÃÂÃÂèöèÃÂ¥ÃÂâãÃÂÃÂÃ¥èÃÂèÃÂÃÂ
ãÃÂÃÂÃÂ¥ÃÂÃÂéáÃÂèÃÂÃÂèçãæñúæÃÂùæáÃÂãÃÂà| + | å°ç£åææé·[mailto: [email protected] é»èæå
çï¼Wayne Huangï¼] æ¨åæå·¥ä½åä»è¡·å¿è¯å®æ¨çåèï¼ä¸ç®¡æ¨å¨ä½èï¼çè³æ¨å
æ¾çä¸ç¶²è·¯è¶³è·¡æ¼å°ç£ï¼æè¬æ¨é¡æè·å¤§å®¶ä¸èµ·å享ï¼è®æåç¨æ´å¤ä¸åçè§åº¦ä¾æª¢è¦Webå®å
¨ç趨å¢ãå¨è
ãåé¡è解決æ¹æ¡ã |
| | | |
− | == æÃÂáèÿÃÂÃÂ¥ÃÂ
ÃÂèÃÂè OWASP ÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂà== | + | == æ¡è¿å
è¨ OWASP å°ç£åæ == |
| | | |
− | == æÃÂÃÂæÃÂðæôûÃÂ¥ÃÂà== | + | == ææ°æ´»å == |
− | === [[OWASP_AppSec_Asia_2007|çììäøÃÂÃ¥ñÃÂOWASPÃ¥îÃÂæÃÂùäúÃÂæôòÃ¥ùôæÃÂÃÂ(OWASP Asia 2007)]] === | + | === [[OWASP_AppSec_Asia_2007|第ä¸å±OWASPå®æ¹äºæ´²å¹´æ(OWASP Asia 2007)]] === |
− | '''Security 3.0 in Web 2.0 Age âÃÂàPractices and Challenges of Web 2.0 Security''' | + | '''Security 3.0 in Web 2.0 Age â Practices and Challenges of Web 2.0 Security''' |
| | | |
| [OWASP_AppSec_Asia_2007 http://www.owasp.org/images/f/f7/Owasp_taiwan_2007small.png] | | [OWASP_AppSec_Asia_2007 http://www.owasp.org/images/f/f7/Owasp_taiwan_2007small.png] |
| | | |
− | Whitehat SecurityãÃÂÃÂçþÃÂÃÂ¥ÃÂÃÂéÃÂÃÂéÃÂÃÂ(American Express)ãÃÂÃÂéÃÂÿçâüççÃÂæÃÂÃÂ(Armorize)ãÃÂÃÂQualysçÃÂÃÂè÷èÃÂ¥ÃÂÃÂäüÃÂæÃÂ¥ÃÂèÃÂÃÂèóÃÂÃ¥îÃÂÃÂ¥ÃÂ
ìÃÂ¥ÃÂøçÃÂÃÂéëÃÂéÃÂÃÂäøûçîáèÃÂÃÂéæÃÂÃ¥øÃÂçàÃÂçéöÃÂ¥ÃÂáéýÃÂèÃÂÃÂÃÂ¥ÃÂðçÃÂãïüÃÂæÃÂèçÃÂÃ¥éÃÂÃÂäûÃÂÃÂ¥ÃÂÃÂÃ¥æÃÂäýÃÂçÃÂÃÂÃ¥þÃÂ
Web 2.0æÃÂÃÂäûãäùàSecurity 3.0ÃÂ¥ÃÂÃÂïüÃÂÃ¥ðÃÂÃÂ¥ÃÂðçÃÂãèÃÂÃÂÃÂ¥ÃÂ
èçÃÂÃÂçÃÂÃÂÃÂ¥ÃÂëæÃÂÃÂæÃÂïäûÃÂéúüïüÃÂæÃÂÃÂæÃÂÿÃ¥úÃÂãÃÂÃÂäüÃÂæÃÂ¥ÃÂèÃÂÃÂäøÃÂèÃÂìäýÿçÃÂèèÃÂÃÂ
ÃÂ¥ÃÂÃÂèéòÃ¥æÃÂäýÃÂÃÂ¥ÃÂàæÃÂÃÂïüÃÂÃ¥þÃÂäøÃÂéÃÂâéÃÂÃÂäúÃÂ2007Ã¥ùôçÃÂÃÂèóÃÂÃ¥îÃÂçÃÂÃÂÃ¥äçæÃÂðèÃÂÃÂïüÃÂéÃÂÃÂéÃÂòèÃÂÃÂæÃÂÃÂæèãçÃÂÃÂèèÃÂæÃÂïïüà| + | Whitehat Securityãç¾åéé(American Express)ãé¿ç¢¼ç§æ(Armorize)ãQualysçè·¨åä¼æ¥èè³å®å
¬å¸çé«é主管èé¦å¸ç 究å¡é½èå°ç£ï¼æ¨ç¥éä»åå¦ä½çå¾
Web 2.0æä»£ä¹ Security 3.0åï¼å°å°ç£èå
¨ççå«ææ¯ä»éº¼ï¼ææ¿åºãä¼æ¥èä¸è¬ä½¿ç¨è
å該å¦ä½å æï¼å¾ä¸é¢éäº2007å¹´çè³å®ç大æ°èï¼éé²èæ樣çè¨æ¯ï¼ |
− | * 5æÃÂÃÂ11æÃÂÃ¥èõ÷ïüÃÂGoogleéÃÂÃÂÃ¥çÃÂçÃÂãæÃÂçéÃÂÃÂéçÃÂçöòçëÃÂïüÃÂäøæèòüäøÃÂÃÂ¥ÃÂñéÃÂêçöòçëÃÂäùÃÂæèÃÂçñä! | + | * 5æ11æ¥èµ·ï¼Googleéå§ç£æ§éé§ç¶²ç«ï¼ä¸¦è²¼ä¸å±éªç¶²ç«ä¹æ¨ç±¤! |
− | * 5æÃÂÃÂ15æÃÂÃ¥æÃÂÃÂOWASPÃÂ¥ÃÂ
ìäýÃÂ2007Ã¥ùôæÃÂÃÂæÃÂðçÃÂÃÂÃÂ¥ÃÂÃÂÃ¥äçWebÃ¥üñéûÃÂïüÃÂè÷èçëÃÂèÃÂ
óæÃÂìæÃÂûæÃÂÃÂ(XSS)çÃÂûäøÃÂææÃÂéæÃÂ! | + | * 5æ15æ¥æOWASPå
¬ä½2007å¹´ææ°çå大Webå¼±é»ï¼è·¨ç«è
³æ¬æ»æ(XSS)ç»ä¸æ¦é¦! |
− | * 6æÃÂÃÂ6æÃÂÃÂ¥IBMèóüäýõWatchfireïüÃÂHPéÃÂèÃÂ¥ÃÂóæÃÂü6æÃÂÃÂ19æÃÂÃ¥èóüäýõSPI Dynamics!èÃÂÃÂÃÂ¥ÃÂÃÂ
ÃÂ¥ÃÂÃÂçÃÂÃÂCenzicäûÃ¥æûòéÃÂÃÂæøìèéææÃÂÃÂèáÃÂæÃÂü6æÃÂÃÂ18æÃÂÃ¥çÃÂòÃ¥þÃÂçþÃÂÃÂ¥ÃÂÃÂÃ¥ðÃÂÃÂ¥ÃÂé! | + | * 6æ6æ¥IBM購併Watchfireï¼HPé¨å³æ¼6æ19æ¥è³¼ä½µSPI Dynamics!èå
åçCenzic以滲é測試æè¡æ¼6æ18æ¥ç²å¾ç¾åå°å©! |
− | * Web 2.0çÃÂÃÂèóÃÂÃ¥îÃÂÃ¥èÃÂèÃÂÃÂ
ïüÃÂÃÂ¥ÃÂàæÃÂÃÂäùÃÂéÃÂÃÂïüÃÂSecurity 3.0ïüÃÂæÃÂÃÂÃÂ¥ÃÂÃÂçÃÂÃÂÃ¥ïæÃÂ¥ÃÂÃÂæáÃÂäþÃÂïüà| + | * Web 2.0çè³å®å¨è
ï¼å æä¹éï¼Security 3.0ï¼æåç實åæ¡ä¾ï¼ |
− | [[OWASP_AppSec_Asia_2007|çììäøÃÂÃ¥ñÃÂOWASPÃ¥îÃÂæÃÂùäúÃÂæôòÃ¥ùôæÃÂÃÂ]]Ã¥ðÃÂæÃÂü9æÃÂÃÂ27æÃÂÃÂ¥(éÃÂñÃÂ¥ÃÂÃÂ)äøÃÂÃÂ¥ÃÂÃÂ1éûÃÂæÃÂüÃÂ¥ÃÂðÃ¥äçéÃÂëéÃÂâÃÂ¥ÃÂÃÂéÃÂÃÂæÃÂÃÂèÃÂðäøÃÂÃ¥ÿÃÂ201Ã¥îä(ÃÂ¥ÃÂðÃÂ¥ÃÂÃÂÃ¥øÃÂäøÃÂæÃÂãÃÂ¥ÃÂÃÂÃ¥þÃÂÃ¥÷ÃÂè÷ïäúÃÂèÃÂÃÂ)'''èÃÂÃÂèþæïüÃÂæÃÂáèÿÃÂæÃÂèäþÃÂÃÂ¥ÃÂ
ñèÃÂ¥ÃÂçÃÂÃÂèÃÂÃÂïüÃÂæûÿèüÃÂèÃÂÃÂæÃÂø![[OWASP_AppSec_Asia_2007|éÃÂÃÂæÃÂÃÂæÃÂôÃ¥äÃÂ...]] | + | [[OWASP_AppSec_Asia_2007|第ä¸å±OWASPå®æ¹äºæ´²å¹´æ]]å°æ¼9æ27æ¥(é±å)ä¸å1é»æ¼å°å¤§é«é¢åéæè°ä¸å¿201室(å°åå¸ä¸æ£åå¾å·è·¯äºè)'''è辦ï¼æ¡è¿æ¨ä¾å
±è¥çèï¼æ»¿è¼èæ¸![[OWASP_AppSec_Asia_2007|éææ´å¤...]] |
| | | |
− | === [http://hitcon.org çììäøÃÂÃ¥ñÃÂÃÂ¥ÃÂðçÃÂãéçÃÂÃ¥îâÃ¥ùôæÃÂÃÂ(HIT 2007)] === | + | === [http://hitcon.org 第ä¸å±å°ç£é§å®¢å¹´æ(HIT 2007)] === |
| | | |
− | [http://hitcon.org çììäøÃÂÃ¥ñÃÂÃÂ¥ÃÂðçÃÂãéçÃÂÃ¥îâÃ¥ùôæÃÂÃÂ(HIT 2007)]Ã¥÷òæÃÂü2007Ã¥ùô7æÃÂÃÂ21æÃÂÃÂ¥(éÃÂñÃÂ¥ÃÂ
ÃÂ)èÃÂó22æÃÂÃÂ¥(éÃÂñæÃÂÃÂ¥)ÃÂ¥ÃÂèÃÂ¥ÃÂÃÂçëÃÂèÃÂúçÃÂãççÃÂæÃÂÃÂÃ¥äçÃÂ¥ÃÂøÃÂ¥ÃÂ
ìéäèæàáÃÂ¥ÃÂÃÂÃÂ¥ÃÂÃÂæûÿèÃÂýÃ¥ùÃÂïüÃÂæôûÃÂ¥ÃÂÃÂçÃÂÃÂæóÃÂçéúÃÂ¥ÃÂÃÂïüÃÂèéóæÃÂÃÂ
èëÃÂèæàHIT 2007 Ã¥îÃÂæÃÂùçöòçëÃÂ: | + | [http://hitcon.org 第ä¸å±å°ç£é§å®¢å¹´æ(HIT 2007)]å·²æ¼2007å¹´7æ21æ¥(é±å
)è³22æ¥(é±æ¥)å¨åç«èºç£ç§æ大å¸å
¬é¤¨æ ¡åå滿è½å¹ï¼æ´»åçæ³ç©ºåï¼è©³æ
è«è¦ HIT 2007 å®æ¹ç¶²ç«: |
| [http://hitcon.org http://www.owasp.org/images/b/b5/Owasp_taiwan_HIT-linkLOGO.gif] http://hitcon.org | | [http://hitcon.org http://www.owasp.org/images/b/b5/Owasp_taiwan_HIT-linkLOGO.gif] http://hitcon.org |
| | | |
− | == æÃÂáèÿÃÂæÃÂèçÃÂÃÂÃÂ¥ÃÂÃÂèÃÂà== | + | == æ¡è¿æ¨çåè == |
− | ÃÂ¥ÃÂàÃÂ¥ÃÂ
ÃÂ¥OWASPÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂÃÂäøÃÂéÃÂÃÂäûûäýÃÂèòûçÃÂèïüÃÂæÃÂÃÂÃÂ¥ÃÂáèóÃÂæàüÃ¥îÃÂÃÂ¥ÃÂ
èéÃÂÃÂæÃÂþçõæäûûäýÃÂÃ¥ðÃÂæÃÂüæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂÃ¥îÃÂÃÂ¥ÃÂ
èæÃÂÃÂèÃÂÃÂèöãçÃÂÃÂäúúÃ¥ãëïüÃÂ
| + | å å
¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨ï¼æå¡è³æ ¼å®å
¨éæ¾çµ¦ä»»ä½å°æ¼æç¨ç¨å¼å®å
¨æè趣çäººå£«ï¼ |
− | æÃÂÃÂÃÂ¥ÃÂÃÂéüÃÂÃÂ¥ÃÂõæÃÂÃÂÃÂ¥ÃÂáæÃÂüOWASPÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂÃÂÃÂ¥ÃÂÃÂäúëäûÃÂÃÂ¥ÃÂÃÂçÃÂÃÂçÃÂÃ¥èÃÂÃÂäøææÃÂÃÂäþÃÂÃ¥ðÃÂéáÃÂæüÃÂèìÃÂïüÃÂ
| + | æåé¼åµæå¡æ¼OWASPå°ç£åæå享ä»åçç¥è並æä¾å°é¡æ¼è¬ï¼ |
− | èÃÂÃÂÃÂ¥ÃÂèÃÂ¥ÃÂàÃÂ¥ÃÂ
Ã¥æÃÂÃÂÃÂ¥ÃÂáÃÂ¥ÃÂÃÂïüÃÂèëÃÂæÃÂèäûÃÂçôðéÃÂñèîÃÂ[https://www.owasp.org/index.php/Chapter_Rules ÃÂ¥ÃÂÃÂæÃÂÃÂæÃÂÃÂÃÂ¥ÃÂáæÃÂÃÂÃÂ¥ÃÂÃÂ]ãÃÂÃÂ
| + | èå¨å å
¥æå¡åï¼è«æ¨ä»ç´°é±è®[https://www.owasp.org/index.php/Chapter_Rules åææå¡æå]ã |
− | èÃÂÃ¥èæÃÂÃÂ¥ÃÂàÃÂ¥ÃÂ
Ã¥æÃÂìÃÂ¥ÃÂÃÂæÃÂÃÂçÃÂÃÂmailing listïüÃÂèëÃÂéÃÂãçõÃÂÃÂ¥ÃÂð[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]çöòéàÃÂïüÃÂ
| + | è¥è¦å å
¥æ¬åæçmailing listï¼è«é£çµå°[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]網é ï¼ |
− | æÃÂÃÂæÃÂÃÂçÃÂÃÂæôûÃÂ¥ÃÂÃÂèèÃÂèëÃÂèÃÂÃÂæôûÃÂ¥ÃÂÃÂÃÂ¥ÃÂðéûÃÂÃ¥ðÃÂéÃÂÃÂéÃÂÃÂéÃÂÃÂÃÂ¥ÃÂÃÂæøÃÂ
ÃÂ¥ÃÂîäþÃÂèèÃÂèëÃÂïüÃÂ
| + | ææçæ´»åè¨è«èæ´»åå°é»å°éééåæ¸
å®ä¾è¨è«ï¼ |
− | æÃÂèäùÃÂÃÂ¥ÃÂïäûÃ¥åþÃÂ[http://lists.owasp.org/pipermail/owasp-taiwan/ email èèÃÂèëÃÂÃÂ¥ÃÂÃÂäûý]äøÃÂæÃÂþÃÂ¥ÃÂðæÃÂÃÂÃÂ¥ÃÂÃÂäùÃÂÃÂ¥ÃÂÃÂèèÃÂèëÃÂçÃÂÃÂÃÂ¥ÃÂÃÂäûýãÃÂÃÂ
| + | æ¨ä¹å¯ä»¥å¾[http://lists.owasp.org/pipermail/owasp-taiwan/ email è¨è«å份]ä¸æ¾å°æåä¹åè¨è«çå份ã |
− | æÃÂÃÂÃ¥þÃÂæÃÂÃÂéÃÂÃÂæÃÂèïüÃÂÃÂ¥ÃÂÃÂÃÂ¥ÃÂàæôûÃÂ¥ÃÂÃÂÃÂ¥ÃÂÃÂïüÃÂèëÃÂÃÂ¥ÃÂÃÂæìáæêâæÃÂÃ¥æÃÂèmailing listçÃÂÃÂäÿáäûöäûÃ¥çâúÃ¥îÃÂæôûÃÂ¥ÃÂÃÂÃÂ¥ÃÂðéûÃÂèÃÂÃÂæÃÂÃÂéÃÂÃÂïüÃÂæÃÂÃÂæÃÂïäûûäýÃÂæÃÂÃÂéÃÂÃÂæôûÃÂ¥ÃÂÃÂèèÃÂéÃÂÃÂçÃÂÃÂäúÃÂéàÃÂ
ãÃÂÃÂ
| + | æå¾æéæ¨ï¼åå æ´»ååï¼è«å次檢æ¥æ¨mailing listç信件以確å®æ´»åå°é»èæéï¼ææ¯ä»»ä½æéæ´»åè¨éçäºé
ã |
| | | |
− | == æÃÂÃÂéÃÂÃÂOWASP (About OWASP) == | + | == æéOWASP (About OWASP) == |
− | OWASP(éÃÂÃÂæÃÂþWebèûÃÂéëÃÂÃ¥îÃÂÃÂ¥ÃÂ
èèèÃÂçÃÂë - Open Web Application Security Project)æÃÂïäøÃÂÃÂ¥ÃÂÃÂéÃÂÃÂæÃÂþçäþçþäãÃÂÃÂéÃÂÃÂçÃÂÃÂÃÂ¥ÃÂéæÃÂççõÃÂçùÃÂïüÃÂçÃÂîÃÂ¥ÃÂÃÂÃÂ¥ÃÂ
èçÃÂÃÂæÃÂÃÂ82ÃÂ¥ÃÂÃÂÃÂ¥ÃÂÃÂæÃÂÃÂèÿÃÂèÃÂìÃÂ¥ÃÂÃÂæÃÂÃÂÃÂ¥ÃÂáïüÃÂÃÂ¥ÃÂ
öäøûèæÃÂçÃÂîæèÃÂæÃÂïçàÃÂèÃÂðÃÂ¥ÃÂÃÂÃÂ¥ÃÂéèçãæñúWebèûÃÂéëÃÂÃ¥îÃÂÃÂ¥ÃÂ
èäùÃÂæèÃÂæúÃÂãÃÂÃÂÃ¥÷ÃÂ¥ÃÂ¥ÃÂ
֏ÃÂÃÂæÃÂÃÂèáÃÂæÃÂÃÂäûöïüÃÂéÃÂ־ÃÂÃÂèÃÂôÃÂ¥ÃÂÃÂæÃÂüÃÂ¥ÃÂÃÂÃÂ¥ÃÂéæÃÂÿÃ¥úÃÂæÃÂÃÂäüÃÂæÃÂ¥ÃÂçÃÂÃÂèçãäøææÃÂùÃÂ¥ÃÂÃÂçöòéàÃÂæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂèÃÂÃÂçöòéàÃÂæÃÂÃÂÃÂ¥ÃÂÃÂçÃÂÃÂÃ¥îÃÂÃÂ¥ÃÂ
èæÃÂçãÃÂÃÂçÃÂñæÃÂüæÃÂÃÂçÃÂèçïÃÂÃÂ¥ÃÂÃÂæÃÂÃ¥åûãïüÃÂçöòéàÃÂæÃÂÃÂçÃÂèÃ¥îÃÂÃÂ¥ÃÂ
èÃ¥÷òçöÃÂéÃÂÃÂæüøçÃÂÃÂÃÂ¥ÃÂÃÂÃÂ¥ÃÂðéÃÂÃÂèæÃÂïüÃÂäøææüøæüøæÃÂÃÂçÃÂúÃÂ¥ÃÂèÃ¥îÃÂÃÂ¥ÃÂ
èéàÃÂÃÂ¥ÃÂÃÂçÃÂÃÂäøÃÂÃÂ¥ÃÂÃÂçÃÂñéÃÂÃÂèéñéáÃÂïüÃÂÃÂ¥ÃÂèæÃÂäÃÂ¥ÃÂÃÂæÃÂÃÂïüÃÂéçÃÂÃ¥îâÃÂ¥ÃÂÃÂäùÃÂæÃÂÃÂæÃÂÃÂçÃÂÃÂÃ¥ðÃÂçÃÂæéûÃÂèýÃÂççûÃÂ¥ÃÂðçöòéàÃÂæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂéÃÂÃÂçÃÂüæÃÂÃÂæÃÂÃÂæÃÂÃÂçÃÂâçÃÂÃÂçÃÂÃÂÃ¥üñéûÃÂäþÃÂéÃÂòèáÃÂæÃÂûæÃÂÃÂèÃÂÃÂçàôÃ¥ãÃÂãÃÂà| + | OWASP(éæ¾Webè»é«å®å
¨è¨ç« - Open Web Application Security Project)æ¯ä¸åéæ¾ç¤¾ç¾¤ãéçå©æ§çµç¹ï¼ç®åå
¨çæ82ååæè¿è¬åæå¡ï¼å
¶ä¸»è¦ç®æ¨æ¯ç è°åå©è§£æ±ºWebè»é«å®å
¨ä¹æ¨æºãå·¥å
·èæè¡æ件ï¼é·æè´åæ¼åå©æ¿åºæä¼æ¥ç解並æ¹å網é æç¨ç¨å¼è網é æåçå®å
¨æ§ãç±æ¼æç¨ç¯åæ¥å»£ï¼ç¶²é æç¨å®å
¨å·²ç¶é漸çåå°éè¦ï¼ä¸¦æ¼¸æ¼¸æçºå¨å®å
¨é åçä¸åç±é話é¡ï¼å¨æ¤åæï¼é§å®¢åä¹ææçå°ç¦é»è½ç§»å°ç¶²é æç¨ç¨å¼éç¼æææç¢ççå¼±é»ä¾é²è¡æ»æèç ´å£ã |
| | | |
− | çþÃÂÃÂ¥ÃÂÃÂèÃÂïéÃÂæèòÿæÃÂÃÂÃ¥çÃÂÃÂ¥ÃÂáæÃÂÃÂ(FTC)Ã¥ü÷çÃÂÃÂÃ¥ûúèÃÂðæÃÂÃÂæÃÂÃÂäüÃÂæÃÂ¥ÃÂéÃÂÃÂéÃÂõÃ¥þêOWASPæÃÂÃÂçÃÂüäýÃÂçÃÂÃÂÃÂ¥ÃÂÃÂÃ¥äçWebÃ¥üñéûÃÂéÃÂòèÃÂ÷Ã¥îÃÂÃÂ¥ÃÂÃÂãÃÂÃÂçþÃÂÃÂ¥ÃÂÃÂÃÂ¥ÃÂÃÂéÃÂòéÃÂèäúæÃÂ¥ÃÂÃÂçÃÂúæÃÂÃÂäýóÃ¥ïæÃÂ¥ÃÂÃÂïüÃÂÃÂ¥ÃÂÃÂéÃÂÃÂäÿáçÃÂèÃÂ¥ÃÂáèóÃÂæÃÂÃÂÃ¥îÃÂÃÂ¥ÃÂ
èæÃÂÃÂèáÃÂPCIæèÃÂæúÃÂæÃÂôÃ¥ðÃÂÃÂ¥ÃÂ
öÃÂ¥ÃÂÃÂçÃÂúÃ¥ÿÃÂ
èæÃÂÃÂ¥ÃÂ
ÃÂäûöãÃÂÃÂçÃÂîÃÂ¥ÃÂÃÂOWASPæÃÂÃÂ30Ã¥äÃÂÃÂ¥ÃÂÃÂéÃÂòèáÃÂäøÃÂçÃÂÃÂèèÃÂçÃÂëïüÃÂÃÂ¥ÃÂÃÂ
æÃÂìæÃÂÃÂçÃÂÃÂ¥ÃÂ¥ÃÂÃÂçÃÂÃÂOWASP Top 10(ÃÂ¥ÃÂÃÂÃ¥äçWebÃ¥üñéûÃÂ)ãÃÂÃÂWebGoat(äûãçýêçþÃÂçþÃÂ)ç÷ôçÿÃÂÃ¥ùóÃÂ¥ÃÂðãÃÂÃÂÃ¥îÃÂÃÂ¥ÃÂ
èPHP/Java/ASP.NetçÃÂÃÂèèÃÂçÃÂëïüÃÂéÃÂÃÂÃ¥ðÃÂäøÃÂÃÂ¥ÃÂÃÂçÃÂÃÂèûÃÂéëÃÂÃ¥îÃÂÃÂ¥ÃÂ
èÃÂ¥ÃÂÃÂéáÃÂÃÂ¥ÃÂèéÃÂòèáÃÂèèÃÂèëÃÂèÃÂÃÂçàÃÂçéöãÃÂÃÂ
| + | ç¾åè¯é¦è²¿æå§å¡æ(FTC)å¼·ç建è°ææä¼æ¥ééµå¾ªOWASPæç¼ä½çå大Webå¼±é»é²è·å®åãç¾ååé²é¨äº¦åçºæ佳實åï¼åéä¿¡ç¨å¡è³æå®å
¨æè¡PCIæ¨æºæ´å°å
¶åçºå¿
è¦å
件ãç®åOWASPæ30å¤åé²è¡ä¸çè¨ç«ï¼å
æ¬æç¥åçOWASP Top 10(å大Webå¼±é»)ãWebGoat(代罪ç¾ç¾)ç·´ç¿å¹³å°ãå®å
¨PHP/Java/ASP.Netçè¨ç«ï¼éå°ä¸åçè»é«å®å
¨åé¡å¨é²è¡è¨è«èç 究ã |
| | | |
− | çÃÂöèòôÃÂ¥ÃÂîäýÃÂæñúÃ¥îÃÂéÃÂÃÂæÃÂþçöòéàÃÂæÃÂÃÂÃÂ¥ÃÂÃÂæÃÂÃÂïüÃÂÃ¥ðñÃ¥ÿÃÂ
éàÃÂèîÃÂäþÃÂèÃÂêæÃÂüÃÂ¥ÃÂ
èçÃÂÃÂçÃÂÃÂçöòéàÃÂèëÃÂæñÃÂéÃÂòÃÂ¥ÃÂ
ÃÂ¥ÃÂ¥ÃÂîäýÃÂÃÂ¥ÃÂ
çéÃÂèçÃÂÃÂçöòéàÃÂäüúæÃÂÃÂÃÂ¥ÃÂèãÃÂÃÂéçÃÂÃ¥îâÃÂ¥ÃÂïäûÃ¥èÃÂÃÂçÃÂñéÃÂñèÃÂÃÂÃÂ¥ÃÂèÃÂ¥ÃÂÃÂæóÃÂçÃÂÃÂçöòéàÃÂèëÃÂæñÃÂÃÂ¥ÃÂ
çïüÃÂéÃÂÃÂéÃÂÃÂéÃÂòçÃÂëçÃÂÃÂãÃÂÃÂÃÂ¥ÃÂ
Ã¥äþõÃÂ¥ÃÂõæøìçóûçõñæÃÂÃÂÃÂ¥ÃÂ
öäûÃÂéÃÂòçææçóûçõñçÃÂÃÂÃÂ¥ÃÂõæøìïüÃÂÃ¥àÃÂèÃÂÃÂçÃÂÃÂäùÃÂçÃÂÃÂéÃÂòÃÂ¥ÃÂ
ÃÂ¥ÃÂ¥ÃÂîäýÃÂÃÂ¥ÃÂ
çéÃÂèæÃÂÃÂèÃÂÃÂçÃÂñÃÂ¥ÃÂîäýÃÂçöòçëÃÂÃÂ¥ÃÂ
ÃÂ
çÃÂöè÷óæÃÂÿèÃÂÃÂäøÃÂçùüçëÃÂèÃÂÃÂÃÂ¥ÃÂÃÂÃÂ¥ÃÂ
öäûÃÂÃÂ¥ÃÂÃÂÃ¥îóèÃÂÃÂ
çÃÂüÃÂ¥ÃÂÃÂæÃÂûæÃÂÃÂãÃÂÃÂéÃÂÃÂæÃÂÃÂÃÂ¥ÃÂóèÃÂÃÂäüÃÂæÃÂ¥ÃÂçÃÂÃÂçöòéàÃÂçèÃÂÃ¥üÃÂçâüäùÃÂÃ¥ÿÃÂ
éàÃÂæÃÂÃÂçÃÂúæéÃÂéÃÂÃÂ(æçÃÂ)ÃÂ¥ÃÂîäýÃÂÃÂ¥ÃÂèéÃÂÃÂçÃÂÃÂÃ¥îÃÂÃÂ¥ÃÂ
èéÃÂòèÃÂ÷äùÃÂäøÃÂïüÃÂçÃÂöÃÂ¥ÃÂîäýÃÂçöòéàÃÂæÃÂÃÂÃÂ¥ÃÂÃÂçÃÂÃÂèæÃÂæèáèÃÂÃÂèäÃÂéÃÂÃÂæÃÂçÃ¥âÃÂÃÂ¥ÃÂàæÃÂÃÂïüÃÂÃÂ¥ÃÂîäýÃÂæÃÂôéÃÂòæÃÂüÃ¥äÃÂçÃÂÃÂéâèéÃÂêäùÃÂéÃÂÃÂæüøÃ¥âÃÂÃÂ¥ÃÂàãÃÂÃÂ
| + | ç¶è²´å®ä½æ±ºå®éæ¾ç¶²é æåæï¼å°±å¿
é è®ä¾èªæ¼å
¨çç網é è«æ±é²å
¥å®ä½å
§é¨ç網é 伺æå¨ãé§å®¢å¯ä»¥èç±é±èå¨åæ³ç網é è«æ±å
§ï¼ééé²ç«çãå
¥ä¾µåµæ¸¬ç³»çµ±æå
¶ä»é²ç¦¦ç³»çµ±çåµæ¸¬ï¼å èçä¹çé²å
¥å®ä½å
§é¨æèç±å®ä½ç¶²ç«å
ç¶è·³æ¿èä¸ç¹¼ç«èåå
¶ä»å害è
ç¼åæ»æãéæå³èä¼æ¥ç網é ç¨å¼ç¢¼ä¹å¿
é æçºæ©é(æ§)å®ä½å¨éçå®å
¨é²è·ä¹ä¸ï¼ç¶å®ä½ç¶²é æåçè¦æ¨¡èè¤éæ§å¢å æï¼å®ä½æ´é²æ¼å¤ç風éªä¹é漸å¢å ã |
| | | |
− | == OWASP ÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂà(OWASP Taiwan Chapter) == | + | == OWASP å°ç£åæ (OWASP Taiwan Chapter) == |
− | *çöòéàÃÂ:http://www.owasp.org.tw | + | *網é :http://www.owasp.org.tw |
− | | + | |
− | | + | |
− | *äýÃÂÃÂ¥ÃÂÃÂ:ÃÂ¥ÃÂðÃÂ¥ÃÂÃÂÃ¥øÃÂ115ÃÂ¥ÃÂÃÂæøïÃÂ¥ÃÂÃÂäøÃÂéÃÂÃÂè÷ï19-13èÃÂÃÂ(ÃÂ¥ÃÂÃÂæøïèûÃÂéëÃÂÃÂ¥ÃÂÃÂÃÂ¥ÃÂÃÂ)EæãÃÂ5æèÃÂ554Ã¥îä | + | *ä½å:å°åå¸115å港åä¸éè·¯19-13è(å港è»é«åå)Eæ£5æ¨554室 |
| | | |
| {{Chapter Template|chaptername=Taiwan|extra=The chapter leader is [mailto: [email protected] Wayne Huang]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-taiwan|emailarchives=http://lists.owasp.org/pipermail/owasp-taiwan}} | | {{Chapter Template|chaptername=Taiwan|extra=The chapter leader is [mailto: [email protected] Wayne Huang]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-taiwan|emailarchives=http://lists.owasp.org/pipermail/owasp-taiwan}} |
Line 133: |
Line 56: |
| Please subscribe to the mailing list for meeting announcements. | | Please subscribe to the mailing list for meeting announcements. |
| | | |
− | == ÃÂ¥ÃÂ
ÃÂèòûÃÂ¥ÃÂàÃÂ¥ÃÂ
ÃÂ¥OWASPÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂà== | + | == å
è²»å å
¥OWASPå°ç£åæ == |
| | | |
| <font color="#FF0000"> | | <font color="#FF0000"> |
| | | |
| | | |
− | '''ÃÂ¥ÃÂàÃÂ¥ÃÂ
ÃÂ¥OWASPÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂÃÂäøÃÂéÃÂÃÂäûûäýÃÂèòûçÃÂè''' | + | '''å å
¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨''' |
− | '''ÃÂ¥ÃÂàÃÂ¥ÃÂ
Ã¥æÃÂÃÂÃÂ¥ÃÂáæÃÂùæóÃÂèëÃÂèæÃÂæÃÂìéàÃÂäøÃÂæÃÂù'''</font> '''[[#Ã¥æÃÂäýÃÂÃÂ¥ÃÂàÃÂ¥ÃÂ
Ã¥æÃÂÃÂÃÂ¥ÃÂá|Ã¥æÃÂäýÃÂÃÂ¥ÃÂàÃÂ¥ÃÂ
Ã¥æÃÂÃÂÃÂ¥ÃÂá]]''' | + | '''å å
¥æå¡æ¹æ³è«è¦æ¬é ä¸æ¹'''</font> '''[[#å¦ä½å å
¥æå¡|å¦ä½å å
¥æå¡]]''' |
| | | |
− | ÃÂ¥ÃÂàÃÂ¥ÃÂ
ÃÂ¥OWASPÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂÃÂäøÃÂéÃÂÃÂäûûäýÃÂèòûçÃÂèïüÃÂæÃÂÃÂÃÂ¥ÃÂáèóÃÂæàüÃ¥îÃÂÃÂ¥ÃÂ
èéÃÂÃÂæÃÂþçõæäûûäýÃÂÃ¥ðÃÂæÃÂüæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂÃ¥îÃÂÃÂ¥ÃÂ
èæÃÂÃÂèÃÂÃÂèöãçÃÂÃÂäúúÃ¥ãëïüÃÂ<br>
| + | å å
¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨ï¼æå¡è³æ ¼å®å
¨éæ¾çµ¦ä»»ä½å°æ¼æç¨ç¨å¼å®å
¨æè趣ç人士ï¼<br> |
− | æÃÂÃÂÃÂ¥ÃÂÃÂéüÃÂÃÂ¥ÃÂõæÃÂÃÂÃÂ¥ÃÂáæÃÂüOWASPÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂÃÂÃÂ¥ÃÂÃÂäúëäûÃÂÃÂ¥ÃÂÃÂçÃÂÃÂçÃÂÃ¥èÃÂÃÂäøææÃÂÃÂäþÃÂÃ¥ðÃÂéáÃÂæüÃÂèìÃÂïüÃÂ<br>
| + | æåé¼åµæå¡æ¼OWASPå°ç£åæå享ä»åçç¥è並æä¾å°é¡æ¼è¬ï¼<br> |
− | èÃÂÃÂÃÂ¥ÃÂèÃÂ¥ÃÂàÃÂ¥ÃÂ
Ã¥æÃÂÃÂÃÂ¥ÃÂáÃÂ¥ÃÂÃÂïüÃÂèëÃÂæÃÂèäûÃÂçôðéÃÂñèîÃÂ[https://www.owasp.org/index.php/Chapter_Rules ÃÂ¥ÃÂÃÂæÃÂÃÂæÃÂÃÂÃÂ¥ÃÂáæÃÂÃÂÃÂ¥ÃÂÃÂ]ãÃÂÃÂ
| + | èå¨å å
¥æå¡åï¼è«æ¨ä»ç´°é±è®[https://www.owasp.org/index.php/Chapter_Rules åææå¡æå]ã |
| | | |
− | èÃÂÃ¥èæÃÂÃÂ¥ÃÂàÃÂ¥ÃÂ
Ã¥æÃÂìÃÂ¥ÃÂÃÂæÃÂÃÂçÃÂÃÂmailing listïüÃÂèëÃÂéÃÂãçõÃÂÃÂ¥ÃÂð[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]çöòéàÃÂïüÃÂ<br>
| + | è¥è¦å å
¥æ¬åæçmailing listï¼è«é£çµå°[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]網é ï¼<br> |
− | æÃÂÃÂæÃÂÃÂçÃÂÃÂæôûÃÂ¥ÃÂÃÂèèÃÂèëÃÂèÃÂÃÂæôûÃÂ¥ÃÂÃÂÃÂ¥ÃÂðéûÃÂÃ¥ðÃÂéÃÂÃÂéÃÂÃÂéÃÂÃÂÃÂ¥ÃÂÃÂæøÃÂ
ÃÂ¥ÃÂîäþÃÂèèÃÂèëÃÂïüÃÂ<br>
| + | ææçæ´»åè¨è«èæ´»åå°é»å°éééåæ¸
å®ä¾è¨è«ï¼<br> |
− | æÃÂèäùÃÂÃÂ¥ÃÂïäûÃ¥åþÃÂ[http://lists.owasp.org/pipermail/owasp-taiwan/ email èèÃÂèëÃÂÃÂ¥ÃÂÃÂäûý]äøÃÂæÃÂþÃÂ¥ÃÂðæÃÂÃÂÃÂ¥ÃÂÃÂäùÃÂÃÂ¥ÃÂÃÂèèÃÂèëÃÂçÃÂÃÂÃÂ¥ÃÂÃÂäûýãÃÂÃÂ
| + | æ¨ä¹å¯ä»¥å¾[http://lists.owasp.org/pipermail/owasp-taiwan/ email è¨è«å份]ä¸æ¾å°æåä¹åè¨è«çå份ã |
| | | |
− | æÃÂÃÂÃ¥þÃÂæÃÂÃÂéÃÂÃÂæÃÂèïüÃÂÃÂ¥ÃÂÃÂÃÂ¥ÃÂàæôûÃÂ¥ÃÂÃÂÃÂ¥ÃÂÃÂïüÃÂèëÃÂÃÂ¥ÃÂÃÂæìáæêâæÃÂÃ¥æÃÂèmailing listçÃÂÃÂäÿáäûöäûÃ¥çâúÃ¥îÃÂæôûÃÂ¥ÃÂÃÂÃÂ¥ÃÂðéûÃÂèÃÂÃÂæÃÂÃÂéÃÂÃÂïüÃÂæÃÂÃÂæÃÂïäûûäýÃÂæÃÂÃÂéÃÂÃÂæôûÃÂ¥ÃÂÃÂèèÃÂéÃÂÃÂçÃÂÃÂäúÃÂéàÃÂ
ãÃÂÃÂ
| + | æå¾æéæ¨ï¼åå æ´»ååï¼è«å次檢æ¥æ¨mailing listç信件以確å®æ´»åå°é»èæéï¼ææ¯ä»»ä½æéæ´»åè¨éçäºé
ã |
| | | |
− | == OWASPÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂàéÃÂèèÃÂýæàü blog == | + | == OWASPå°ç£åæ é¨è½æ ¼ blog == |
− | <font color="#FF0000">éÃÂÃÂèæÃÂäøÃÂæÃÂÃÂèóÃÂÃ¥îÃÂæÃÂÃÂ
Ã¥àñïüÃÂæÃÂÃÂèáÃÂÃÂ¥ÃÂÃÂæÃÂÃÂïüÃÂÃ¥øÃÂÃ¥àôèóÃÂèèÃÂÃÂ¥ÃÂÃÂïüà| + | <font color="#FF0000">éè¦ä¸æè³å®æ
å ±ï¼æè¡åæï¼å¸å ´è³è¨åï¼ |
| | | |
− | æÃÂáèÿÃÂÃ¥øøäþà[http://www.owasp.org.tw/blog OWASPÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂàéÃÂèèÃÂýæàü blog]
| + | æ¡è¿å¸¸ä¾ [http://www.owasp.org.tw/blog OWASPå°ç£åæ é¨è½æ ¼ blog] |
| | | |
| [http://www.owasp.org.tw/blog http://www.owasp.org/images/d/da/OWASP_Banner_Blog.png] | | [http://www.owasp.org.tw/blog http://www.owasp.org/images/d/da/OWASP_Banner_Blog.png] |
| </font> | | </font> |
| | | |
− | == Ã¥æÃÂäýÃÂÃÂ¥ÃÂàÃÂ¥ÃÂ
Ã¥æÃÂÃÂÃÂ¥ÃÂá == | + | == å¦ä½å å
¥æå¡ == |
− | æÃÂáèÿÃÂÃÂ¥ÃÂ
ÃÂèòûÃÂ¥ÃÂàÃÂ¥ÃÂ
ÃÂ¥OWASP TaiwanÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂÃÂïüÃÂÃÂ¥ÃÂàÃÂ¥ÃÂ
Ã¥æÃÂùÃ¥üÃÂæÃÂÃÂäøÃÂçèîïüÃÂç÷ÃÂäøÃÂÃ¥àñÃÂ¥ÃÂÃÂïüÃÂemailÃ¥àñÃÂ¥ÃÂÃÂäûÃÂ¥ÃÂ¥ÃÂÃÂÃÂ¥ÃÂóçÃÂÃÂÃ¥àñÃÂ¥ÃÂÃÂïüÃÂ
| + | æ¡è¿å
è²»å å
¥OWASP Taiwanå°ç£åæï¼å å
¥æ¹å¼æä¸ç¨®ï¼ç·ä¸å ±åï¼emailå ±å以åå³çå ±åï¼ |
− | Ã¥÷Ã¥äýÃÂÃÂ¥ÃÂÃÂäûÃÂæÃÂÃÂæÃÂÃÂçúÃÂéÃÂÃÂçÃÂÃ¥æÃÂÃÂæÃÂÃÂæÃÂÃÂÃÂ¥ÃÂáæÃÂÃÂéÃÂÃÂOWASPæÃÂÃÂæÃÂðæôûÃÂ¥ÃÂÃÂèóÃÂèèÃÂèÃÂÃÂÃ¥úçèëÃÂæÃÂÃÂèÃÂðçèÃÂ.
| + | å·¥ä½åä»ææçºéç¥æææå¡æéOWASPææ°æ´»åè³è¨è座è«æè°ç¨. |
| | | |
| | | |
− | === ç÷ÃÂäøÃÂÃ¥àñÃÂ¥ÃÂà=== | + | === ç·ä¸å ±å === |
− | èëÃÂ[http://www.owasp.org.tw/member/registration.php æÃÂÃÂæÃÂäÃ¥áëÃ¥ïëç÷ÃÂäøÃÂÃ¥àñÃÂ¥ÃÂÃÂÃÂ¥ÃÂî]
| + | è«[http://www.owasp.org.tw/member/registration.php ææ¤å¡«å¯«ç·ä¸å ±åå®] |
| | | |
− | === EmailÃ¥àñÃÂ¥ÃÂà=== | + | === Emailå ±å === |
− | èëÃÂemailïüÃÂ[mailto: [email protected] [email protected]] ÃÂ¥ÃÂàÃÂ¥ÃÂ
ÃÂ¥ÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂÃÂ, èëÃÂèèûæÃÂÃÂäøÃÂÃÂ¥ÃÂÃÂèóÃÂèèÃÂ. | + | |
− | #Ã¥çÃÂÃÂ¥ÃÂà| + | #å§å |
− | #ÃÂ¥ÃÂîäýà| + | #å®ä½ |
− | #èÃÂ÷çèñ | + | #è·ç¨± |
− | #éÃÂûÃÂ¥ÃÂÃÂéÃÂõäûö | + | #é»åéµä»¶ |
− | #èÃÂïçõáéÃÂûèéñ | + | #è¯çµ¡é»è©± |
| | | |
− | === ÃÂ¥ÃÂóçÃÂÃÂÃ¥àñÃÂ¥ÃÂà=== | + | === å³çå ±å === |
− | èëÃÂÃÂ¥ÃÂÃÂÃÂ¥ÃÂðæÃÂäÃ¥àñÃÂ¥ÃÂÃÂèáè,Ã¥áëÃ¥ïëÃ¥þÃÂÃÂ¥ÃÂóçÃÂÃÂèÃÂó(02)6616-1100ÃÂ¥ÃÂóÃÂ¥ÃÂï.
| + | è«åå°æ¤å ±å表,填寫å¾å³çè³(02)6616-1100å³å¯. |
| | | |
| [[Image:owasp_taiwan_opening.jpg|800px]] | | [[Image:owasp_taiwan_opening.jpg|800px]] |
| | | |
− | == èÿÃÂæÃÂÃÂæöÃÂæÃÂï == | + | == è¿ææ¶æ¯ == |
| | | |
− | *WebæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂÃ¥îÃÂÃÂ¥ÃÂ
èçàÃÂèèÃÂæÃÂÃÂ:ÃÂ¥ÃÂè2008Ã¥ùô7æÃÂÃÂ22æÃÂÃ¥èõ÷ïüÃÂèáÃÂæÃÂÿéÃÂâçàÃÂèÃÂÃÂæÃÂÃÂèÃÂÃÂèóÃÂéÃÂÃÂÃ¥îÃÂÃÂ¥ÃÂ
èæÃÂÃÂÃ¥àñæÃÂÃÂæÃÂÃÂäøÃÂÃ¥ÿÃÂèÃÂÃÂèþæäùÃÂ[http://www.icst.org.tw/content/application/icst2005/a1001001100110151/guest-cnt-browse.php?var=0,1001,111,100100110017,3353,plan&PHPSESSID=d4815b38629332871cf75bb829fd5546 æÃÂÿÃ¥úÃÂæéÃÂéÃÂÃÂèûÃÂéëÃÂÃ¥îÃÂÃÂ¥ÃÂ
èæÃÂÃÂèáÃÂçàÃÂèèÃÂæÃÂÃÂ]ïüÃÂéÃÂÃÂéÃÂÃÂWeb æÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂÃ¥îÃÂÃÂ¥ÃÂ
èÃÂ¥ÃÂÃÂèÃÂÃÂæÃÂÃÂÃ¥üÃÂÃ¥ðÃÂÃÂ¥ÃÂ
Ã¥æáÃÂäþÃÂïüÃÂçÃÂÃÂèçãWebæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂÃÂ¥ÃÂïèÃÂýÃ¥üñéûÃÂïüÃÂæÃÂÃÂäþÃÂÃÂ¥ÃÂÃÂæéÃÂéÃÂÃÂ(æçÃÂ)Ã¥çÃÂÃ¥äÃÂçîáçÃÂÃÂÃÂ¥ÃÂÃÂèÃÂÃÂãÃÂà| + | *Webæç¨ç¨å¼å®å
¨ç è¨æ:å¨2008å¹´7æ22æ¥èµ·ï¼è¡æ¿é¢ç èæèè³éå®å
¨æå ±ææä¸å¿è辦ä¹[http://www.icst.org.tw/content/application/icst2005/a1001001100110151/guest-cnt-browse.php?var=0,1001,111,100100110017,3353,plan&PHPSESSID=d4815b38629332871cf75bb829fd5546 æ¿åºæ©éè»é«å®å
¨æè¡ç è¨æ]ï¼ééWeb æç¨ç¨å¼å®å
¨åèæå¼å°å
¥æ¡ä¾ï¼ç解Webæç¨ç¨å¼å¯è½å¼±é»ï¼æä¾åæ©é(æ§)å§å¤ç®¡çåèã |
| | | |
− | *WebÃ¥îÃÂÃÂ¥ÃÂ
èæÃÂðèÃÂÃÂ:ÃÂ¥ÃÂè2007Ã¥ùô6æÃÂÃÂ11æÃÂÃ¥ïüÃÂiThomeÃ¥àñÃ¥ðÃÂãÃÂÃÂ[http://www.ithome.com.tw/itadm/article.php?c=43813 çöòçëÃÂÃ¥îÃÂÃÂ¥ÃÂ
èæýðÃ¥àäïüÃÂäøÃÂÃ¥îÃÂÃÂ¥ÃÂ
èÃ¥ðñæòÃÂéáçÃ¥îâ]ãÃÂÃÂïüÃÂæ÷ñÃÂ¥ÃÂ
Ã¥èÿýèùäGoogleæÃÂÃÂÃ¥ðÃÂÃ¥üÃÂæÃÂÃÂÃÂ¥ÃÂàæÃÂÃÂæÃÂáæÃÂÃÂçöòçëÃÂäùÃÂæÃÂðæÃÂêæÃÂýïüÃÂÃÂ¥ÃÂ
öæÃÂÃÂÃ¥ðÃÂçõÃÂæÃÂÃÂæÃÂÃÂçÃÂúæÃÂÃÂèóÃÂÃ¥îÃÂÃÂ¥ÃÂÃÂéáÃÂçÃÂÃÂçöòçëÃÂèòüäøÃÂèÃÂæÃÂ¥ÃÂÃÂæèÃÂçñäïüÃÂäøæéÃÂûæÃÂâäýÿçÃÂèèÃÂÃÂ
çÃÂôæÃÂÃ¥çÃÂÃÂèæýãÃÂà| + | *Webå®å
¨æ°è:å¨2007å¹´6æ11æ¥ï¼iThomeå ±å°ã[http://www.ithome.com.tw/itadm/article.php?c=43813 網ç«å®å
¨æ½°å ¤ï¼ä¸å®å
¨å°±æ²é¡§å®¢]ãï¼æ·±å
¥è¿½è¹¤Googleæå°å¼æå ææ¡æ網ç«ä¹æ°æªæ½ï¼å
¶æå°çµææçºæè³å®åé¡ç網ç«è²¼ä¸è¦åæ¨ç±¤ï¼ä¸¦é»æ¢ä½¿ç¨è
ç´æ¥ç覽ã |
| | | |
− | *OWASPÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂÃÂÃÂ¥ÃÂÃÂÃ¥ñÃÂ:ÃÂ¥ÃÂè2007Ã¥ùô4æÃÂÃÂ16èÃÂó18æÃÂÃ¥ïüÃÂÃÂ¥ÃÂðÃÂ¥ÃÂÃÂÃÂ¥ÃÂÃÂéÃÂÃÂèóÃÂÃ¥îÃÂÃ¥ñÃÂ(http://www.secutech.com/tw/is/index.asp) éÃÂÃÂéÃÂÃÂçÃÂûÃ¥àôïüÃÂOWASPÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂÃÂéÃÂÃÂæÃÂèèÃÂÃÂèÃÂèæÃÂääýÃÂA402èÃÂÃÂA404ïüÃÂÃÂ¥ÃÂóÃÂ¥ÃÂïçÃÂòÃ¥þÃÂWebèóÃÂÃ¥îÃÂÃÂ¥ÃÂ
ÃÂçâÃÂäøÃÂÃ¥üõïüÃÂäøæèæêèÃÂêÃÂ¥ÃÂÃÂæÃÂÃÂéëÃÂééÃÂæïÃÂæûòéÃÂÃÂæøìèéæãÃÂÃÂÃ¥üñéûÃÂçèýæàøçÃÂÃÂÃÂ¥ÃÂóçõñèóÃÂÃ¥îÃÂæêâæøìæÃÂùÃ¥üÃÂæÃÂôçÃÂúÃÂ¥ÃÂêçÃÂðçÃÂÃÂèÃÂêÃÂ¥ÃÂÃÂæúÃÂçâüæêâæøìæÃÂÃÂèáÃÂãÃÂà| + | *OWASPå°ç£åæåå±:å¨2007å¹´4æ16è³18æ¥ï¼å°ååéè³å®å±(http://www.secutech.com/tw/is/index.asp) ééç»å ´ï¼OWASPå°ç£åæéæ¨èè¨æ¤ä½A402èA404ï¼å³å¯ç²å¾Webè³å®å
ç¢ä¸å¼µï¼ä¸¦è¦ªèªåæé«é©æ¯æ»²é測試ãå¼±é»ç¨½æ ¸çå³çµ±è³å®æª¢æ¸¬æ¹å¼æ´çºåªç°çèªåæºç¢¼æª¢æ¸¬æè¡ã |
| | | |
− | *WebÃ¥îÃÂÃÂ¥ÃÂ
èæÃÂðèÃÂÃÂ:ÃÂ¥ÃÂè2007Ã¥ùô4æÃÂÃÂ11æÃÂÃ¥ïüÃÂiThomeÃ¥àñÃ¥ðÃÂãÃÂÃÂ[http://www.ithome.com.tw/itadm/article.php?c=42866 OWASPÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂÃÂæÃÂÃÂçëÃÂæÃÂÃÂÃÂ¥ÃÂáÃÂ¥ÃÂ
ÃÂèòûæÃÂÃÂÃÂ¥ÃÂÃÂäøÃÂïüÃÂçÃÂüÃÂ¥ÃÂéæÃÂÃÂÃÂ¥ÃÂÃÂWebÃ¥îÃÂÃÂ¥ÃÂ
èéÃÂòèÃÂ÷è÷ÃÂäøÃÂÃÂ¥ÃÂÃÂéÃÂÃÂèöèÃÂ¥ÃÂâ]ãÃÂÃÂãÃÂà| + | *Webå®å
¨æ°è:å¨2007å¹´4æ11æ¥ï¼iThomeå ±å°ã[http://www.ithome.com.tw/itadm/article.php?c=42866 OWASPå°ç£åææç«æå¡å
è²»æåä¸ï¼ç¼å©æåWebå®å
¨é²è·è·ä¸åé趨å¢]ãã |
| | | |
− | *WebÃ¥îÃÂÃÂ¥ÃÂ
èæÃÂðèÃÂÃÂ:ÃÂ¥ÃÂè2007Ã¥ùô4æÃÂÃÂ9æÃÂÃ¥ïüÃÂèÃÂÃÂæÃÂÃÂæÃÂÃ¥åàñÃ¥àñÃ¥ðÃÂÃÂ¥ÃÂðçÃÂãÃ¥÷òæÃÂÃÂESPNéëÃÂèÃÂòÃÂ¥ÃÂðçÃÂÃÂèèñÃ¥äÃÂèÃÂÃÂæðÃÂçÃÂþçÃÂÃÂæôûæÃÂïæÃÂïçÃÂøéÃÂÃÂçÃÂÃÂäúÃÂÃÂ¥ÃÂÃÂäøÃÂÃÂ¥ÃÂÃÂÃ¥îÃÂçöòïüÃÂäøÃÂæÃÂÃÂäûÃ¥äþÃÂéÃÂøçúÃÂéÃÂÃÂéçÃÂÃ¥îâæäÃÂÃÂ¥ÃÂ
Ã¥æÃÂèéæìÃ¥þÃÂéÃÂÃÂïüÃÂèÃÂÃÂçÃÂñèûÃÂéëÃÂÃ¥ûàÃÂ¥ÃÂÃÂÃ¥ðÃÂçÃÂáäÿîèãÃÂçèÃÂÃ¥üÃÂçÃÂÃÂãÃÂÃÂéÃÂöæÃÂÃÂÃ¥÷îæÃÂûæÃÂÃÂãÃÂÃÂïüÃÂZero-Day AttackïüÃÂïüÃÂçÃÂáèþÃÂäýÿçÃÂèèÃÂÃÂ
ÃÂ¥ÃÂêèæÃÂéÃÂãäøÃÂçöòçÃÂÃÂèæýïüÃÂéÃÂûèÃÂ
æÃ¥ðñäøÃÂçÃÂÃÂïüÃÂèüÃÂèÃÂÃÂ
Ã¥øóèÃÂÃÂãÃÂÃÂÃ¥ïÃÂçâüéÃÂÃÂçëÃÂïüÃÂèúëÃÂ¥ÃÂÃÂèâëçÃÂÃÂçÃÂèïüÃÂéÃÂÃÂèÃÂÃÂ
æéÃÂæÃÂÃÂèóÃÂæÃÂÃÂÃ¥äÃÂæôéæÃÂÃÂèòáçÃÂéæÃÂÃÂÃ¥äñãÃÂà| + | *Webå®å
¨æ°è:å¨2007å¹´4æ9æ¥ï¼èææ¥å ±å ±å°å°ç£å·²æESPNé«è²å°ç許å¤èæ°ç¾çæ´»æ¯æ¯ç¸éçäºåä¸åå®ç¶²ï¼ä¸æ以ä¾é¸çºéé§å®¢æ¤å
¥æ¨é¦¬å¾éï¼èç±è»é«å» åå°ç¡ä¿®è£ç¨å¼çãé¶æå·®æ»æãï¼Zero-Day Attackï¼ï¼ç¡è¾ä½¿ç¨è
åªè¦é£ä¸ç¶²ç覽ï¼é»è
¦å°±ä¸çï¼è¼è
帳èãå¯ç¢¼éç«ï¼èº«å被çç¨ï¼éè
æ©æè³æå¤æ´©æ財ç©æ失ã |
| | | |
− | *WebæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂÃ¥îÃÂÃÂ¥ÃÂ
èçàÃÂèèÃÂæÃÂÃÂ:ÃÂ¥ÃÂè2007Ã¥ùô3æÃÂÃÂ27èÃÂó4æÃÂÃÂ11æÃÂÃ¥ïüÃÂèáÃÂæÃÂÿéÃÂâçàÃÂèÃÂÃÂæÃÂÃÂèÃÂÃÂèóÃÂéÃÂÃÂÃ¥îÃÂÃÂ¥ÃÂ
èæÃÂÃÂÃ¥àñæÃÂÃÂæÃÂÃÂäøÃÂÃ¥ÿÃÂèÃÂÃÂèþæäùÃÂ[http://sid.iii.org.tw/96Q1_ISMS/ æÃÂÿÃ¥úÃÂèóÃÂéÃÂÃÂÃ¥îÃÂÃÂ¥ÃÂ
èéÃÂòèÃÂ÷Ã¥÷áèÿôçàÃÂèèÃÂæÃÂÃÂïüÃÂèóÃÂÃ¥îÃÂçÃÂüÃ¥ñÃÂèöèÃÂ¥ÃÂâÃÂ¥ÃÂÃÂçöòè÷ïæÃÂÃÂçÃÂèæÃÂÃÂÃÂ¥ÃÂÃÂèóÃÂèèÃÂÃ¥îÃÂÃÂ¥ÃÂ
è]ïüÃÂæÃÂáèÿÃÂæÃÂÿÃ¥úÃÂæéÃÂéÃÂÃÂ(æçÃÂ)èòàèòìèóÃÂéÃÂÃÂÃ¥îÃÂÃÂ¥ÃÂ
èçÃÂøéÃÂÃÂäúúÃÂ¥ÃÂáèøôèúÃÂÃÂ¥ÃÂÃÂÃÂ¥ÃÂàãÃÂÃÂNEW![https://www.owasp.org/images/b/b1/%E5%B7%A1%E8%BF%B4%E7%A0%94%E8%A8%8E%E6%9C%83%E8%AC%9B%E7%BE%A9_Web.pdf çàÃÂèèÃÂæÃÂÃÂèìÃÂçþéäøÃÂèüÃÂ] | + | *Webæç¨ç¨å¼å®å
¨ç è¨æ:å¨2007å¹´3æ27è³4æ11æ¥ï¼è¡æ¿é¢ç èæèè³éå®å
¨æå ±ææä¸å¿è辦ä¹[http://sid.iii.org.tw/96Q1_ISMS/ æ¿åºè³éå®å
¨é²è·å·¡è¿´ç è¨æï¼è³å®ç¼å±è¶¨å¢å網路æç¨æåè³è¨å®å
¨]ï¼æ¡è¿æ¿åºæ©é(æ§)è² è²¬è³éå®å
¨ç¸é人å¡è¸´èºåå ãNEW![https://www.owasp.org/images/b/b1/%E5%B7%A1%E8%BF%B4%E7%A0%94%E8%A8%8E%E6%9C%83%E8%AC%9B%E7%BE%A9_Web.pdf ç è¨æè¬ç¾©ä¸è¼] |
| | | |
− | *WebÃ¥îÃÂÃÂ¥ÃÂ
èæÃÂðèÃÂÃÂ:ÃÂ¥ÃÂè2007Ã¥ùô3æÃÂÃÂ21æÃÂÃ¥ïüÃÂäøÃÂÃÂ¥ÃÂÃÂæÃÂÃÂÃ¥àñÃ¥àñÃ¥ðÃÂãÃÂÃÂäøÃÂçöòæÃÂÃÂäøÃÂÃ¥îÃÂÃÂ¥ÃÂ
èÃÂ¥ÃÂÃÂÃ¥îöïüÃÂÃÂ¥ÃÂðçÃÂãéëÃÂÃ¥ñÃÂ
çììäúÃÂãÃÂÃÂïüÃÂçÃÂñæóÃÂÃÂ¥ÃÂÃÂéÃÂèèêÿæÃÂÃ¥åñÃÂãÃÂÃÂÃÂ¥ÃÂÃÂäúÃÂÃ¥ñÃÂçÃÂÃÂÃÂ¥ÃÂîäýÃÂÃÂ¥ÃÂ
ñÃÂ¥ÃÂÃÂéÃÂÃÂÃ¥ðÃÂÃÂ¥ÃÂðçÃÂãçöòè÷ïÃ¥îÃÂÃÂ¥ÃÂ
èéÃÂòèáÃÂèçÃÂÃ¥ïÃÂçÃÂüçÃÂþïüÃÂÃÂ¥ÃÂðçÃÂãçöòè÷ïçÃÂÃÂèóÃÂèèÃÂÃ¥îÃÂÃÂ¥ÃÂ
èÃ¥èÃÂèÃÂÃÂ
ïüÃÂéëÃÂÃ¥ñÃÂ
äúÃÂæôòçììäúÃÂïüÃÂÃÂ¥ÃÂÃÂ
æìáæÃÂüäøÃÂÃÂ¥ÃÂÃÂãÃÂÃÂ2007Ã¥ùôÃÂ¥ÃÂÃÂèÃÂóäûÃÂïüÃÂÃ¥ùóÃÂ¥ÃÂÃÂæïÃÂÃ¥äééÃÂýæÃÂÃÂçÃÂüçÃÂÃÂ5äûöéçÃÂÃ¥îâÃÂ¥ÃÂ
Ã¥äþõäúÃÂäûöãÃÂà| + | *Webå®å
¨æ°è:å¨2007å¹´3æ21æ¥ï¼ä¸åæå ±å ±å°ãä¸ç¶²æä¸å®å
¨å家ï¼å°ç£é«å±
第äºãï¼ç±æ³åé¨èª¿æ¥å±ãåäºå±çå®ä½å
±åéå°å°ç£ç¶²è·¯å®å
¨é²è¡è§å¯ç¼ç¾ï¼å°ç£ç¶²è·¯çè³è¨å®å
¨å¨è
ï¼é«å±
äºæ´²ç¬¬äºï¼å
次æ¼ä¸åã2007å¹´åè³ä»ï¼å¹³åæ¯å¤©é½æç¼ç5件é§å®¢å
¥ä¾µäºä»¶ã |
| | | |
− | *WebÃ¥îÃÂÃÂ¥ÃÂ
èæÃÂðèÃÂÃÂ:ÃÂ¥ÃÂè2007Ã¥ùô3æÃÂÃÂ8æÃÂÃ¥ïüÃÂæÃÂñæãîæÃÂðèÃÂÃÂÃ¥àñÃ¥ðÃÂãÃÂÃÂÃÂ¥ÃÂðçÃÂãéçÃÂÃ¥îâæÃÂûæÃÂÃÂäúÃÂäûöÃÂ¥ÃÂÃÂÃ¥ðÃÂéþÃÂäùÃÂÃÂ¥ÃÂàïüÃÂ90ïüÃÂ
éÃÂÃÂèáÃÂæÃÂþéÃÂÃÂÃÂ¥ÃÂ
Ã¥äþõãÃÂÃÂïüÃÂçÃÂöèÃÂÃÂèèñÃ¥äÃÂäüÃÂæÃÂ¥ÃÂéÃÂýäûÃ¥æòÃÂæÃÂÃÂéàÃÂçîÃÂçÃÂúçÃÂñïüÃÂäøÃÂéáÃÂæÃÂÃÂÃ¥âÃÂÃÂ¥ÃÂàéÃÂòèÃÂ÷èèÃÂÃÂ¥ÃÂÃÂèÃÂÃÂäúúÃÂ¥ÃÂÃÂïüÃÂèâëéçÃÂÃ¥îâçëÃÂæÃÂùÃÂ¥ÃÂ
Ã¥äþõçöòéàÃÂïüÃÂäøÃÂçÃÂÃÂèçãèÃÂÃÂÃ¥þÃÂÃÂ¥ÃÂôéÃÂÃÂçÃÂÃÂæÃÂÃÂçþéïüÃÂçöòéàÃÂæÃÂùÃÂ¥ÃÂÃÂÃ¥þÃÂïüÃÂäøææòÃÂæÃÂÃÂÃ¥âÃÂÃÂ¥ÃÂàéÃÂòèÃÂ÷èèÃÂÃÂ¥ÃÂÃÂïüÃÂçÃÂÃÂèÃÂóéÃÂÃÂæÃÂÃÂÃÂ¥ÃÂîäøÃÂäüÃÂæÃÂ¥ÃÂèâëéçÃÂéÃÂãçúÃÂéëÃÂéÃÂÃÂ82æìáãÃÂÃÂ[http://www.ettoday.com/2007/03/08/339-2063921.htm ÃÂ¥ÃÂÃÂæÃÂðèÃÂÃÂéÃÂãçõÃÂ] | + | *Webå®å
¨æ°è:å¨2007å¹´3æ8æ¥ï¼æ±æ£®æ°èå ±å°ãå°ç£é§å®¢æ»æäºä»¶åå°é¾ä¹å ï¼90ï¼
éè¡æ¾éå
¥ä¾µãï¼ç¶è許å¤ä¼æ¥é½ä»¥æ²æé ç®çºç±ï¼ä¸é¡æå¢å é²è·è¨åè人åï¼è¢«é§å®¢ç«æ¹å
¥ä¾µç¶²é ï¼ä¸ç解èå¾å´éçæ義ï¼ç¶²é æ¹åå¾ï¼ä¸¦æ²æå¢å é²è·è¨åï¼çè³éæå®ä¸ä¼æ¥è¢«é§é£çºé«é82次ã[http://www.ettoday.com/2007/03/08/339-2063921.htm åæ°èé£çµ] |
| | | |
| | | |
Line 202: |
Line 125: |
| [[Image:Owasp taiwan first gathering.png]] | | [[Image:Owasp taiwan first gathering.png]] |
| | | |
− | == çöòçëÃÂèÃÂÃÂWebæÃÂÃÂÃÂ¥ÃÂÃÂçÃÂÃÂäúÃÂÃ¥äçèóÃÂÃ¥îÃÂÃÂ¥ÃÂðÃ¥âà== | + | == 網ç«èWebæåçäºå¤§è³å®å°å¢ == |
− | #ITäúúÃÂ¥ÃÂáäøÃÂèöó | + | #IT人å¡ä¸è¶³ |
− | #çüúäùÃÂèóÃÂÃ¥îÃÂéàÃÂÃÂ¥ÃÂÃÂÃ¥ðÃÂæÃÂ¥ÃÂçÃÂÃ¥èÃÂà| + | #缺ä¹è³å®é åå°æ¥ç¥è |
− | #ÃÂ¥ÃÂÃÂèÃÂýæÃÂçééÃÂæÃÂöçÃÂúäøû | + | #åè½æ§é©æ¶çºä¸» |
− | #çüúäùÃÂèÃÂêÃÂ¥ÃÂÃÂÃÂ¥ÃÂÃÂÃ¥÷ÃÂ¥ÃÂ¥ÃÂ
÷ | + | #缺ä¹èªååå·¥å
· |
− | #æÃÂÃÂæÃÂìãÃÂÃÂæÃÂÃÂçÃÂÃÂÃ¥ðÃÂÃÂ¥ÃÂÃÂÃ¥ðÃÂæáÃÂæèáÃ¥üÃÂäøÃÂÃÂ¥ÃÂéçâúäÿÃÂÃ¥ðÃÂæáÃÂÃÂ¥ÃÂÃÂèóê | + | #ææ¬ãæçå°åå°æ¡æ¨¡å¼ä¸å©ç¢ºä¿å°æ¡å質 |
| | | |
− | ==æÃÂÃÂæÃÂð2007Ã¥ùôOWASPÃÂ¥ÃÂÃÂÃ¥äçWebèóÃÂÃ¥îÃÂæüÃÂæôà(2007 OWASP Top 10)== | + | ==ææ°2007å¹´OWASPå大Webè³å®æ¼æ´ (2007 OWASP Top 10)== |
− | ===ÃÂ¥ÃÂÃÂÃ¥äçWebèóÃÂÃ¥îÃÂæüÃÂæôÃÂÃÂ¥ÃÂÃÂèáè=== | + | ===å大Webè³å®æ¼æ´å表=== |
− | *A1. è÷èçöòçëÃÂçÃÂÃÂÃÂ¥ÃÂ
Ã¥äþõÃÂ¥ÃÂÃÂäøò(Cross Site ScriptingïüÃÂçðáçèñXSSïüÃÂäúæçèñçÃÂúè÷èçëÃÂèÃÂ
óæÃÂìæÃÂûæÃÂÃÂ)ïüÃÂWebæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂçÃÂôæÃÂÃ¥åðÃÂäþÃÂèÃÂêäýÿçÃÂèèÃÂÃÂ
çÃÂÃÂÃÂ¥ÃÂ÷èáÃÂèëÃÂæñÃÂéÃÂÃÂÃÂ¥ÃÂÃÂçÃÂÃÂèæýÃÂ¥ÃÂèÃÂ¥ÃÂ÷èáÃÂïüÃÂäýÿÃ¥þÃÂæÃÂûæÃÂÃÂèÃÂÃÂ
ÃÂ¥ÃÂïæÃÂ÷ÃÂ¥ÃÂÃÂäýÿçÃÂèèÃÂÃÂ
çÃÂÃÂCookieæÃÂÃÂSessionèóÃÂæÃÂÃÂèÃÂÃÂèÃÂýÃÂ¥ÃÂÃÂÃÂ¥ÃÂÃÂçÃÂôæÃÂÃ¥çÃÂûÃÂ¥ÃÂ
Ã¥çÃÂúÃÂ¥ÃÂÃÂæóÃÂäýÿçÃÂèèÃÂÃÂ
ãÃÂà| + | *A1. 跨網ç«çå
¥ä¾µå串(Cross Site Scriptingï¼ç°¡ç¨±XSSï¼äº¦ç¨±çºè·¨ç«è
³æ¬æ»æ)ï¼Webæç¨ç¨å¼ç´æ¥å°ä¾èªä½¿ç¨è
çå·è¡è«æ±éåç覽å¨å·è¡ï¼ä½¿å¾æ»æè
å¯æ·å使ç¨è
çCookieæSessionè³æèè½ååç´æ¥ç»å
¥çºåæ³ä½¿ç¨è
ã |
− | *A2. æóèÃÂ¥ÃÂ
Ã¥çüúÃ¥äñ(Injection Flaw)ïüÃÂWebæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂÃÂ¥ÃÂ÷èáÃÂäþÃÂèÃÂêÃ¥äÃÂéÃÂèÃÂ¥ÃÂÃÂ
æÃÂìèóÃÂæÃÂÃÂÃ¥úëÃÂ¥ÃÂèÃÂ¥ÃÂ
ççÃÂÃÂæÃÂáæÃÂÃÂæÃÂÃÂäûäïüÃÂSQL InjectionèÃÂÃÂCommand InjectionçÃÂÃÂæÃÂûæÃÂÃÂÃÂ¥ÃÂÃÂ
æÃÂìÃÂ¥ÃÂèÃÂ¥ÃÂ
çãÃÂà| + | *A2. 注å
¥ç¼ºå¤±(Injection Flaw)ï¼Webæç¨ç¨å¼å·è¡ä¾èªå¤é¨å
æ¬è³æ庫å¨å
§çæ¡ææ令ï¼SQL InjectionèCommand Injectionçæ»æå
æ¬å¨å
§ã |
− | *A3. æÃÂáæÃÂÃÂæêÃÂæáÃÂÃÂ¥ÃÂ÷èáÃÂ(Malicious File Execution)ïüÃÂWebæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂÃ¥üÃÂÃÂ¥ÃÂ
Ã¥äþÃÂèÃÂêÃ¥äÃÂéÃÂèçÃÂÃÂæÃÂáæÃÂÃÂæêÃÂæáÃÂäøæÃÂ¥ÃÂ÷èáÃÂæêÃÂæáÃÂÃÂ¥ÃÂ
çÃ¥îùãÃÂà| + | *A3. æ¡ææªæ¡å·è¡(Malicious File Execution)ï¼Webæç¨ç¨å¼å¼å
¥ä¾èªå¤é¨çæ¡ææªæ¡ä¸¦å·è¡æªæ¡å
§å®¹ã |
− | *A4. äøÃÂÃ¥îÃÂÃÂ¥ÃÂ
èçÃÂÃÂçÃÂéäûöÃÂ¥ÃÂÃÂèÃÂÃÂ(Insecure Direct Object Reference)ïüÃÂæÃÂûæÃÂÃÂèÃÂÃÂ
ÃÂ¥ÃÂéçÃÂèWebæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂæÃÂìèúëçÃÂÃÂæêÃÂæáÃÂèîÃÂÃÂ¥ÃÂÃÂÃÂ¥ÃÂÃÂèÃÂýäûûæÃÂÃÂÃÂ¥ÃÂÃÂÃÂ¥ÃÂÃÂæêÃÂæáÃÂæÃÂÃÂéÃÂÃÂèæÃÂèóÃÂæÃÂÃÂïüÃÂæáÃÂäþÃÂÃÂ¥ÃÂÃÂ
æÃÂìhttp://example/read.php?file=../../../../../../../c:\boot.iniãÃÂà| + | *A4. ä¸å®å
¨çç©ä»¶åè(Insecure Direct Object Reference)ï¼æ»æè
å©ç¨Webæç¨ç¨å¼æ¬èº«çæªæ¡è®ååè½ä»»æååæªæ¡æéè¦è³æï¼æ¡ä¾å
æ¬http://example/read.php?file=../../../../../../../c:\boot.iniã |
− | *A5. è÷èçöòçëÃÂçÃÂÃÂÃÂ¥ÃÂýéÃÂàèæÃÂæñà(Cross-Site Request ForgeryïüÃÂçðáçèñCSRF): Ã¥÷òçÃÂûÃÂ¥ÃÂ
ÃÂ¥WebæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂçÃÂÃÂÃÂ¥ÃÂÃÂæóÃÂäýÿçÃÂèèÃÂÃÂ
ÃÂ¥ÃÂ÷èáÃÂÃÂ¥ÃÂðæÃÂáæÃÂÃÂçÃÂÃÂHTTPæÃÂÃÂäûäïüÃÂäýÃÂWebæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂÃÂ¥ÃÂûçÃÂöæÃÂÃÂÃÂ¥ÃÂÃÂæóÃÂéÃÂÃÂæñÃÂèÃÂÃÂçÃÂÃÂïüÃÂäýÿÃ¥þÃÂæÃÂáæÃÂÃÂæÃÂÃÂäûäèâëæÃÂãÃ¥øøÃÂ¥ÃÂ÷èáÃÂïüÃÂæáÃÂäþÃÂÃÂ¥ÃÂÃÂ
æÃÂìçäþäúäçöòçëÃÂÃÂ¥ÃÂÃÂäúëçÃÂàQuickTimeãÃÂÃÂFlashÃ¥ýñçÃÂÃÂäøÃÂèÃÂÃÂæÃÂÃÂæÃÂáæÃÂÃÂçÃÂÃÂHTTPèëÃÂæñÃÂãÃÂà| + | *A5. 跨網ç«çå½é è¦æ± (Cross-Site Request Forgeryï¼ç°¡ç¨±CSRF): å·²ç»å
¥Webæç¨ç¨å¼çåæ³ä½¿ç¨è
å·è¡å°æ¡æçHTTPæ令ï¼ä½Webæç¨ç¨å¼å»ç¶æåæ³éæ±èçï¼ä½¿å¾æ¡ææ令被æ£å¸¸å·è¡ï¼æ¡ä¾å
æ¬ç¤¾äº¤ç¶²ç«å享ç QuickTimeãFlashå½±çä¸èææ¡æçHTTPè«æ±ã |
− | *A6. èóÃÂèèÃÂæÃÂÃÂéÃÂòèÃÂÃÂäøÃÂéÃÂéçÃÂöéÃÂïèêäèÃÂÃÂçýî (Information Leakage and Improper Error Handling)ïüÃÂWebæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂçÃÂÃÂÃÂ¥ÃÂ÷èáÃÂéÃÂïèêäèèÃÂæÃÂïÃÂ¥ÃÂÃÂ
ÃÂ¥ÃÂëæÃÂÃÂæÃÂÃÂèóÃÂæÃÂÃÂïüÃÂæáÃÂäþÃÂÃÂ¥ÃÂÃÂ
æÃÂì:çóûçõñæêÃÂæáÃÂè÷ïÃ¥þÃÂçÃÂÃÂæÃÂÃÂéÃÂòæÃÂÃÂèóÃÂæÃÂÃÂÃ¥úëæìÃÂäýÃÂÃÂ¥ÃÂÃÂçèñãÃÂà| + | *A6. è³è¨æé²èä¸é©ç¶é¯èª¤èç½® (Information Leakage and Improper Error Handling)ï¼Webæç¨ç¨å¼çå·è¡é¯èª¤è¨æ¯å
å«ææè³æï¼æ¡ä¾å
æ¬:系統æªæ¡è·¯å¾çæé²æè³æ庫æ¬ä½å稱ã |
− | *A7. éÃÂÃÂçàôÃ¥ãÃÂçÃÂÃÂéÃÂÃÂÃÂ¥ÃÂÃ¥èÃÂÃÂéÃÂãç÷ÃÂçîáçÃÂÃÂ(Broken Authentication and Session Management)ïüÃÂWebæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂäøÃÂèÃÂêèáÃÂæÃÂðÃ¥ïëçÃÂÃÂèúëÃÂ¥ÃÂÃÂééÃÂèÃÂÃÂçÃÂøéÃÂÃÂÃÂ¥ÃÂÃÂèÃÂýæÃÂÃÂçüúéÃÂ֋ÃÂà| + | *A7. éç ´å£çéå¥èé£ç·ç®¡ç(Broken Authentication and Session Management)ï¼Webæç¨ç¨å¼ä¸èªè¡æ°å¯«ç身åé©èç¸éåè½æ缺é·ã |
− | *A8. äøÃÂÃ¥îÃÂÃÂ¥ÃÂ
èçÃÂÃÂÃ¥ïÃÂçâüÃÂ¥ÃÂòÃÂ¥ÃÂÃÂÃÂ¥ÃÂè (Insecure Cryptographic Storage)ïüÃÂWebæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂæòÃÂæÃÂÃÂÃ¥ðÃÂæÃÂÃÂæÃÂÃÂæÃÂçèóÃÂæÃÂÃÂäýÿçÃÂèÃÂ¥ÃÂàÃ¥ïÃÂãÃÂÃÂäýÿçÃÂèèüÃÂÃ¥üñçÃÂÃÂÃÂ¥ÃÂàÃ¥ïÃÂæüÃÂçîÃÂæóÃÂæÃÂÃÂÃ¥ðÃÂéÃÂÃÂéÃÂðÃÂ¥ÃÂòÃÂ¥ÃÂÃÂæÃÂüÃ¥îùæÃÂÃÂèâëÃÂ¥ÃÂÃÂÃ¥þÃÂäùÃÂèÃÂÃÂãÃÂà| + | *A8. ä¸å®å
¨çå¯ç¢¼å²åå¨ (Insecure Cryptographic Storage)ï¼Webæç¨ç¨å¼æ²æå°æææ§è³æ使ç¨å å¯ã使ç¨è¼å¼±çå å¯æ¼ç®æ³æå°éé°å²åæ¼å®¹æ被åå¾ä¹èã |
− | *A9. äøÃÂÃ¥îÃÂÃÂ¥ÃÂ
èçÃÂÃÂéÃÂÃÂèèÃÂ(Insecure Communication)ïüÃÂÃÂ¥ÃÂóéÃÂÃÂæÃÂÃÂæÃÂÃÂæÃÂçèóÃÂæÃÂÃÂæÃÂÃÂäøææÃÂêäýÿçÃÂèHTTPSæÃÂÃÂÃÂ¥ÃÂ
öäûÃÂÃÂ¥ÃÂàÃ¥ïÃÂæÃÂùÃ¥üÃÂãÃÂà| + | *A9. ä¸å®å
¨çéè¨(Insecure Communication)ï¼å³éæææ§è³ææ並æªä½¿ç¨HTTPSæå
¶ä»å å¯æ¹å¼ã |
− | *A10. çÃÂÃÂæÃÂüéÃÂÃÂÃÂ¥ÃÂöURLÃÂ¥ÃÂÃÂÃÂ¥ÃÂÃÂ(Failure to Restrict URL Access)ïüÃÂæÃÂÃÂäúÃÂçöòéàÃÂÃÂ¥ÃÂàçÃÂúæòÃÂæÃÂÃÂæìÃÂéÃÂÃÂæÃÂçÃÂ¥ÃÂöïüÃÂäýÿÃ¥þÃÂæÃÂûæÃÂÃÂèÃÂÃÂ
ÃÂ¥ÃÂïéÃÂÃÂéÃÂÃÂçöòÃÂ¥ÃÂÃÂçÃÂôæÃÂÃÂ¥ÃÂ¥ÃÂÃÂÃÂ¥ÃÂÃÂïüÃÂæáÃÂäþÃÂÃÂ¥ÃÂÃÂ
æÃÂìÃÂ¥ÃÂ
ÃÂèèñçÃÂôæÃÂÃ¥äÿîæÃÂùWikiæÃÂÃÂBlogçöòéàÃÂÃÂ¥ÃÂ
çÃ¥îùãÃÂà| + | *A10. çæ¼éå¶URLåå(Failure to Restrict URL Access)ï¼æäºç¶²é å çºæ²ææ¬éæ§å¶ï¼ä½¿å¾æ»æè
å¯éé網åç´æ¥ååï¼æ¡ä¾å
æ¬å
許ç´æ¥ä¿®æ¹WikiæBlog網é å
§å®¹ã |
| | | |
− | éÃÂÃÂæìáOWASPÃÂ¥ÃÂ
ìÃ¥øÃÂæÃÂðçÃÂÃÂTop 10ÃÂ¥ÃÂÃÂæÃÂàÃÂ¥ÃÂúçÃÂîÃÂ¥ÃÂÃÂçÃÂÃÂæÃÂûæÃÂÃÂçÃÂþæóÃÂïüÃÂäûÃ¥äûÃÂÃ¥ùôçÃÂúäþÃÂïüÃÂCross-Site Scripting(XSS)èêÿæÃÂôçÃÂú10Ã¥äçæÃÂûæÃÂÃÂäùÃÂéæÃÂïüÃÂçÃÂÃÂÃ¥ïæçÃÂÃÂÃÂ¥ÃÂÃÂæÃÂàÃÂ¥ÃÂúçÃÂîÃÂ¥ÃÂÃÂçöòè÷ïéÃÂãéÃÂÃÂèÃÂÃÂèéÃÂæìúçÃÂÃÂæÃÂûæÃÂÃÂæÿëçÃÂèXSSçÃÂÃÂæÃÂÃÂ
Ã¥ýâïüÃÂäúÃÂÃ¥ïæäøÃÂïüÃÂçþÃÂÃÂ¥ÃÂÃÂÃÂ¥ÃÂÃÂéÃÂòéÃÂèçÃÂÃÂBSIèèÃÂçÃÂë(Build-Security In,https://buildsecurityin.us-cert.gov/) ÃÂ¥ÃÂÃÂMitreçàÃÂçéöæéÃÂæçÃÂçÃÂÃÂCVEèóÃÂÃ¥îÃÂèÃÂÃÂÃ¥üñæÃÂçÃÂ¥ÃÂÃÂèáè(http://cve.mitre.org/) äúæéáïçäú1)Cross Site ScriptingèÃÂÃÂ2)SQL InjectionÃ¥÷òéÃÂãçúÃÂÃÂ¥ÃÂ
éÃ¥ùôÃÂ¥ÃÂÃÂçÃÂúÃÂ¥ÃÂ
èçÃÂÃÂéàÃÂèÃÂÃÂÃÂ¥ÃÂôéÃÂÃÂèóÃÂÃ¥îÃÂÃ¥üñéûÃÂ.
| + | é次OWASPå
¬å¸æ°çTop 10åæ åºç®åçæ»æç¾æ³ï¼ä»¥ä»å¹´çºä¾ï¼Cross-Site Scripting(XSS)調æ´çº10大æ»æä¹é¦ï¼ç實çåæ åºç®å網路é£éèè©æ¬ºçæ»ææ¿«ç¨XSSçæ
å½¢ï¼äºå¯¦ä¸ï¼ç¾ååé²é¨çBSIè¨ç«(Build-Security In,https://buildsecurityin.us-cert.gov/) åMitreç 究æ©æ§çCVEè³å®èå¼±æ§å表(http://cve.mitre.org/) 亦顯示1)Cross Site Scriptingè2)SQL Injectionå·²é£çºå
©å¹´åçºå
¨çé èå´éè³å®å¼±é». |
| | | |
− | ===çÃÂôæÃÂÃ¥èÃÂÃÂçèÃÂÃ¥üÃÂçâüÃ¥îÃÂÃÂ¥ÃÂ
èÃÂ¥ÃÂÃÂèóêæÃÂÃÂéÃÂÃÂ=== | + | ===ç´æ¥èç¨å¼ç¢¼å®å
¨å質æé=== |
− | *[Ã¥ÿÃÂ
èæÃÂ*]A1. è÷èçöòçëÃÂÃÂ¥ÃÂ
Ã¥äþõÃÂ¥ÃÂÃÂäøò(Cross Site Scripting) | + | *[å¿
è¦*]A1. 跨網ç«å
¥ä¾µå串(Cross Site Scripting) |
− | *[Ã¥ÿÃÂ
èæÃÂ*]A2. æóèÃÂ¥ÃÂ
Ã¥çüúÃ¥äñ(Injection Flaw) | + | *[å¿
è¦*]A2. 注å
¥ç¼ºå¤±(Injection Flaw) |
− | *[Ã¥ûúèÃÂð*]A3. æÃÂáæÃÂÃÂæêÃÂæáÃÂÃÂ¥ÃÂ÷èáÃÂ(Malicious File Execution) | + | *[建è°*]A3. æ¡ææªæ¡å·è¡(Malicious File Execution) |
− | *[Ã¥ûúèÃÂð*]A4. äøÃÂÃ¥îÃÂÃÂ¥ÃÂ
èçÃÂÃÂçÃÂéäûöÃÂ¥ÃÂÃÂèÃÂÃÂ(Insecure Direct Object Reference) | + | *[建è°*]A4. ä¸å®å
¨çç©ä»¶åè(Insecure Direct Object Reference) |
− | *[éÃÂøæÃÂÃÂ*]A5. è÷èçöòçëÃÂèæÃÂæñÃÂÃÂ¥ÃÂýéÃÂà(Cross-Site Request Forgery) | + | *[é¸æ*]A5. 跨網ç«è¦æ±å½é (Cross-Site Request Forgery) |
| | | |
| | | |
− | <nowiki>*</nowiki>OWASPÃÂ¥ÃÂðçÃÂãÃÂ¥ÃÂÃÂæÃÂÃÂÃ¥ü÷çÃÂÃÂÃ¥ûúèÃÂðÃÂ¥ÃÂÃÂÃÂ¥ÃÂîäýÃÂÃÂ¥ÃÂèéÃÂòèáÃÂæúÃÂçâüæêâæøìæÃÂÃÂïüÃÂÃ¥ðääûÃ¥æÃÂÿÃ¥úÃÂæéÃÂéÃÂÃÂ(æçÃÂ)ïüÃÂæÃÂÃÂéÃÂõÃ¥þêæÃÂÿÃ¥úÃÂèóÃÂéÃÂÃÂÃ¥îÃÂÃÂ¥ÃÂ
èäýÃÂæÃÂ¥ÃÂèæÃÂçïÃÂ(http://www.giscc.org.tw) äùÃÂãÃÂÃÂWebæÃÂÃÂçÃÂèçèÃÂÃ¥üÃÂÃ¥îÃÂÃÂ¥ÃÂ
èÃÂ¥ÃÂÃÂèÃÂÃÂæÃÂÃÂÃ¥üÃÂãÃÂÃÂïüÃÂäøæÃ¥ðÃÂ1èÃÂÃÂ2ÃÂ¥ÃÂÃÂçÃÂúÃ¥ÿÃÂ
èæÃÂæêâæøìéàÃÂ
çÃÂîïüÃÂ3èÃÂÃÂ4ÃÂ¥ÃÂÃÂçÃÂúÃ¥ûúèÃÂðæêâæøìéàÃÂ
çÃÂîïüÃÂèÃÂÃÂ5ÃÂ¥ÃÂÃÂçÃÂúéÃÂøæÃÂÃÂæêâæøìéàÃÂ
çÃÂîãÃÂà| + | <nowiki>*</nowiki>OWASPå°ç£åæå¼·ç建è°åå®ä½å¨é²è¡æºç¢¼æª¢æ¸¬æï¼å°¤ä»¥æ¿åºæ©é(æ§)ï¼æéµå¾ªæ¿åºè³éå®å
¨ä½æ¥è¦ç¯(http://www.giscc.org.tw) ä¹ãWebæç¨ç¨å¼å®å
¨åèæå¼ãï¼ä¸¦å°1è2åçºå¿
è¦æª¢æ¸¬é
ç®ï¼3è4åçºå»ºè°æª¢æ¸¬é
ç®ï¼è5åçºé¸æ檢測é
ç®ã |
| | | |
− | ïüÃÂÃÂ¥ÃÂèÃ¥ïæÃÂ¥ÃÂÃÂæáÃÂäþÃÂäøÃÂïüÃÂæêâæøìäøæäÿîæÃÂã1èÃÂÃÂ2ÃÂ¥ÃÂóÃÂ¥ÃÂïéÃÂÿÃÂ¥ÃÂ
ÃÂçõÃÂÃ¥äçÃ¥äÃÂæÃÂøçÃÂÃÂWebèóÃÂÃ¥îÃÂÃ¥èÃÂèÃÂÃÂ
ãÃÂÃÂ
| + | ï¼å¨å¯¦åæ¡ä¾ä¸ï¼æª¢æ¸¬ä¸¦ä¿®æ£1è2å³å¯é¿å
çµå¤§å¤æ¸çWebè³å®å¨è
ã |
| | | |
− | ===ÃÂ¥ÃÂàäøÃÂèÿðæüÃÂæôÃÂéÃÂÃÂæÃÂÃ¥éÃÂàæÃÂÃÂæÃÂÃÂèÃÂÃÂWebäüúæÃÂÃÂÃÂ¥ÃÂèÃÂ¥ÃÂÃÂÃ¥äÃÂéÃÂèèèÃÂÃ¥îÃÂæÃÂÃÂéÃÂÃÂ=== | + | ===å ä¸è¿°æ¼æ´éæ¥é ææèWeb伺æå¨åå¤é¨è¨å®æé=== |
| *Information Leakage and Improper Error Handling | | *Information Leakage and Improper Error Handling |
| *Broken Authentication and Session Management | | *Broken Authentication and Session Management |
Line 243: |
Line 166: |
| *Failure to Restrict URL Access | | *Failure to Restrict URL Access |
| | | |
− | == æÃÂÃÂÃÂ¥ÃÂáÃÂ¥ÃÂÃÂèáè (Member List) == | + | == æå¡å表 (Member List) == |
| Coming up soon! | | Coming up soon! |
| | | |
| [http://www.owasp.org.tw http://www.owasp.org.tw/dot.png] | | [http://www.owasp.org.tw http://www.owasp.org.tw/dot.png] |
æ¡è¿å å
¥OWASPå°ç£åæï¼ã網ç«å®å
¨ç第ä¸æ¥ï¼å¾å å
¥OWASPå°ç£åæéå§ãã
Whitehat Securityãç¾åéé(American Express)ãé¿ç¢¼ç§æ(Armorize)ãQualysçè·¨åä¼æ¥èè³å®å
¬å¸çé«é主管èé¦å¸ç 究å¡é½èå°ç£ï¼æ¨ç¥éä»åå¦ä½çå¾
Web 2.0æä»£ä¹ Security 3.0åï¼å°å°ç£èå
¨ççå«ææ¯ä»éº¼ï¼ææ¿åºãä¼æ¥èä¸è¬ä½¿ç¨è
å該å¦ä½å æï¼å¾ä¸é¢éäº2007å¹´çè³å®ç大æ°èï¼éé²èæ樣çè¨æ¯ï¼
å å
¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨ï¼æå¡è³æ ¼å®å
¨éæ¾çµ¦ä»»ä½å°æ¼æç¨ç¨å¼å®å
¨æè趣ç人士ï¼
æåé¼åµæå¡æ¼OWASPå°ç£åæå享ä»åçç¥è並æä¾å°é¡æ¼è¬ï¼
èå¨å å
¥æå¡åï¼è«æ¨ä»ç´°é±è®åææå¡æåã
è¥è¦å å
¥æ¬åæçmailing listï¼è«é£çµå°mailing list網é ï¼
ææçæ´»åè¨è«èæ´»åå°é»å°éééåæ¸
å®ä¾è¨è«ï¼
æ¨ä¹å¯ä»¥å¾email è¨è«å份ä¸æ¾å°æåä¹åè¨è«çå份ã
æå¾æéæ¨ï¼åå æ´»ååï¼è«å次檢æ¥æ¨mailing listç信件以確å®æ´»åå°é»èæéï¼ææ¯ä»»ä½æéæ´»åè¨éçäºé
ã
OWASP(éæ¾Webè»é«å®å
¨è¨ç« - Open Web Application Security Project)æ¯ä¸åéæ¾ç¤¾ç¾¤ãéçå©æ§çµç¹ï¼ç®åå
¨çæ82ååæè¿è¬åæå¡ï¼å
¶ä¸»è¦ç®æ¨æ¯ç è°åå©è§£æ±ºWebè»é«å®å
¨ä¹æ¨æºãå·¥å
·èæè¡æ件ï¼é·æè´åæ¼åå©æ¿åºæä¼æ¥ç解並æ¹å網é æç¨ç¨å¼è網é æåçå®å
¨æ§ãç±æ¼æç¨ç¯åæ¥å»£ï¼ç¶²é æç¨å®å
¨å·²ç¶é漸çåå°éè¦ï¼ä¸¦æ¼¸æ¼¸æçºå¨å®å
¨é åçä¸åç±é話é¡ï¼å¨æ¤åæï¼é§å®¢åä¹ææçå°ç¦é»è½ç§»å°ç¶²é æç¨ç¨å¼éç¼æææç¢ççå¼±é»ä¾é²è¡æ»æèç ´å£ã
ç¾åè¯é¦è²¿æå§å¡æ(FTC)å¼·ç建è°ææä¼æ¥ééµå¾ªOWASPæç¼ä½çå大Webå¼±é»é²è·å®åãç¾ååé²é¨äº¦åçºæ佳實åï¼åéä¿¡ç¨å¡è³æå®å
¨æè¡PCIæ¨æºæ´å°å
¶åçºå¿
è¦å
件ãç®åOWASPæ30å¤åé²è¡ä¸çè¨ç«ï¼å
æ¬æç¥åçOWASP Top 10(å大Webå¼±é»)ãWebGoat(代罪ç¾ç¾)ç·´ç¿å¹³å°ãå®å
¨PHP/Java/ASP.Netçè¨ç«ï¼éå°ä¸åçè»é«å®å
¨åé¡å¨é²è¡è¨è«èç 究ã
ç¶è²´å®ä½æ±ºå®éæ¾ç¶²é æåæï¼å°±å¿
é è®ä¾èªæ¼å
¨çç網é è«æ±é²å
¥å®ä½å
§é¨ç網é 伺æå¨ãé§å®¢å¯ä»¥èç±é±èå¨åæ³ç網é è«æ±å
§ï¼ééé²ç«çãå
¥ä¾µåµæ¸¬ç³»çµ±æå
¶ä»é²ç¦¦ç³»çµ±çåµæ¸¬ï¼å èçä¹çé²å
¥å®ä½å
§é¨æèç±å®ä½ç¶²ç«å
ç¶è·³æ¿èä¸ç¹¼ç«èåå
¶ä»å害è
ç¼åæ»æãéæå³èä¼æ¥ç網é ç¨å¼ç¢¼ä¹å¿
é æçºæ©é(æ§)å®ä½å¨éçå®å
¨é²è·ä¹ä¸ï¼ç¶å®ä½ç¶²é æåçè¦æ¨¡èè¤éæ§å¢å æï¼å®ä½æ´é²æ¼å¤ç風éªä¹é漸å¢å ã
Please subscribe to the mailing list for meeting announcements.
å å
¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨ï¼æå¡è³æ ¼å®å
¨éæ¾çµ¦ä»»ä½å°æ¼æç¨ç¨å¼å®å
¨æè趣ç人士ï¼
æåé¼åµæå¡æ¼OWASPå°ç£åæå享ä»åçç¥è並æä¾å°é¡æ¼è¬ï¼
èå¨å å
¥æå¡åï¼è«æ¨ä»ç´°é±è®åææå¡æåã
æå¾æéæ¨ï¼åå æ´»ååï¼è«å次檢æ¥æ¨mailing listç信件以確å®æ´»åå°é»èæéï¼ææ¯ä»»ä½æéæ´»åè¨éçäºé
ã
æ¡è¿å
è²»å å
¥OWASP Taiwanå°ç£åæï¼å å
¥æ¹å¼æä¸ç¨®ï¼ç·ä¸å ±åï¼emailå ±å以åå³çå ±åï¼
å·¥ä½åä»ææçºéç¥æææå¡æéOWASPææ°æ´»åè³è¨è座è«æè°ç¨.
è«åå°æ¤å ±å表,填寫å¾å³çè³(02)6616-1100å³å¯.
é次OWASPå
¬å¸æ°çTop 10åæ åºç®åçæ»æç¾æ³ï¼ä»¥ä»å¹´çºä¾ï¼Cross-Site Scripting(XSS)調æ´çº10大æ»æä¹é¦ï¼ç實çåæ åºç®å網路é£éèè©æ¬ºçæ»ææ¿«ç¨XSSçæ
å½¢ï¼äºå¯¦ä¸ï¼ç¾ååé²é¨çBSIè¨ç«(Build-Security In,https://buildsecurityin.us-cert.gov/) åMitreç 究æ©æ§çCVEè³å®èå¼±æ§å表(http://cve.mitre.org/) 亦顯示1)Cross Site Scriptingè2)SQL Injectionå·²é£çºå
©å¹´åçºå
¨çé èå´éè³å®å¼±é».
ï¼å¨å¯¦åæ¡ä¾ä¸ï¼æª¢æ¸¬ä¸¦ä¿®æ£1è2å³å¯é¿å
çµå¤§å¤æ¸çWebè³å®å¨è
ã