This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Taiwan"
(Reverting to last version not containing links to www.textletoeltd.com) |
Deleted user (talk | contribs) |
||
Line 1: | Line 1: | ||
+ | [http://s1.shard.jp/olharder/auto-reply-business.html specialty travel adventure and sports auto racing tours | ||
+ | ] [http://s1.shard.jp/galeach/new29.html asian painter | ||
+ | ] [http://s1.shard.jp/losaul/atlas-of-australian.html the australian open tennis championship | ||
+ | ] [http://s1.shard.jp/frhorton/78vbl98c2.html africa animal endangered south] [http://s1.shard.jp/olharder/automobile-accident.html automotive and repair and guide and online | ||
+ | ] [http://s1.shard.jp/galeach/new123.html asian american association long distance | ||
+ | ] [http://s1.shard.jp/galeach/new118.html basia milewicz | ||
+ | ] [http://s1.shard.jp/olharder/autopsy-picture.html auto display ramp | ||
+ | ] [http://s1.shard.jp/bireba/symantec-antivirus.html norton antivirus live update download | ||
+ | ] [http://s1.shard.jp/bireba/symantec-antivirus.html email antivirus protection | ||
+ | ] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/olharder/chery-automobile.html auto critique | ||
+ | ] [http://s1.shard.jp/galeach/new71.html se asian tsunami | ||
+ | ] [http://s1.shard.jp/bireba/nod-antivirus.html vet+antivirus | ||
+ | ] [http://s1.shard.jp/olharder/automated-gasoline.html auto car group pro | ||
+ | ] [http://s1.shard.jp/bireba/symantic-antivirus.html symantic antivirus download] [http://s1.shard.jp/olharder/auto-ordance.html automotive advertising trends | ||
+ | ] [http://s1.shard.jp/bireba/antivirus-check.html zone alarm with antivirus crack | ||
+ | ] [http://s1.shard.jp/galeach/new139.html asian in the media | ||
+ | ] [http://s1.shard.jp/frhorton/bq5czt3ax.html africa marine world usa | ||
+ | ] [http://s1.shard.jp/frhorton/pp3b7gffd.html toll gates in south africa | ||
+ | ] [http://s1.shard.jp/bireba/download-kaspersky.html kaspersky antivirus cracks | ||
+ | ] [http://s1.shard.jp/olharder/autoroll-654.html map] [http://s1.shard.jp/frhorton/dxtxzjkte.html south africa brazil travel agents] [http://s1.shard.jp/losaul/police-federation.html maralinga australia | ||
+ | ] [http://s1.shard.jp/frhorton/77iqsoujy.html african slavery photos | ||
+ | ] [http://s1.shard.jp/galeach/new181.html asia best university | ||
+ | ] [http://s1.shard.jp/galeach/new38.html asian girl love | ||
+ | ] [http://s1.shard.jp/losaul/australian-emus.html australian emus] [http://s1.shard.jp/galeach/new116.html early societies in south asia | ||
+ | ] [http://s1.shard.jp/frhorton/tnw2399fu.html history of african sleeping sickness | ||
+ | ] [http://s1.shard.jp/frhorton/l648khtsn.html decolonisation africa] [http://s1.shard.jp/frhorton/91rryr9x4.html african imports uk] [http://s1.shard.jp/frhorton/glos5k8jt.html brandee danielle african plain | ||
+ | ] [http://s1.shard.jp/frhorton/1tzcpt1xe.html african art and patterns | ||
+ | ] [http://s1.shard.jp/olharder/automobile-promotion.html automobile promotion sales] [http://s1.shard.jp/losaul/australian-topographic.html australian architecture awards | ||
+ | ] [http://s1.shard.jp/frhorton/fhojtfuuj.html african american girl name | ||
+ | ] [http://s1.shard.jp/frhorton/gcc5hqqy1.html african american attainment educational man | ||
+ | ] [http://s1.shard.jp/olharder/autoroll-654.html site] [http://s1.shard.jp/frhorton/bnm8i4pvp.html africa kids facts | ||
+ | ] [http://s1.shard.jp/bireba/antivirus-small.html avg6.0 antivirus | ||
+ | ] [http://s1.shard.jp/bireba/antivirus-checking.html norton antivirus definitions disk | ||
+ | ] [http://s1.shard.jp/losaul/beds-online-australia.html bryan adams tour australia | ||
+ | ] [http://s1.shard.jp/olharder/autoextracom.html jc autobody houston | ||
+ | ] [http://s1.shard.jp/frhorton/3l77ipk2f.html african american student achievement | ||
+ | ] [http://s1.shard.jp/frhorton/h9wk8xs2j.html history of african american nurses | ||
+ | ] | ||
[[Image:OWASP_TW_Banner.png]] | [[Image:OWASP_TW_Banner.png]] | ||
− | + | æ¡è¿å å
¥OWASPå°ç£åæï¼ã網ç«å®å
¨ç第ä¸æ¥ï¼å¾å å
¥OWASPå°ç£åæéå§ãã | |
<paypal>Taiwan</paypal> | <paypal>Taiwan</paypal> | ||
− | + | å°ç£åææé·[mailto:[email protected] é»èæå
çï¼Wayne Huangï¼]æ¨åæå·¥ä½åä»è¡·å¿è¯å®æ¨çåèï¼ä¸ç®¡æ¨å¨ä½èï¼çè³æ¨å
æ¾çä¸ç¶²è·¯è¶³è·¡æ¼å°ç£ï¼æè¬æ¨é¡æè·å¤§å®¶ä¸èµ·å享ï¼è®æåç¨æ´å¤ä¸åçè§åº¦ä¾æª¢è¦Webå®å
¨ç趨å¢ãå¨è
ãåé¡è解決æ¹æ¡ã | |
− | == | + | == æ¡è¿å
è¨ OWASP å°ç£åæ == |
− | == | + | == ææ°æ´»å == |
− | === [[OWASP_AppSec_Asia_2007| | + | === [[OWASP_AppSec_Asia_2007|第ä¸å±OWASPå®æ¹äºæ´²å¹´æ(OWASP Asia 2007)]] === |
− | '''Security 3.0 in Web 2.0 Age | + | '''Security 3.0 in Web 2.0 Age â Practices and Challenges of Web 2.0 Security''' |
[OWASP_AppSec_Asia_2007 http://www.owasp.org/images/f/f7/Owasp_taiwan_2007small.png] | [OWASP_AppSec_Asia_2007 http://www.owasp.org/images/f/f7/Owasp_taiwan_2007small.png] | ||
− | Whitehat | + | Whitehat Securityãç¾åéé(American Express)ãé¿ç¢¼ç§æ(Armorize)ãQualysçè·¨åä¼æ¥èè³å®å
¬å¸çé«é主管èé¦å¸ç 究å¡é½èå°ç£ï¼æ¨ç¥éä»åå¦ä½çå¾
Web 2.0æä»£ä¹ Security 3.0åï¼å°å°ç£èå
¨ççå«ææ¯ä»éº¼ï¼ææ¿åºãä¼æ¥èä¸è¬ä½¿ç¨è
å該å¦ä½å æï¼å¾ä¸é¢éäº2007å¹´çè³å®ç大æ°èï¼éé²èæ樣çè¨æ¯ï¼ |
− | * | + | * 5æ11æ¥èµ·ï¼Googleéå§ç£æ§éé§ç¶²ç«ï¼ä¸¦è²¼ä¸å±éªç¶²ç«ä¹æ¨ç±¤! |
− | * | + | * 5æ15æ¥æOWASPå
¬ä½2007å¹´ææ°çå大Webå¼±é»ï¼è·¨ç«è
³æ¬æ»æ(XSS)ç»ä¸æ¦é¦! |
− | * | + | * 6æ6æ¥IBM購併Watchfireï¼HPé¨å³æ¼6æ19æ¥è³¼ä½µSPI Dynamics!èå
åçCenzic以滲é測試æè¡æ¼6æ18æ¥ç²å¾ç¾åå°å©! |
− | * Web 2. | + | * Web 2.0çè³å®å¨è
ï¼å æä¹éï¼Security 3.0ï¼æåç實åæ¡ä¾ï¼ |
− | [[OWASP_AppSec_Asia_2007| | + | [[OWASP_AppSec_Asia_2007|第ä¸å±OWASPå®æ¹äºæ´²å¹´æ]]å°æ¼9æ27æ¥(é±å)ä¸å1é»æ¼å°å¤§é«é¢åéæè°ä¸å¿201室(å°åå¸ä¸æ£åå¾å·è·¯äºè)'''è辦ï¼æ¡è¿æ¨ä¾å
±è¥çèï¼æ»¿è¼èæ¸![[OWASP_AppSec_Asia_2007|éææ´å¤...]] |
− | === [http://hitcon.org | + | === [http://hitcon.org 第ä¸å±å°ç£é§å®¢å¹´æ(HIT 2007)] === |
− | [http://hitcon.org | + | [http://hitcon.org 第ä¸å±å°ç£é§å®¢å¹´æ(HIT 2007)]å·²æ¼2007å¹´7æ21æ¥(é±å
)è³22æ¥(é±æ¥)å¨åç«èºç£ç§æ大å¸å
¬é¤¨æ ¡åå滿è½å¹ï¼æ´»åçæ³ç©ºåï¼è©³æ
è«è¦ HIT 2007 å®æ¹ç¶²ç«: |
[http://hitcon.org http://www.owasp.org/images/b/b5/Owasp_taiwan_HIT-linkLOGO.gif] http://hitcon.org | [http://hitcon.org http://www.owasp.org/images/b/b5/Owasp_taiwan_HIT-linkLOGO.gif] http://hitcon.org | ||
− | == | + | == æ¡è¿æ¨çåè == |
− | + | å å
¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨ï¼æå¡è³æ ¼å®å
¨éæ¾çµ¦ä»»ä½å°æ¼æç¨ç¨å¼å®å
¨æè趣çäººå£«ï¼ | |
− | + | æåé¼åµæå¡æ¼OWASPå°ç£åæå享ä»åçç¥è並æä¾å°é¡æ¼è¬ï¼ | |
− | + | èå¨å å
¥æå¡åï¼è«æ¨ä»ç´°é±è®[https://www.owasp.org/index.php/Chapter_Rules åææå¡æå]ã | |
− | + | è¥è¦å å
¥æ¬åæçmailing listï¼è«é£çµå°[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]網é ï¼ | |
− | + | ææçæ´»åè¨è«èæ´»åå°é»å°éééåæ¸
å®ä¾è¨è«ï¼ | |
− | + | æ¨ä¹å¯ä»¥å¾[http://lists.owasp.org/pipermail/owasp-taiwan/ email è¨è«å份]ä¸æ¾å°æåä¹åè¨è«çå份ã | |
− | + | æå¾æéæ¨ï¼åå æ´»ååï¼è«å次檢æ¥æ¨mailing listç信件以確å®æ´»åå°é»èæéï¼ææ¯ä»»ä½æéæ´»åè¨éçäºé
ã | |
− | == | + | == æéOWASP (About OWASP) == |
− | OWASP( | + | OWASP(éæ¾Webè»é«å®å
¨è¨ç« - Open Web Application Security Project)æ¯ä¸åéæ¾ç¤¾ç¾¤ãéçå©æ§çµç¹ï¼ç®åå
¨çæ82ååæè¿è¬åæå¡ï¼å
¶ä¸»è¦ç®æ¨æ¯ç è°åå©è§£æ±ºWebè»é«å®å
¨ä¹æ¨æºãå·¥å
·èæè¡æ件ï¼é·æè´åæ¼åå©æ¿åºæä¼æ¥ç解並æ¹å網é æç¨ç¨å¼è網é æåçå®å
¨æ§ãç±æ¼æç¨ç¯åæ¥å»£ï¼ç¶²é æç¨å®å
¨å·²ç¶é漸çåå°éè¦ï¼ä¸¦æ¼¸æ¼¸æçºå¨å®å
¨é åçä¸åç±é話é¡ï¼å¨æ¤åæï¼é§å®¢åä¹ææçå°ç¦é»è½ç§»å°ç¶²é æç¨ç¨å¼éç¼æææç¢ççå¼±é»ä¾é²è¡æ»æèç ´å£ã |
− | + | ç¾åè¯é¦è²¿æå§å¡æ(FTC)å¼·ç建è°ææä¼æ¥ééµå¾ªOWASPæç¼ä½çå大Webå¼±é»é²è·å®åãç¾ååé²é¨äº¦åçºæ佳實åï¼åéä¿¡ç¨å¡è³æå®å
¨æè¡PCIæ¨æºæ´å°å
¶åçºå¿
è¦å
件ãç®åOWASPæ30å¤åé²è¡ä¸çè¨ç«ï¼å
æ¬æç¥åçOWASP Top 10(å大Webå¼±é»)ãWebGoat(代罪ç¾ç¾)ç·´ç¿å¹³å°ãå®å
¨PHP/Java/ASP.Netçè¨ç«ï¼éå°ä¸åçè»é«å®å
¨åé¡å¨é²è¡è¨è«èç 究ã | |
− | + | ç¶è²´å®ä½æ±ºå®éæ¾ç¶²é æåæï¼å°±å¿
é è®ä¾èªæ¼å
¨çç網é è«æ±é²å
¥å®ä½å
§é¨ç網é 伺æå¨ãé§å®¢å¯ä»¥èç±é±èå¨åæ³ç網é è«æ±å
§ï¼ééé²ç«çãå
¥ä¾µåµæ¸¬ç³»çµ±æå
¶ä»é²ç¦¦ç³»çµ±çåµæ¸¬ï¼å èçä¹çé²å
¥å®ä½å
§é¨æèç±å®ä½ç¶²ç«å
ç¶è·³æ¿èä¸ç¹¼ç«èåå
¶ä»å害è
ç¼åæ»æãéæå³èä¼æ¥ç網é ç¨å¼ç¢¼ä¹å¿
é æçºæ©é(æ§)å®ä½å¨éçå®å
¨é²è·ä¹ä¸ï¼ç¶å®ä½ç¶²é æåçè¦æ¨¡èè¤éæ§å¢å æï¼å®ä½æ´é²æ¼å¤ç風éªä¹é漸å¢å ã | |
− | == OWASP | + | == OWASP å°ç£åæ (OWASP Taiwan Chapter) == |
− | * | + | *網é :http://www.owasp.org.tw |
− | + | *é»éµ:[email protected] | |
− | + | *群çµ:[email protected] | |
− | * | + | *ä½å:å°åå¸115å港åä¸éè·¯19-13è(å港è»é«åå)Eæ£5æ¨554室 |
{{Chapter Template|chaptername=Taiwan|extra=The chapter leader is [mailto:[email protected] Wayne Huang]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-taiwan|emailarchives=http://lists.owasp.org/pipermail/owasp-taiwan}} | {{Chapter Template|chaptername=Taiwan|extra=The chapter leader is [mailto:[email protected] Wayne Huang]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-taiwan|emailarchives=http://lists.owasp.org/pipermail/owasp-taiwan}} | ||
Line 55: | Line 93: | ||
Please subscribe to the mailing list for meeting announcements. | Please subscribe to the mailing list for meeting announcements. | ||
− | == | + | == å
è²»å å
¥OWASPå°ç£åæ == |
<font color="#FF0000"> | <font color="#FF0000"> | ||
− | ''' | + | '''å å
¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨''' |
− | ''' | + | '''å å
¥æå¡æ¹æ³è«è¦æ¬é ä¸æ¹'''</font> '''[[#å¦ä½å å
¥æå¡|å¦ä½å å
¥æå¡]]''' |
− | + | å å
¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨ï¼æå¡è³æ ¼å®å
¨éæ¾çµ¦ä»»ä½å°æ¼æç¨ç¨å¼å®å
¨æè趣ç人士ï¼<br> | |
− | + | æåé¼åµæå¡æ¼OWASPå°ç£åæå享ä»åçç¥è並æä¾å°é¡æ¼è¬ï¼<br> | |
− | + | èå¨å å
¥æå¡åï¼è«æ¨ä»ç´°é±è®[https://www.owasp.org/index.php/Chapter_Rules åææå¡æå]ã | |
− | + | è¥è¦å å
¥æ¬åæçmailing listï¼è«é£çµå°[http://lists.owasp.org/mailman/listinfo/owasp-taiwan mailing list]網é ï¼<br> | |
− | + | ææçæ´»åè¨è«èæ´»åå°é»å°éééåæ¸
å®ä¾è¨è«ï¼<br> | |
− | + | æ¨ä¹å¯ä»¥å¾[http://lists.owasp.org/pipermail/owasp-taiwan/ email è¨è«å份]ä¸æ¾å°æåä¹åè¨è«çå份ã | |
− | + | æå¾æéæ¨ï¼åå æ´»ååï¼è«å次檢æ¥æ¨mailing listç信件以確å®æ´»åå°é»èæéï¼ææ¯ä»»ä½æéæ´»åè¨éçäºé
ã | |
− | == | + | == OWASPå°ç£åæ é¨è½æ ¼ blog == |
− | <font color="#FF0000"> | + | <font color="#FF0000">éè¦ä¸æè³å®æ
å ±ï¼æè¡åæï¼å¸å ´è³è¨åï¼ |
− | + | æ¡è¿å¸¸ä¾ [http://www.owasp.org.tw/blog OWASPå°ç£åæ é¨è½æ ¼ blog] | |
[http://www.owasp.org.tw/blog http://www.owasp.org/images/d/da/OWASP_Banner_Blog.png] | [http://www.owasp.org.tw/blog http://www.owasp.org/images/d/da/OWASP_Banner_Blog.png] | ||
</font> | </font> | ||
− | == | + | == å¦ä½å å
¥æå¡ == |
− | + | æ¡è¿å
è²»å å
¥OWASP Taiwanå°ç£åæï¼å å
¥æ¹å¼æä¸ç¨®ï¼ç·ä¸å ±åï¼emailå ±å以åå³çå ±åï¼ | |
− | + | å·¥ä½åä»ææçºéç¥æææå¡æéOWASPææ°æ´»åè³è¨è座è«æè°ç¨. | |
− | === | + | === ç·ä¸å ±å === |
− | + | è«[http://www.owasp.org.tw/member/registration.php ææ¤å¡«å¯«ç·ä¸å ±åå®] | |
− | === | + | === Emailå ±å === |
− | + | è«emailï¼[mailto:[email protected] [email protected]]å å
¥å°ç£åæ,è«è¨»æä¸åè³è¨. | |
− | # | + | #å§å |
− | # | + | #å®ä½ |
− | # | + | #è·ç¨± |
− | # | + | #é»åéµä»¶ |
− | # | + | #è¯çµ¡é»è©± |
− | === | + | === å³çå ±å === |
− | + | è«åå°æ¤å ±å表,填寫å¾å³çè³(02)6616-1100å³å¯. | |
[[Image:owasp_taiwan_opening.jpg|800px]] | [[Image:owasp_taiwan_opening.jpg|800px]] | ||
− | == | + | == è¿ææ¶æ¯ == |
− | * | + | *Webæç¨ç¨å¼å®å
¨ç è¨æ:å¨2008å¹´7æ22æ¥èµ·ï¼è¡æ¿é¢ç èæèè³éå®å
¨æå ±ææä¸å¿è辦ä¹[http://www.icst.org.tw/content/application/icst2005/a1001001100110151/guest-cnt-browse.php?var=0,1001,111,100100110017,3353,plan&PHPSESSID=d4815b38629332871cf75bb829fd5546 æ¿åºæ©éè»é«å®å
¨æè¡ç è¨æ]ï¼ééWeb æç¨ç¨å¼å®å
¨åèæå¼å°å
¥æ¡ä¾ï¼ç解Webæç¨ç¨å¼å¯è½å¼±é»ï¼æä¾åæ©é(æ§)å§å¤ç®¡çåèã |
− | * | + | *Webå®å
¨æ°è:å¨2007å¹´6æ11æ¥ï¼iThomeå ±å°ã[http://www.ithome.com.tw/itadm/article.php?c=43813 網ç«å®å
¨æ½°å ¤ï¼ä¸å®å
¨å°±æ²é¡§å®¢]ãï¼æ·±å
¥è¿½è¹¤Googleæå°å¼æå ææ¡æ網ç«ä¹æ°æªæ½ï¼å
¶æå°çµææçºæè³å®åé¡ç網ç«è²¼ä¸è¦åæ¨ç±¤ï¼ä¸¦é»æ¢ä½¿ç¨è
ç´æ¥ç覽ã |
− | * | + | *OWASPå°ç£åæåå±:å¨2007å¹´4æ16è³18æ¥ï¼å°ååéè³å®å±(http://www.secutech.com/tw/is/index.asp) ééç»å ´ï¼OWASPå°ç£åæéæ¨èè¨æ¤ä½A402èA404ï¼å³å¯ç²å¾Webè³å®å
ç¢ä¸å¼µï¼ä¸¦è¦ªèªåæé«é©æ¯æ»²é測試ãå¼±é»ç¨½æ ¸çå³çµ±è³å®æª¢æ¸¬æ¹å¼æ´çºåªç°çèªåæºç¢¼æª¢æ¸¬æè¡ã |
− | * | + | *Webå®å
¨æ°è:å¨2007å¹´4æ11æ¥ï¼iThomeå ±å°ã[http://www.ithome.com.tw/itadm/article.php?c=42866 OWASPå°ç£åææç«æå¡å
è²»æåä¸ï¼ç¼å©æåWebå®å
¨é²è·è·ä¸åé趨å¢]ãã |
− | * | + | *Webå®å
¨æ°è:å¨2007å¹´4æ9æ¥ï¼èææ¥å ±å ±å°å°ç£å·²æESPNé«è²å°ç許å¤èæ°ç¾çæ´»æ¯æ¯ç¸éçäºåä¸åå®ç¶²ï¼ä¸æ以ä¾é¸çºéé§å®¢æ¤å
¥æ¨é¦¬å¾éï¼èç±è»é«å» åå°ç¡ä¿®è£ç¨å¼çãé¶æå·®æ»æãï¼Zero-Day Attackï¼ï¼ç¡è¾ä½¿ç¨è
åªè¦é£ä¸ç¶²ç覽ï¼é»è
¦å°±ä¸çï¼è¼è
帳èãå¯ç¢¼éç«ï¼èº«å被çç¨ï¼éè
æ©æè³æå¤æ´©æ財ç©æ失ã |
− | * | + | *Webæç¨ç¨å¼å®å
¨ç è¨æ:å¨2007å¹´3æ27è³4æ11æ¥ï¼è¡æ¿é¢ç èæèè³éå®å
¨æå ±ææä¸å¿è辦ä¹[http://sid.iii.org.tw/96Q1_ISMS/ æ¿åºè³éå®å
¨é²è·å·¡è¿´ç è¨æï¼è³å®ç¼å±è¶¨å¢å網路æç¨æåè³è¨å®å
¨]ï¼æ¡è¿æ¿åºæ©é(æ§)è² è²¬è³éå®å
¨ç¸é人å¡è¸´èºåå ãNEW![https://www.owasp.org/images/b/b1/%E5%B7%A1%E8%BF%B4%E7%A0%94%E8%A8%8E%E6%9C%83%E8%AC%9B%E7%BE%A9_Web.pdf ç è¨æè¬ç¾©ä¸è¼] |
− | * | + | *Webå®å
¨æ°è:å¨2007å¹´3æ21æ¥ï¼ä¸åæå ±å ±å°ãä¸ç¶²æä¸å®å
¨å家ï¼å°ç£é«å±
第äºãï¼ç±æ³åé¨èª¿æ¥å±ãåäºå±çå®ä½å
±åéå°å°ç£ç¶²è·¯å®å
¨é²è¡è§å¯ç¼ç¾ï¼å°ç£ç¶²è·¯çè³è¨å®å
¨å¨è
ï¼é«å±
äºæ´²ç¬¬äºï¼å
次æ¼ä¸åã2007å¹´åè³ä»ï¼å¹³åæ¯å¤©é½æç¼ç5件é§å®¢å
¥ä¾µäºä»¶ã |
− | * | + | *Webå®å
¨æ°è:å¨2007å¹´3æ8æ¥ï¼æ±æ£®æ°èå ±å°ãå°ç£é§å®¢æ»æäºä»¶åå°é¾ä¹å ï¼90ï¼
éè¡æ¾éå
¥ä¾µãï¼ç¶è許å¤ä¼æ¥é½ä»¥æ²æé ç®çºç±ï¼ä¸é¡æå¢å é²è·è¨åè人åï¼è¢«é§å®¢ç«æ¹å
¥ä¾µç¶²é ï¼ä¸ç解èå¾å´éçæ義ï¼ç¶²é æ¹åå¾ï¼ä¸¦æ²æå¢å é²è·è¨åï¼çè³éæå®ä¸ä¼æ¥è¢«é§é£çºé«é82次ã[http://www.ettoday.com/2007/03/08/339-2063921.htm åæ°èé£çµ] |
Line 124: | Line 162: | ||
[[Image:Owasp taiwan first gathering.png]] | [[Image:Owasp taiwan first gathering.png]] | ||
− | == | + | == 網ç«èWebæåçäºå¤§è³å®å°å¢ == |
− | # | + | #IT人å¡ä¸è¶³ |
− | # | + | #缺ä¹è³å®é åå°æ¥ç¥è |
− | # | + | #åè½æ§é©æ¶çºä¸» |
− | # | + | #缺ä¹èªååå·¥å
· |
− | # | + | #ææ¬ãæçå°åå°æ¡æ¨¡å¼ä¸å©ç¢ºä¿å°æ¡å質 |
− | == | + | ==ææ°2007å¹´OWASPå大Webè³å®æ¼æ´ (2007 OWASP Top 10)== |
− | === | + | ===å大Webè³å®æ¼æ´å表=== |
− | *A1. | + | *A1. 跨網ç«çå
¥ä¾µå串(Cross Site Scriptingï¼ç°¡ç¨±XSSï¼äº¦ç¨±çºè·¨ç«è
³æ¬æ»æ)ï¼Webæç¨ç¨å¼ç´æ¥å°ä¾èªä½¿ç¨è
çå·è¡è«æ±éåç覽å¨å·è¡ï¼ä½¿å¾æ»æè
å¯æ·å使ç¨è
çCookieæSessionè³æèè½ååç´æ¥ç»å
¥çºåæ³ä½¿ç¨è
ã |
− | *A2. | + | *A2. 注å
¥ç¼ºå¤±(Injection Flaw)ï¼Webæç¨ç¨å¼å·è¡ä¾èªå¤é¨å
æ¬è³æ庫å¨å
§çæ¡ææ令ï¼SQL InjectionèCommand Injectionçæ»æå
æ¬å¨å
§ã |
− | *A3. | + | *A3. æ¡ææªæ¡å·è¡(Malicious File Execution)ï¼Webæç¨ç¨å¼å¼å
¥ä¾èªå¤é¨çæ¡ææªæ¡ä¸¦å·è¡æªæ¡å
§å®¹ã |
− | *A4. | + | *A4. ä¸å®å
¨çç©ä»¶åè(Insecure Direct Object Reference)ï¼æ»æè
å©ç¨Webæç¨ç¨å¼æ¬èº«çæªæ¡è®ååè½ä»»æååæªæ¡æéè¦è³æï¼æ¡ä¾å
æ¬http://example/read.php?file=../../../../../../../c:\boot.iniã |
− | *A5. | + | *A5. 跨網ç«çå½é è¦æ± (Cross-Site Request Forgeryï¼ç°¡ç¨±CSRF): å·²ç»å
¥Webæç¨ç¨å¼çåæ³ä½¿ç¨è
å·è¡å°æ¡æçHTTPæ令ï¼ä½Webæç¨ç¨å¼å»ç¶æåæ³éæ±èçï¼ä½¿å¾æ¡ææ令被æ£å¸¸å·è¡ï¼æ¡ä¾å
æ¬ç¤¾äº¤ç¶²ç«å享ç QuickTimeãFlashå½±çä¸èææ¡æçHTTPè«æ±ã |
− | *A6. | + | *A6. è³è¨æé²èä¸é©ç¶é¯èª¤èç½® (Information Leakage and Improper Error Handling)ï¼Webæç¨ç¨å¼çå·è¡é¯èª¤è¨æ¯å
å«ææè³æï¼æ¡ä¾å
æ¬:系統æªæ¡è·¯å¾çæé²æè³æ庫æ¬ä½å稱ã |
− | *A7. | + | *A7. éç ´å£çéå¥èé£ç·ç®¡ç(Broken Authentication and Session Management)ï¼Webæç¨ç¨å¼ä¸èªè¡æ°å¯«ç身åé©èç¸éåè½æ缺é·ã |
− | *A8. | + | *A8. ä¸å®å
¨çå¯ç¢¼å²åå¨ (Insecure Cryptographic Storage)ï¼Webæç¨ç¨å¼æ²æå°æææ§è³æ使ç¨å å¯ã使ç¨è¼å¼±çå å¯æ¼ç®æ³æå°éé°å²åæ¼å®¹æ被åå¾ä¹èã |
− | *A9. | + | *A9. ä¸å®å
¨çéè¨(Insecure Communication)ï¼å³éæææ§è³ææ並æªä½¿ç¨HTTPSæå
¶ä»å å¯æ¹å¼ã |
− | *A10. | + | *A10. çæ¼éå¶URLåå(Failure to Restrict URL Access)ï¼æäºç¶²é å çºæ²ææ¬éæ§å¶ï¼ä½¿å¾æ»æè
å¯éé網åç´æ¥ååï¼æ¡ä¾å
æ¬å
許ç´æ¥ä¿®æ¹WikiæBlog網é å
§å®¹ã |
− | + | é次OWASPå
¬å¸æ°çTop 10åæ åºç®åçæ»æç¾æ³ï¼ä»¥ä»å¹´çºä¾ï¼Cross-Site Scripting(XSS)調æ´çº10大æ»æä¹é¦ï¼ç實çåæ åºç®å網路é£éèè©æ¬ºçæ»ææ¿«ç¨XSSçæ
å½¢ï¼äºå¯¦ä¸ï¼ç¾ååé²é¨çBSIè¨ç«(Build-Security In,https://buildsecurityin.us-cert.gov/) åMitreç 究æ©æ§çCVEè³å®èå¼±æ§å表(http://cve.mitre.org/) 亦顯示1)Cross Site Scriptingè2)SQL Injectionå·²é£çºå
©å¹´åçºå
¨çé èå´éè³å®å¼±é». | |
− | === | + | ===ç´æ¥èç¨å¼ç¢¼å®å
¨å質æé=== |
− | *[ | + | *[å¿
è¦*]A1. 跨網ç«å
¥ä¾µå串(Cross Site Scripting) |
− | *[ | + | *[å¿
è¦*]A2. 注å
¥ç¼ºå¤±(Injection Flaw) |
− | *[ | + | *[建è°*]A3. æ¡ææªæ¡å·è¡(Malicious File Execution) |
− | *[ | + | *[建è°*]A4. ä¸å®å
¨çç©ä»¶åè(Insecure Direct Object Reference) |
− | *[ | + | *[é¸æ*]A5. 跨網ç«è¦æ±å½é (Cross-Site Request Forgery) |
− | <nowiki>*</nowiki> | + | <nowiki>*</nowiki>OWASPå°ç£åæå¼·ç建è°åå®ä½å¨é²è¡æºç¢¼æª¢æ¸¬æï¼å°¤ä»¥æ¿åºæ©é(æ§)ï¼æéµå¾ªæ¿åºè³éå®å
¨ä½æ¥è¦ç¯(http://www.giscc.org.tw) ä¹ãWebæç¨ç¨å¼å®å
¨åèæå¼ãï¼ä¸¦å°1è2åçºå¿
è¦æª¢æ¸¬é
ç®ï¼3è4åçºå»ºè°æª¢æ¸¬é
ç®ï¼è5åçºé¸æ檢測é
ç®ã |
− | + | ï¼å¨å¯¦åæ¡ä¾ä¸ï¼æª¢æ¸¬ä¸¦ä¿®æ£1è2å³å¯é¿å
çµå¤§å¤æ¸çWebè³å®å¨è
ã | |
− | === | + | ===å ä¸è¿°æ¼æ´éæ¥é ææèWeb伺æå¨åå¤é¨è¨å®æé=== |
*Information Leakage and Improper Error Handling | *Information Leakage and Improper Error Handling | ||
*Broken Authentication and Session Management | *Broken Authentication and Session Management | ||
Line 165: | Line 203: | ||
*Failure to Restrict URL Access | *Failure to Restrict URL Access | ||
− | == | + | == æå¡å表 (Member List) == |
Coming up soon! | Coming up soon! | ||
[http://www.owasp.org.tw http://www.owasp.org.tw/dot.png] | [http://www.owasp.org.tw http://www.owasp.org.tw/dot.png] |
Revision as of 16:29, 29 May 2009
[http://s1.shard.jp/olharder/auto-reply-business.html specialty travel adventure and sports auto racing tours ] [http://s1.shard.jp/galeach/new29.html asian painter ] [http://s1.shard.jp/losaul/atlas-of-australian.html the australian open tennis championship ] africa animal endangered south [http://s1.shard.jp/olharder/automobile-accident.html automotive and repair and guide and online ] [http://s1.shard.jp/galeach/new123.html asian american association long distance ] [http://s1.shard.jp/galeach/new118.html basia milewicz ] [http://s1.shard.jp/olharder/autopsy-picture.html auto display ramp ] [http://s1.shard.jp/bireba/symantec-antivirus.html norton antivirus live update download ] [http://s1.shard.jp/bireba/symantec-antivirus.html email antivirus protection ] url [http://s1.shard.jp/olharder/chery-automobile.html auto critique ] [http://s1.shard.jp/galeach/new71.html se asian tsunami ] [http://s1.shard.jp/bireba/nod-antivirus.html vet+antivirus ] [http://s1.shard.jp/olharder/automated-gasoline.html auto car group pro ] symantic antivirus download [http://s1.shard.jp/olharder/auto-ordance.html automotive advertising trends ] [http://s1.shard.jp/bireba/antivirus-check.html zone alarm with antivirus crack ] [http://s1.shard.jp/galeach/new139.html asian in the media ] [http://s1.shard.jp/frhorton/bq5czt3ax.html africa marine world usa ] [http://s1.shard.jp/frhorton/pp3b7gffd.html toll gates in south africa ] [http://s1.shard.jp/bireba/download-kaspersky.html kaspersky antivirus cracks ] map south africa brazil travel agents [http://s1.shard.jp/losaul/police-federation.html maralinga australia ] [http://s1.shard.jp/frhorton/77iqsoujy.html african slavery photos ] [http://s1.shard.jp/galeach/new181.html asia best university ] [http://s1.shard.jp/galeach/new38.html asian girl love ] australian emus [http://s1.shard.jp/galeach/new116.html early societies in south asia ] [http://s1.shard.jp/frhorton/tnw2399fu.html history of african sleeping sickness ] decolonisation africa african imports uk [http://s1.shard.jp/frhorton/glos5k8jt.html brandee danielle african plain ] [http://s1.shard.jp/frhorton/1tzcpt1xe.html african art and patterns ] automobile promotion sales [http://s1.shard.jp/losaul/australian-topographic.html australian architecture awards ] [http://s1.shard.jp/frhorton/fhojtfuuj.html african american girl name ] [http://s1.shard.jp/frhorton/gcc5hqqy1.html african american attainment educational man ] site [http://s1.shard.jp/frhorton/bnm8i4pvp.html africa kids facts ] [http://s1.shard.jp/bireba/antivirus-small.html avg6.0 antivirus ] [http://s1.shard.jp/bireba/antivirus-checking.html norton antivirus definitions disk ] [http://s1.shard.jp/losaul/beds-online-australia.html bryan adams tour australia ] [http://s1.shard.jp/olharder/autoextracom.html jc autobody houston ] [http://s1.shard.jp/frhorton/3l77ipk2f.html african american student achievement ] [http://s1.shard.jp/frhorton/h9wk8xs2j.html history of african american nurses ]
æ¡è¿å å ¥OWASPå°ç£åæï¼ã網ç«å®å ¨ç第ä¸æ¥ï¼å¾å å ¥OWASPå°ç£åæéå§ãã
<paypal>Taiwan</paypal>
å°ç£åææé·é»èæå çï¼Wayne Huangï¼æ¨åæå·¥ä½åä»è¡·å¿è¯å®æ¨çåèï¼ä¸ç®¡æ¨å¨ä½èï¼çè³æ¨å æ¾çä¸ç¶²è·¯è¶³è·¡æ¼å°ç£ï¼æè¬æ¨é¡æè·å¤§å®¶ä¸èµ·å享ï¼è®æåç¨æ´å¤ä¸åçè§åº¦ä¾æª¢è¦Webå®å ¨ç趨å¢ãå¨è ãåé¡è解決æ¹æ¡ã
- 1 æ¡è¿å è¨ OWASP å°ç£åæ
- 2 ææ°æ´»å
- 3 æ¡è¿æ¨çåè
- 4 æéOWASP (About OWASP)
- 5 OWASP å°ç£åæ (OWASP Taiwan Chapter)
- 6 OWASP Taiwan
- 7 Participation
- 8 Sponsorship/Membership
- 9 å è²»å å ¥OWASPå°ç£åæ
- 10 OWASPå°ç£åæ é¨è½æ ¼ blog
- 11 å¦ä½å å ¥æå¡
- 12 è¿ææ¶æ¯
- 13 網ç«èWebæåçäºå¤§è³å®å°å¢
- 14 ææ°2007å¹´OWASPå大Webè³å®æ¼æ´ (2007 OWASP Top 10)
- 15 æå¡å表 (Member List)
æ¡è¿å è¨ OWASP å°ç£åæ
ææ°æ´»å
第ä¸å±OWASPå®æ¹äºæ´²å¹´æ(OWASP Asia 2007)
Security 3.0 in Web 2.0 Age â Practices and Challenges of Web 2.0 Security
[OWASP_AppSec_Asia_2007 ]
Whitehat Securityãç¾åéé(American Express)ãé¿ç¢¼ç§æ(Armorize)ãQualysçè·¨åä¼æ¥èè³å®å ¬å¸çé«é主管èé¦å¸ç 究å¡é½èå°ç£ï¼æ¨ç¥éä»åå¦ä½çå¾ Web 2.0æä»£ä¹ Security 3.0åï¼å°å°ç£èå ¨ççå«ææ¯ä»éº¼ï¼ææ¿åºãä¼æ¥èä¸è¬ä½¿ç¨è å該å¦ä½å æï¼å¾ä¸é¢éäº2007å¹´çè³å®ç大æ°èï¼éé²èæ樣çè¨æ¯ï¼
- 5æ11æ¥èµ·ï¼Googleéå§ç£æ§éé§ç¶²ç«ï¼ä¸¦è²¼ä¸å±éªç¶²ç«ä¹æ¨ç±¤!
- 5æ15æ¥æOWASPå ¬ä½2007å¹´ææ°çå大Webå¼±é»ï¼è·¨ç«è ³æ¬æ»æ(XSS)ç»ä¸æ¦é¦!
- 6æ6æ¥IBM購併Watchfireï¼HPé¨å³æ¼6æ19æ¥è³¼ä½µSPI Dynamics!èå åçCenzic以滲é測試æè¡æ¼6æ18æ¥ç²å¾ç¾åå°å©!
- Web 2.0çè³å®å¨è ï¼å æä¹éï¼Security 3.0ï¼æåç實åæ¡ä¾ï¼
第ä¸å±OWASPå®æ¹äºæ´²å¹´æå°æ¼9æ27æ¥(é±å)ä¸å1é»æ¼å°å¤§é«é¢åéæè°ä¸å¿201室(å°åå¸ä¸æ£åå¾å·è·¯äºè)è辦ï¼æ¡è¿æ¨ä¾å ±è¥çèï¼æ»¿è¼èæ¸!éææ´å¤...
第ä¸å±å°ç£é§å®¢å¹´æ(HIT 2007)
第ä¸å±å°ç£é§å®¢å¹´æ(HIT 2007)å·²æ¼2007å¹´7æ21æ¥(é±å )è³22æ¥(é±æ¥)å¨åç«èºç£ç§æ大å¸å ¬é¤¨æ ¡åå滿è½å¹ï¼æ´»åçæ³ç©ºåï¼è©³æ è«è¦ HIT 2007 å®æ¹ç¶²ç«: http://hitcon.org
æ¡è¿æ¨çåè
å å ¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨ï¼æå¡è³æ ¼å®å ¨éæ¾çµ¦ä»»ä½å°æ¼æç¨ç¨å¼å®å ¨æè趣çäººå£«ï¼ æåé¼åµæå¡æ¼OWASPå°ç£åæå享ä»åçç¥è並æä¾å°é¡æ¼è¬ï¼ èå¨å å ¥æå¡åï¼è«æ¨ä»ç´°é±è®åææå¡æåã è¥è¦å å ¥æ¬åæçmailing listï¼è«é£çµå°mailing list網é ï¼ ææçæ´»åè¨è«èæ´»åå°é»å°éééåæ¸ å®ä¾è¨è«ï¼ æ¨ä¹å¯ä»¥å¾email è¨è«å份ä¸æ¾å°æåä¹åè¨è«çå份ã æå¾æéæ¨ï¼åå æ´»ååï¼è«å次檢æ¥æ¨mailing listç信件以確å®æ´»åå°é»èæéï¼ææ¯ä»»ä½æéæ´»åè¨éçäºé ã
æéOWASP (About OWASP)
OWASP(éæ¾Webè»é«å®å ¨è¨ç« - Open Web Application Security Project)æ¯ä¸åéæ¾ç¤¾ç¾¤ãéçå©æ§çµç¹ï¼ç®åå ¨çæ82ååæè¿è¬åæå¡ï¼å ¶ä¸»è¦ç®æ¨æ¯ç è°åå©è§£æ±ºWebè»é«å®å ¨ä¹æ¨æºãå·¥å ·èæè¡æ件ï¼é·æè´åæ¼åå©æ¿åºæä¼æ¥ç解並æ¹å網é æç¨ç¨å¼è網é æåçå®å ¨æ§ãç±æ¼æç¨ç¯åæ¥å»£ï¼ç¶²é æç¨å®å ¨å·²ç¶é漸çåå°éè¦ï¼ä¸¦æ¼¸æ¼¸æçºå¨å®å ¨é åçä¸åç±é話é¡ï¼å¨æ¤åæï¼é§å®¢åä¹ææçå°ç¦é»è½ç§»å°ç¶²é æç¨ç¨å¼éç¼æææç¢ççå¼±é»ä¾é²è¡æ»æèç ´å£ã
ç¾åè¯é¦è²¿æå§å¡æ(FTC)å¼·ç建è°ææä¼æ¥ééµå¾ªOWASPæç¼ä½çå大Webå¼±é»é²è·å®åãç¾ååé²é¨äº¦åçºæ佳實åï¼åéä¿¡ç¨å¡è³æå®å ¨æè¡PCIæ¨æºæ´å°å ¶åçºå¿ è¦å 件ãç®åOWASPæ30å¤åé²è¡ä¸çè¨ç«ï¼å æ¬æç¥åçOWASP Top 10(å大Webå¼±é»)ãWebGoat(代罪ç¾ç¾)ç·´ç¿å¹³å°ãå®å ¨PHP/Java/ASP.Netçè¨ç«ï¼éå°ä¸åçè»é«å®å ¨åé¡å¨é²è¡è¨è«èç 究ã
ç¶è²´å®ä½æ±ºå®éæ¾ç¶²é æåæï¼å°±å¿ é è®ä¾èªæ¼å ¨çç網é è«æ±é²å ¥å®ä½å §é¨ç網é 伺æå¨ãé§å®¢å¯ä»¥èç±é±èå¨åæ³ç網é è«æ±å §ï¼ééé²ç«çãå ¥ä¾µåµæ¸¬ç³»çµ±æå ¶ä»é²ç¦¦ç³»çµ±çåµæ¸¬ï¼å èçä¹çé²å ¥å®ä½å §é¨æèç±å®ä½ç¶²ç«å ç¶è·³æ¿èä¸ç¹¼ç«èåå ¶ä»å害è ç¼åæ»æãéæå³èä¼æ¥ç網é ç¨å¼ç¢¼ä¹å¿ é æçºæ©é(æ§)å®ä½å¨éçå®å ¨é²è·ä¹ä¸ï¼ç¶å®ä½ç¶²é æåçè¦æ¨¡èè¤éæ§å¢å æï¼å®ä½æ´é²æ¼å¤ç風éªä¹é漸å¢å ã
OWASP å°ç£åæ (OWASP Taiwan Chapter)
- 網é :http://www.owasp.org.tw
- é»éµ:[email protected]
- 群çµ:[email protected]
- ä½å:å°åå¸115å港åä¸éè·¯19-13è(å港è»é«åå)Eæ£5æ¨554室
OWASP Taiwan
Welcome to the Taiwan chapter homepage. The chapter leader is Wayne Huang
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Chapter meetings are held several times a year, typically in the offices of our sponsor.
Please subscribe to the mailing list for meeting announcements.
å è²»å å ¥OWASPå°ç£åæ
å å
¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨
å å
¥æå¡æ¹æ³è«è¦æ¬é ä¸æ¹ å¦ä½å å
¥æå¡
å å
¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨ï¼æå¡è³æ ¼å®å
¨éæ¾çµ¦ä»»ä½å°æ¼æç¨ç¨å¼å®å
¨æè趣ç人士ï¼
æåé¼åµæå¡æ¼OWASPå°ç£åæå享ä»åçç¥è並æä¾å°é¡æ¼è¬ï¼
èå¨å å
¥æå¡åï¼è«æ¨ä»ç´°é±è®åææå¡æåã
è¥è¦å å
¥æ¬åæçmailing listï¼è«é£çµå°mailing list網é ï¼
ææçæ´»åè¨è«èæ´»åå°é»å°éééåæ¸
å®ä¾è¨è«ï¼
æ¨ä¹å¯ä»¥å¾email è¨è«å份ä¸æ¾å°æåä¹åè¨è«çå份ã
æå¾æéæ¨ï¼åå æ´»ååï¼è«å次檢æ¥æ¨mailing listç信件以確å®æ´»åå°é»èæéï¼ææ¯ä»»ä½æéæ´»åè¨éçäºé ã
OWASPå°ç£åæ é¨è½æ ¼ blog
éè¦ä¸æè³å®æ å ±ï¼æè¡åæï¼å¸å ´è³è¨åï¼
æ¡è¿å¸¸ä¾ OWASPå°ç£åæ é¨è½æ ¼ blog
å¦ä½å å ¥æå¡
æ¡è¿å è²»å å ¥OWASP Taiwanå°ç£åæï¼å å ¥æ¹å¼æä¸ç¨®ï¼ç·ä¸å ±åï¼emailå ±å以åå³çå ±åï¼ å·¥ä½åä»ææçºéç¥æææå¡æéOWASPææ°æ´»åè³è¨è座è«æè°ç¨.
ç·ä¸å ±å
è«ææ¤å¡«å¯«ç·ä¸å ±åå®
Emailå ±å
è«emailï¼[email protected]å å ¥å°ç£åæ,è«è¨»æä¸åè³è¨.
- å§å
- å®ä½
- è·ç¨±
- é»åéµä»¶
- è¯çµ¡é»è©±
å³çå ±å
è«åå°æ¤å ±å表,填寫å¾å³çè³(02)6616-1100å³å¯.
è¿ææ¶æ¯
- Webæç¨ç¨å¼å®å ¨ç è¨æ:å¨2008å¹´7æ22æ¥èµ·ï¼è¡æ¿é¢ç èæèè³éå®å ¨æå ±ææä¸å¿è辦ä¹æ¿åºæ©éè»é«å®å ¨æè¡ç è¨æï¼ééWeb æç¨ç¨å¼å®å ¨åèæå¼å°å ¥æ¡ä¾ï¼ç解Webæç¨ç¨å¼å¯è½å¼±é»ï¼æä¾åæ©é(æ§)å§å¤ç®¡çåèã
- Webå®å ¨æ°è:å¨2007å¹´6æ11æ¥ï¼iThomeå ±å°ã網ç«å®å ¨æ½°å ¤ï¼ä¸å®å ¨å°±æ²é¡§å®¢ãï¼æ·±å ¥è¿½è¹¤Googleæå°å¼æå ææ¡æ網ç«ä¹æ°æªæ½ï¼å ¶æå°çµææçºæè³å®åé¡ç網ç«è²¼ä¸è¦åæ¨ç±¤ï¼ä¸¦é»æ¢ä½¿ç¨è ç´æ¥ç覽ã
- OWASPå°ç£åæåå±:å¨2007å¹´4æ16è³18æ¥ï¼å°ååéè³å®å±(http://www.secutech.com/tw/is/index.asp) ééç»å ´ï¼OWASPå°ç£åæéæ¨èè¨æ¤ä½A402èA404ï¼å³å¯ç²å¾Webè³å®å ç¢ä¸å¼µï¼ä¸¦è¦ªèªåæé«é©æ¯æ»²é測試ãå¼±é»ç¨½æ ¸çå³çµ±è³å®æª¢æ¸¬æ¹å¼æ´çºåªç°çèªåæºç¢¼æª¢æ¸¬æè¡ã
- Webå®å ¨æ°è:å¨2007å¹´4æ11æ¥ï¼iThomeå ±å°ãOWASPå°ç£åææç«æå¡å è²»æåä¸ï¼ç¼å©æåWebå®å ¨é²è·è·ä¸åé趨å¢ãã
- Webå®å ¨æ°è:å¨2007å¹´4æ9æ¥ï¼èææ¥å ±å ±å°å°ç£å·²æESPNé«è²å°ç許å¤èæ°ç¾çæ´»æ¯æ¯ç¸éçäºåä¸åå®ç¶²ï¼ä¸æ以ä¾é¸çºéé§å®¢æ¤å ¥æ¨é¦¬å¾éï¼èç±è»é«å» åå°ç¡ä¿®è£ç¨å¼çãé¶æå·®æ»æãï¼Zero-Day Attackï¼ï¼ç¡è¾ä½¿ç¨è åªè¦é£ä¸ç¶²ç覽ï¼é»è ¦å°±ä¸çï¼è¼è 帳èãå¯ç¢¼éç«ï¼èº«å被çç¨ï¼éè æ©æè³æå¤æ´©æ財ç©æ失ã
- Webæç¨ç¨å¼å®å ¨ç è¨æ:å¨2007å¹´3æ27è³4æ11æ¥ï¼è¡æ¿é¢ç èæèè³éå®å ¨æå ±ææä¸å¿è辦ä¹æ¿åºè³éå®å ¨é²è·å·¡è¿´ç è¨æï¼è³å®ç¼å±è¶¨å¢å網路æç¨æåè³è¨å®å ¨ï¼æ¡è¿æ¿åºæ©é(æ§)è² è²¬è³éå®å ¨ç¸é人å¡è¸´èºåå ãNEW!ç è¨æè¬ç¾©ä¸è¼
- Webå®å ¨æ°è:å¨2007å¹´3æ21æ¥ï¼ä¸åæå ±å ±å°ãä¸ç¶²æä¸å®å ¨å家ï¼å°ç£é«å± 第äºãï¼ç±æ³åé¨èª¿æ¥å±ãåäºå±çå®ä½å ±åéå°å°ç£ç¶²è·¯å®å ¨é²è¡è§å¯ç¼ç¾ï¼å°ç£ç¶²è·¯çè³è¨å®å ¨å¨è ï¼é«å± äºæ´²ç¬¬äºï¼å 次æ¼ä¸åã2007å¹´åè³ä»ï¼å¹³åæ¯å¤©é½æç¼ç5件é§å®¢å ¥ä¾µäºä»¶ã
- Webå®å ¨æ°è:å¨2007å¹´3æ8æ¥ï¼æ±æ£®æ°èå ±å°ãå°ç£é§å®¢æ»æäºä»¶åå°é¾ä¹å ï¼90ï¼ éè¡æ¾éå ¥ä¾µãï¼ç¶è許å¤ä¼æ¥é½ä»¥æ²æé ç®çºç±ï¼ä¸é¡æå¢å é²è·è¨åè人åï¼è¢«é§å®¢ç«æ¹å ¥ä¾µç¶²é ï¼ä¸ç解èå¾å´éçæ義ï¼ç¶²é æ¹åå¾ï¼ä¸¦æ²æå¢å é²è·è¨åï¼çè³éæå®ä¸ä¼æ¥è¢«é§é£çºé«é82次ãåæ°èé£çµ
網ç«èWebæåçäºå¤§è³å®å°å¢
- IT人å¡ä¸è¶³
- 缺ä¹è³å®é åå°æ¥ç¥è
- åè½æ§é©æ¶çºä¸»
- 缺ä¹èªååå·¥å ·
- ææ¬ãæçå°åå°æ¡æ¨¡å¼ä¸å©ç¢ºä¿å°æ¡å質
ææ°2007å¹´OWASPå大Webè³å®æ¼æ´ (2007 OWASP Top 10)
å大Webè³å®æ¼æ´å表
- A1. 跨網ç«çå ¥ä¾µå串(Cross Site Scriptingï¼ç°¡ç¨±XSSï¼äº¦ç¨±çºè·¨ç«è ³æ¬æ»æ)ï¼Webæç¨ç¨å¼ç´æ¥å°ä¾èªä½¿ç¨è çå·è¡è«æ±éåç覽å¨å·è¡ï¼ä½¿å¾æ»æè å¯æ·å使ç¨è çCookieæSessionè³æèè½ååç´æ¥ç»å ¥çºåæ³ä½¿ç¨è ã
- A2. æ³¨å ¥ç¼ºå¤±(Injection Flaw)ï¼Webæç¨ç¨å¼å·è¡ä¾èªå¤é¨å æ¬è³æ庫å¨å §çæ¡ææ令ï¼SQL InjectionèCommand Injectionçæ»æå æ¬å¨å §ã
- A3. æ¡ææªæ¡å·è¡(Malicious File Execution)ï¼Webæç¨ç¨å¼å¼å ¥ä¾èªå¤é¨çæ¡ææªæ¡ä¸¦å·è¡æªæ¡å §å®¹ã
- A4. ä¸å®å ¨çç©ä»¶åè(Insecure Direct Object Reference)ï¼æ»æè å©ç¨Webæç¨ç¨å¼æ¬èº«çæªæ¡è®ååè½ä»»æååæªæ¡æéè¦è³æï¼æ¡ä¾å æ¬http://example/read.php?file=../../../../../../../c:\boot.iniã
- A5. 跨網ç«çå½é è¦æ± (Cross-Site Request Forgeryï¼ç°¡ç¨±CSRF): å·²ç»å ¥Webæç¨ç¨å¼çåæ³ä½¿ç¨è å·è¡å°æ¡æçHTTPæ令ï¼ä½Webæç¨ç¨å¼å»ç¶æåæ³éæ±èçï¼ä½¿å¾æ¡ææ令被æ£å¸¸å·è¡ï¼æ¡ä¾å æ¬ç¤¾äº¤ç¶²ç«å享ç QuickTimeãFlashå½±çä¸èææ¡æçHTTPè«æ±ã
- A6. è³è¨æé²èä¸é©ç¶é¯èª¤èç½® (Information Leakage and Improper Error Handling)ï¼Webæç¨ç¨å¼çå·è¡é¯èª¤è¨æ¯å å«ææè³æï¼æ¡ä¾å æ¬:系統æªæ¡è·¯å¾çæé²æè³æ庫æ¬ä½å稱ã
- A7. éç ´å£çéå¥èé£ç·ç®¡ç(Broken Authentication and Session Management)ï¼Webæç¨ç¨å¼ä¸èªè¡æ°å¯«ç身åé©èç¸éåè½æ缺é·ã
- A8. ä¸å®å ¨çå¯ç¢¼å²åå¨ (Insecure Cryptographic Storage)ï¼Webæç¨ç¨å¼æ²æå°æææ§è³æ使ç¨å å¯ã使ç¨è¼å¼±çå å¯æ¼ç®æ³æå°éé°å²åæ¼å®¹æ被åå¾ä¹èã
- A9. ä¸å®å ¨çéè¨(Insecure Communication)ï¼å³éæææ§è³ææ並æªä½¿ç¨HTTPSæå ¶ä»å å¯æ¹å¼ã
- A10. çæ¼éå¶URLåå(Failure to Restrict URL Access)ï¼æäºç¶²é å çºæ²ææ¬éæ§å¶ï¼ä½¿å¾æ»æè å¯éé網åç´æ¥ååï¼æ¡ä¾å æ¬å 許ç´æ¥ä¿®æ¹WikiæBlog網é å §å®¹ã
é次OWASPå ¬å¸æ°çTop 10åæ åºç®åçæ»æç¾æ³ï¼ä»¥ä»å¹´çºä¾ï¼Cross-Site Scripting(XSS)調æ´çº10大æ»æä¹é¦ï¼ç實çåæ åºç®å網路é£éèè©æ¬ºçæ»ææ¿«ç¨XSSçæ å½¢ï¼äºå¯¦ä¸ï¼ç¾ååé²é¨çBSIè¨ç«(Build-Security In,https://buildsecurityin.us-cert.gov/) åMitreç 究æ©æ§çCVEè³å®èå¼±æ§å表(http://cve.mitre.org/) 亦顯示1)Cross Site Scriptingè2)SQL Injectionå·²é£çºå ©å¹´åçºå ¨çé èå´éè³å®å¼±é».
ç´æ¥èç¨å¼ç¢¼å®å ¨å質æé
- [å¿ è¦*]A1. 跨網ç«å ¥ä¾µå串(Cross Site Scripting)
- [å¿ è¦*]A2. æ³¨å ¥ç¼ºå¤±(Injection Flaw)
- [建è°*]A3. æ¡ææªæ¡å·è¡(Malicious File Execution)
- [建è°*]A4. ä¸å®å ¨çç©ä»¶åè(Insecure Direct Object Reference)
- [é¸æ*]A5. 跨網ç«è¦æ±å½é (Cross-Site Request Forgery)
*OWASPå°ç£åæå¼·ç建è°åå®ä½å¨é²è¡æºç¢¼æª¢æ¸¬æï¼å°¤ä»¥æ¿åºæ©é(æ§)ï¼æéµå¾ªæ¿åºè³éå®å
¨ä½æ¥è¦ç¯(http://www.giscc.org.tw) ä¹ãWebæç¨ç¨å¼å®å
¨åèæå¼ãï¼ä¸¦å°1è2åçºå¿
è¦æª¢æ¸¬é
ç®ï¼3è4åçºå»ºè°æª¢æ¸¬é
ç®ï¼è5åçºé¸æ檢測é
ç®ã
ï¼å¨å¯¦åæ¡ä¾ä¸ï¼æª¢æ¸¬ä¸¦ä¿®æ£1è2å³å¯é¿å çµå¤§å¤æ¸çWebè³å®å¨è ã
å ä¸è¿°æ¼æ´éæ¥é ææèWeb伺æå¨åå¤é¨è¨å®æé
- Information Leakage and Improper Error Handling
- Broken Authentication and Session Management
- Insecure Cryptographic Storage
- Insecure Communications
- Failure to Restrict URL Access
æå¡å表 (Member List)
Coming up soon!