This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Taiwan

From OWASP

Revision as of 16:29, 29 May 2009 by Deleted user (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

<paypal>Taiwan</paypal>

1 æ¡è¿åè¨ OWASP å°ç£åæ
2 ææ°æ´»å
- 2.1 ç¬¬ä¸å±OWASPå®æ¹äºæ´²å¹´æ(OWASP Asia 2007)
- 2.2 ç¬¬ä¸å±å°ç£é§å®¢å¹´æ(HIT 2007)
3 æ¡è¿æ¨çåè
4 æéOWASP (About OWASP)
5 OWASP å°ç£åæ (OWASP Taiwan Chapter)
6 OWASP Taiwan
7 Participation
8 Sponsorship/Membership
9 åè²»å å¥OWASPå°ç£åæ
10 OWASPå°ç£åæ é¨è½æ ¼ blog
11 å¦ä½å å¥æå¡
12 è¿ææ¶æ¯
13 ç¶²ç«èWebæåçäºå¤§è³å®å°å¢
14 ææ°2007å¹´OWASPåå¤§Webè³å®æ¼æ´ (2007 OWASP Top 10)
15 æå¡åè¡¨ (Member List)

æ¡è¿åè¨ OWASP å°ç£åæ

ææ°æ´»å

ç¬¬ä¸å±OWASPå®æ¹äºæ´²å¹´æ(OWASP Asia 2007)

Security 3.0 in Web 2.0 Age â Practices and Challenges of Web 2.0 Security

[OWASP_AppSec_Asia_2007 ]

5æ11æ¥èµ·ï¼Googleéå§ç£æ§éé§ç¶²ç«ï¼ä¸¦è²¼ä¸å±éªç¶²ç«ä¹æ¨ç±¤!
5æ15æ¥æOWASPå¬ä½2007å¹´ææ°çåå¤§Webå¼±é»ï¼è·¨ç«è³æ¬æ»æ(XSS)ç»ä¸æ¦é¦!
6æ6æ¥IBMè³¼ä½µWatchfireï¼HPé¨å³æ¼6æ19æ¥è³¼ä½µSPI Dynamics!èååçCenzicä»¥æ»²éæ¸¬è©¦æè¡æ¼6æ18æ¥ç²å¾ç¾åå°å©!
Web 2.0çè³å®å¨èï¼å æä¹éï¼Security 3.0ï¼æåçå¯¦åæ¡ä¾ï¼

ç¬¬ä¸å±å°ç£é§å®¢å¹´æ(HIT 2007)

æ¡è¿æ¨çåè

æéOWASP (About OWASP)

OWASP å°ç£åæ (OWASP Taiwan Chapter)

ç¶²é :http://www.owasp.org.tw
é»éµ:[email protected]
ç¾¤çµ:[email protected]
ä½å:å°åå¸115åæ¸¯åä¸éè·¯19-13è(åæ¸¯è»é«åå)Eæ£5æ¨554å®¤

OWASP Taiwan

Welcome to the Taiwan chapter homepage. The chapter leader is Wayne Huang

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?

Chapter meetings are held several times a year, typically in the offices of our sponsor.

Please subscribe to the mailing list for meeting announcements.

åè²»å å¥OWASPå°ç£åæ

OWASPå°ç£åæ é¨è½æ ¼ blog

éè¦ä¸æè³å®æå ±ï¼æè¡åæï¼å¸å ´è³è¨åï¼

æ¡è¿å¸¸ä¾ OWASPå°ç£åæ é¨è½æ ¼ blog

å¦ä½å å¥æå¡

ç·ä¸å ±å

è«ææ¤å¡«å¯«ç·ä¸å ±åå®

Emailå ±å

è«emailï¼[email protected]å å¥å°ç£åæ,è«è¨»æä¸åè³è¨.

å§å
å®ä½
è·ç¨±
é»åéµä»¶
è¯çµ¡é»è©±

å³çå ±å

è«åå°æ¤å ±åè¡¨,å¡«å¯«å¾å³çè³(02)6616-1100å³å¯.

è¿ææ¶æ¯

Webæç¨ç¨å¼å®å¨ç è¨æ:å¨2008å¹´7æ22æ¥èµ·ï¼è¡æ¿é¢ç èæèè³éå®å¨æå ±ææä¸å¿èè¾¦ä¹æ¿åºæ©éè»é«å®å¨æè¡ç è¨æï¼ééWeb æç¨ç¨å¼å®å¨åèæå¼å°å¥æ¡ä¾ï¼çè§£Webæç¨ç¨å¼å¯è½å¼±é»ï¼æä¾åæ©é(æ§)å§å¤ç®¡çåèã

Webå®å¨æ°è:å¨2007å¹´6æ11æ¥ï¼iThomeå ±å°ãç¶²ç«å®å¨æ½°å ¤ï¼ä¸å®å¨å°±æ²é¡§å®¢ãï¼æ·±å¥è¿½è¹¤Googleæå°å¼æå ææ¡æç¶²ç«ä¹æ°æªæ½ï¼å¶æå°çµææçºæè³å®åé¡çç¶²ç«è²¼ä¸è¦åæ¨ç±¤ï¼ä¸¦é»æ¢ä½¿ç¨èç´æ¥çè¦½ã

OWASPå°ç£åæåå±:å¨2007å¹´4æ16è³18æ¥ï¼å°ååéè³å®å±(http://www.secutech.com/tw/is/index.asp) ééç»å ´ï¼OWASPå°ç£åæéæ¨èè¨æ¤ä½A402èA404ï¼å³å¯ç²å¾Webè³å®åç¢ä¸å¼µï¼ä¸¦è¦ªèªåæé«é©æ¯æ»²éæ¸¬è©¦ãå¼±é»ç¨½æ ¸çå³çµ±è³å®æª¢æ¸¬æ¹å¼æ´çºåªç°çèªåæºç¢¼æª¢æ¸¬æè¡ã

Webå®å¨æ°è:å¨2007å¹´4æ9æ¥ï¼èææ¥å ±å ±å°å°ç£å·²æESPNé«è²å°çè¨±å¤èæ°ç¾çæ´»æ¯æ¯ç¸éçäºåä¸åå®ç¶²ï¼ä¸æä»¥ä¾é¸çºéé§å®¢æ¤å¥æ¨é¦¬å¾éï¼èç±è»é«å» åå°ç¡ä¿®è£ç¨å¼çãé¶æå·®æ»æãï¼Zero-Day Attackï¼ï¼ç¡è¾ä½¿ç¨èåªè¦é£ä¸ç¶²çè¦½ï¼é»è¦å°±ä¸çï¼è¼èå¸³èãå¯ç¢¼éç«ï¼èº«åè¢«çç¨ï¼éèæ©æè³æå¤æ´©æè²¡ç©æå¤±ã

Webæç¨ç¨å¼å®å¨ç è¨æ:å¨2007å¹´3æ27è³4æ11æ¥ï¼è¡æ¿é¢ç èæèè³éå®å¨æå ±ææä¸å¿èè¾¦ä¹æ¿åºè³éå®å¨é²è·å·¡è¿´ç è¨æï¼è³å®ç¼å±è¶¨å¢åç¶²è·¯æç¨æåè³è¨å®å¨ï¼æ¡è¿æ¿åºæ©é(æ§)è² è²¬è³éå®å¨ç¸éäººå¡è¸´èºåå ãNEW!ç è¨æè¬ç¾©ä¸è¼

Webå®å¨æ°è:å¨2007å¹´3æ21æ¥ï¼ä¸åæå ±å ±å°ãä¸ç¶²æä¸å®å¨åå®¶ï¼å°ç£é«å±ç¬¬äºãï¼ç±æ³åé¨èª¿æ¥å±ãåäºå±çå®ä½å±åéå°å°ç£ç¶²è·¯å®å¨é²è¡è§å¯ç¼ç¾ï¼å°ç£ç¶²è·¯çè³è¨å®å¨å¨èï¼é«å±äºæ´²ç¬¬äºï¼åæ¬¡æ¼ä¸åã2007å¹´åè³ä»ï¼å¹³åæ¯å¤©é½æç¼ç5ä»¶é§å®¢å¥ä¾µäºä»¶ã

Webå®å¨æ°è:å¨2007å¹´3æ8æ¥ï¼æ±æ£®æ°èå ±å°ãå°ç£é§å®¢æ»æäºä»¶åå°é¾ä¹å ï¼90ï¼éè¡æ¾éå¥ä¾µãï¼ç¶èè¨±å¤ä¼æ¥é½ä»¥æ²æé ç®çºç±ï¼ä¸é¡æå¢å é²è·è¨åèäººåï¼è¢«é§å®¢ç«æ¹å¥ä¾µç¶²é ï¼ä¸çè§£èå¾å´éçæç¾©ï¼ç¶²é æ¹åå¾ï¼ä¸¦æ²æå¢å é²è·è¨åï¼çè³éæå®ä¸ä¼æ¥è¢«é§é£çºé«é82æ¬¡ãåæ°èé£çµ

ç¶²ç«èWebæåçäºå¤§è³å®å°å¢

ITäººå¡ä¸è¶³
ç¼ºä¹è³å®é åå°æ¥ç¥è
åè½æ§é©æ¶çºä¸»
ç¼ºä¹èªååå·¥å·

ææ°2007å¹´OWASPåå¤§Webè³å®æ¼æ´ (2007 OWASP Top 10)

åå¤§Webè³å®æ¼æ´åè¡¨

A1. è·¨ç¶²ç«çå¥ä¾µåä¸²(Cross Site Scriptingï¼ç°¡ç¨±XSSï¼äº¦ç¨±çºè·¨ç«è³æ¬æ»æ)ï¼Webæç¨ç¨å¼ç´æ¥å°ä¾èªä½¿ç¨èçå·è¡è«æ±éåçè¦½å¨å·è¡ï¼ä½¿å¾æ»æèå¯æ·åä½¿ç¨èçCookieæSessionè³æèè½ååç´æ¥ç»å¥çºåæ³ä½¿ç¨èã
A2. æ³¨å¥ç¼ºå¤±(Injection Flaw)ï¼Webæç¨ç¨å¼å·è¡ä¾èªå¤é¨åæ¬è³æåº«å¨å§çæ¡ææä»¤ï¼SQL InjectionèCommand Injectionçæ»æåæ¬å¨å§ã
A3. æ¡ææªæ¡å·è¡(Malicious File Execution)ï¼Webæç¨ç¨å¼å¼å¥ä¾èªå¤é¨çæ¡ææªæ¡ä¸¦å·è¡æªæ¡å§å®¹ã
A4. ä¸å®å¨çç©ä»¶åè(Insecure Direct Object Reference)ï¼æ»æèå©ç¨Webæç¨ç¨å¼æ¬èº«çæªæ¡è®ååè½ä»»æååæªæ¡æéè¦è³æï¼æ¡ä¾åæ¬http://example/read.php?file=../../../../../../../c:\boot.iniã
A5. è·¨ç¶²ç«çå½é è¦æ± (Cross-Site Request Forgeryï¼ç°¡ç¨±CSRF): å·²ç»å¥Webæç¨ç¨å¼çåæ³ä½¿ç¨èå·è¡å°æ¡æçHTTPæä»¤ï¼ä½Webæç¨ç¨å¼å»ç¶æåæ³éæ±èçï¼ä½¿å¾æ¡ææä»¤è¢«æ£å¸¸å·è¡ï¼æ¡ä¾åæ¬ç¤¾äº¤ç¶²ç«åäº«ç QuickTimeãFlashå½±çä¸èææ¡æçHTTPè«æ±ã
A6. è³è¨æé²èä¸é©ç¶é¯èª¤èç½® (Information Leakage and Improper Error Handling)ï¼Webæç¨ç¨å¼çå·è¡é¯èª¤è¨æ¯åå«ææè³æï¼æ¡ä¾åæ¬:ç³»çµ±æªæ¡è·¯å¾çæé²æè³æåº«æ¬ä½åç¨±ã
A8. ä¸å®å¨çå¯ç¢¼å²åå¨ (Insecure Cryptographic Storage)ï¼Webæç¨ç¨å¼æ²æå°æææ§è³æä½¿ç¨å å¯ãä½¿ç¨è¼å¼±çå å¯æ¼ç®æ³æå°éé°å²åæ¼å®¹æè¢«åå¾ä¹èã
A9. ä¸å®å¨çéè¨(Insecure Communication)ï¼å³éæææ§è³ææä¸¦æªä½¿ç¨HTTPSæå¶ä»å å¯æ¹å¼ã
A10. çæ¼éå¶URLåå(Failure to Restrict URL Access)ï¼æäºç¶²é å çºæ²ææ¬éæ§å¶ï¼ä½¿å¾æ»æèå¯ééç¶²åç´æ¥ååï¼æ¡ä¾åæ¬åè¨±ç´æ¥ä¿®æ¹WikiæBlogç¶²é å§å®¹ã

éæ¬¡OWASPå¬å¸æ°çTop 10åæ åºç®åçæ»æç¾æ³ï¼ä»¥ä»å¹´çºä¾ï¼Cross-Site Scripting(XSS)èª¿æ´çº10å¤§æ»æä¹é¦ï¼çå¯¦çåæ åºç®åç¶²è·¯é£éèè©æ¬ºçæ»ææ¿«ç¨XSSçæå½¢ï¼äºå¯¦ä¸ï¼ç¾ååé²é¨çBSIè¨ç«(Build-Security In,https://buildsecurityin.us-cert.gov/) åMitreç ç©¶æ©æ§çCVEè³å®èå¼±æ§åè¡¨(http://cve.mitre.org/) äº¦é¡¯ç¤º1)Cross Site Scriptingè2)SQL Injectionå·²é£çºå©å¹´åçºå¨çé èå´éè³å®å¼±é».

ç´æ¥èç¨å¼ç¢¼å®å¨åè³ªæé

[å¿è¦*]A1. è·¨ç¶²ç«å¥ä¾µåä¸²(Cross Site Scripting)
[å¿è¦*]A2. æ³¨å¥ç¼ºå¤±(Injection Flaw)
[å»ºè°*]A3. æ¡ææªæ¡å·è¡(Malicious File Execution)
[é¸æ*]A5. è·¨ç¶²ç«è¦æ±å½é (Cross-Site Request Forgery)

å ä¸è¿°æ¼æ´éæ¥é ææèWebä¼ºæå¨åå¤é¨è¨å®æé

Information Leakage and Improper Error Handling
Broken Authentication and Session Management
Insecure Cryptographic Storage
Insecure Communications
Failure to Restrict URL Access

æå¡åè¡¨ (Member List)

Coming up soon!

Retrieved from "https://wiki.owasp.org/index.php?title=Taiwan&oldid=63002"

Category:

OWASP Chapter

Taiwan

æ¡è¿åè¨ OWASP å°ç£åæ

ææ°æ´»å