???????? - PowerPoint PPT Presentation

About This Presentation
Title:

????????

Description:

- SQL-Injection SQL- ... – PowerPoint PPT presentation

Number of Views:105
Avg rating:3.0/5.0
Slides: 21
Provided by: 1cbitrixR
Category:

less

Transcript and Presenter's Notes

Title: ????????


1
???????????? ????????-????????
2
?????????? WASC ?????? ???? ?????????? ????????
1 ????? ????? ???????????????? ?????????? 2
????? ?????? 3 ????? ??????????- ?????
???????
?????? ?? ?????? Breach ? WASC ?? 2007 ???
3
?????????? WASC ???? ???? ????????
1 ????? ????????????????? ????? 2 ?????
?????, ??????????? ??????????? 3 ?????
?????-????? ? ????????
?????? ?? ?????? Breach ? WASC ?? 2007 ???
4
????????????
??????????????????
???????????
???????????
  • ?????????????????? - ?????? ???????? ?????? ???
    ?????, ??? ??????? ??? ?????????????
  • ??????????? - ?????? ? ????????? ???????
    ?????????? ?????? ?????????? ???????? ? ??????
    ??????????? ??????
  • ??????????? - ??????? ?????? ? ?????? ??
    ?????????? ? ???????????? ??????????
    ??????????????????

5
??????? ?????????? ?????? ??????????? ???????
  • ???????? HTTP ????? ??????? ? ?? ????????????
    ?????????? ?????????
  • ??? ????????????? ????????? ? ???????
    ?????????????????? ????????? ??? ???????? ???????
  • ?????? ?????? ? ???-?????????? ???????? ???
    ??????????? ??????, ? ?????? ????? ???????????
    ?????? ?? ???????? ??? ????????????? ??????????
    ????-???? ???? ??????
  • ???????????? ????? ?????? ???????? ??? ??????????
    ?? ??????????
  • ???????????? ???????? ????? ????????? ????
    ?????????? (HTML, JavaScript)?
  • ????? ??? ???-?????????? ????????? ?????????
    ??????, ?? ??????? ????, ? ???????? ?????. ???
    ???????? ????? ???? ???????????? ??? ?????
  • ???-?????????? ???????? ????????? ????????? ?????
    ?????????? ? ??????????? ????????? (????????,
    ????? ??????). ??????, ??? ???????? ?????
    ?????????

6
??????? ?????????? ?????? ???????????? ??????
  • ??????????????? ??????
  • ???? ? ???. ????
  • ?????????, ????????? ???
  • ??????????? ?????????? ?? ?????? ??????
  • ??????????? ???????????????
  • ????????? ??????
  • ??????????????? ????????? ??????????

7
????????????? ??????
  • ????? ?? ?????????????? ????? (????????????
    ???????, ???-??????, ????? ????????????????, ????
    ??????)?
  • ????? ??????? ?????????? ??????
  • ????? ????????? ???-??????????

8
?????? ?????
  • ??????????? ????????? ??????? ? ??
    ???????????????? ??????????, ? ??????? ??
    ?????????????? ??????, ??????????? ????????
    ????????????? ??????? ? ????? ? ?????? ???????.
  • ??????? ??????? ????????? ?????????? ??????? ?
    ???????????????? ??????????, ????????? ?????
    ??????? ??????????? ??????????? ??????????.
  • ??????? ??????? ?????? ????? ???????
    ???????????, ????????? ??????????????? ??????? ?
    ??????? ??? ??????????, ??????????? ???????
    ??????????????????? ??????????, ???????????
    ????????? ??? ??????? ???????????????? ??????????.

9
?????????
  • ??????-????? (script-kiddie) ? ????????,
    ????????? 15-18 ???. ????? ??? ???????????????.
    ?????????? ??? ??????? ????????? ??? ????.
    ?????????? ???? ???-???? ???????. ????????????
    ????? ?????? ??????? ?????.
  • ????????-????????? (white hat) ??? ???????,
    ???????? ? ???????? 19-24 ???? ???? ???????
    ???????????. ????? ????????? ??? ???????. ?????
    ???????? ? ?????? ? ? ????????? ?????. ??????
    ??????, ??? ?????. ????????? ??????? ??????
    ?????? ??????.
  • ??????? (black hat) - ???? ??????? ???????????
    ???? ????????. ????? ???? ????????? ?????.
    ???????????? ????? ?? ????? ?????? ?? ???????
    ???????? ??????? ?????/???? ??????
  • ????????????? (grey hat) - ??????? ??????.
    ????? ?????????? ?????? ? ???????????? ?????
    ??????. ??? ???????, ?????? ?? ?????. ?????
    ???????????? ?? ?????????? ????? ?? ????? ??????
    ??????????.

10
?????????? ???-????????
  • ?????????????????? ??????
  • ????????????? ?????????????? (Insufficient
    Authentication)?
  • ???????????? ?????????????? ??????? (Weak
    Password Recovery Validation)?
  • ???????????
  • ????????????? ???????? ?????? (Credential/Session
    Prediction)
  • ????????????? ??????????? (Insufficient
    Authorization)?
  • ?????????? ???????? ?????? (Insufficient Session
    Expiration)?
  • ???????? ?????? (Session Fixation)?
  • ????? ?? ???????
  • ??????? ??????????? (Content Spoofing)?
  • ??????????? ?????????? ????????? (Cross-site
    Scriptin - XSS)?
  • ?????????? ????

11
?????????? ???-????????
  • ??????????? ??????????
  • ?????????????? ?????????? (Directory Indexing)?
  • ?????? ?????????? (Information Leakage)?
  • ???????? ???? ? ??????????? (Path Traversal)?
  • ????????????? ???????????? ???????? (Predictable
    Resource Location)?
  • ?????????? ?????
  • ??????????????? ????????? (Abuse of
    Functionality)?
  • ????? ? ???????????? (Denial of Service)?
  • ????????????? ??????????????? ?????????????
    (Insufficient Anti-automation)?
  • ????????????? ???????? ???????? (Insufficient
    Process Validation)?

12
???????? ?????????? ?????????? (?? ?????? WASC ??
2007 ???)?
  • SQL-Injection ????????? ????????????? SQL-????
    ? ??????????? ??????
  • PHP-include bug ??????????? ?????????
    ????????????? PHP-???? ? ??????????? ????? ??
    ??????? ???????
  • XSS Cross-Site-Scripting ????? cookies
    ???????????? ????? ????????????? ????????????
    ??????????
  • DDoS Distributed DoS ?????????????? ????? ??
    ????? ? ????????????

13
  • SQL-Injection ????????? ?????????????
    SQL-?????????? ? ??????????? ??????.
  • ??????? ????????????? ????????? ??????? ??????.
  • ??????? ????? ?? ????????? ?????? SQL-???????
    (??? ???????????? ??????? ?????????) ??
    ??????/?????? ???????????? ?????? ?? ??????.
  • ??????? ??????
  • ?????????? ?????? ????????????
  • ????????????? ??????? ??????????????
    (?????????????) ????????

?????? ?????????? ????? securitylab.ru ?? 2007
??? ?? ??????????? ?????? ????? ???????????
???????? ?????? ?????
14
  • PHP-????????? ????????? ????????????? ???? ?
    ??????????? ?????.
  • ??????? ????????? ????????????? ????????????
    ??????? ??????? PHP include ? require
  • ??????? ????? ??????? (?????? ????? ??????) /
    ??????? (????????? ????????? ???????? ?? ???? ?.
    ?. web-shell (????????? ????????) ? ?????????
    ???????????? ??????? ?? ?? ?????)?
  • ??????? ??????
  • - ???????? ???????? ????????????? ??????
  • - ???????? ????????????? include/require

15
XSS / CSRF ????????????? ???? ??? ????, ??? ???
????????? ?? ???????. ???? ???? ??????? ??????
cookies, ???????? ?????? ?? ???????????, ?????
????????? ? ???????? ????????????
JavaScript-???? ??????? ????????????? ?????????
?????? ???????????? ??????? ????? ?????.
???????? ??? ????? ? ????????????? ??????????
???????????? ?????, ??? ? ?????????????? ?? ?????
???????????. ??????? ?????? - ?????? ??
????????????? HTML ? ??????? ? ?????? -???????
???????? ? ?????????? ???? ?????? ?? ????????????
16
??? ???????? ????? ????? ???????????? ??
??????????? ????????????
??? ?????? ????????? ???-??????? ??????????
???????????? ??????????? ???????? ??????????? ?
????????????? ????
?????????? ????? ???? ???-??????????. ??????????
????? ???????? ??????????? ?????????
17
???????? ???????? ????????????
  • ?????????? ?????????? ???????????? ?????? ????
    ???????? ? ???? ???? ?????????? ??????????
  • ??????????? ????????????? ???????. ?????????????
    ?????.
  • ?????????? ??????????? ??????????
  • ???????? ???
  • ???????????? ? ?????????? ???????? ????????????
  • ???????? ????????????? ????????????

18
????????????? ?????
????????????? ????? ???????? ???????????
?????????? ? ??? ????????? ?????? ? ?????
??????????? ? ?????????? ??????? ????????????
????????????? ????????? ?????????? ?????????? ?
????????? ????????? ?????? ?????, ? ?????
?????????? ???????????? ??????? ???????
????????????
????????????? ????? ????? ????????? ??? ???????,
??? ? ? ??????? ?????????????????? ???????
???????? ???????????? (Xspider, Tennable Nessus ?
?? ????????)?
19
????????????? ????????????
????????????? ?????????? ???????????? ?????????
????????? ????? ????? ????????????? ??????,
????????? ? ???????????? ????????? ?????????? ?
?????? ????????. ???????????? ?????????? ???
?????? ???-?????????? ???????? SSL-???????? ?
?????? ????????? HTTPS. ?????? ????????
?????????????? ????? ?????????? ? ?? ???????
????????? ?????????????? ????????? ??? ????????.
??? ????????????? ???????????? ??????? ??????? -
????????????? ??????? ?????? ????????? ??????,
??????? ?????? ???? ?????? ??????????? -
???????????? ???? ?? ???? ?? ???????? ???????? ??
???????. ??????, ??????????? ??????? ????? ?????
???????? ??????, ? ???????????? ?????? ????? ?
????? ?????? ?????? ?? ???
20
????????????
??????????? ???????????? ?????????????? ????? -
?????? ??????? ? ?????????????. ??? ???????????
????? ???????? ?????? ???????????? ?????
????????-???????? ?????????? ?????????? ??????? ?
??????????? ???????????? ?????????????? ????? ?
???-??????????.
  • ???????????? ?????????????? ??????????
    ??????????? ?????????
  • ?? ??????????? ??????, ??????? ??????
  • ???????????? ????????? ????? ????????????
  • ??????????? ???????????? ??????? ? ?????????
    ????????
  • ?????????? ??????????? ?? ???????? ?
    ????????????, ????? ???? ? ????? ????????????
    ?????? ? ??????? ?? ??????????
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "???????? " is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!