資安 - 工程師視角

TonyQ

資訊安全

細心與掌握的考驗

本日重點

OWASP 2017 (RC2)

列表

• Injection
• Session managment/Broken auth
• Sensitive data exposure
• Broken access control
• Security misconfiguration
• Cross site scripting
• Insecure deserialization
• Using component with known volnerabilities
• Insufficient logging & monitoring

Injection

注入弱點

(常見是 db 的 sql injection)

Session managment/Broken auth

Sensitive data exposure

Broken access control

Security misconfiguration

Cross site scripting

Insecure deserialization

Using component with known volnerabilities

Insufficient logging & monitoring

Q&A