{"id":2483,"date":"2024-08-03T17:57:00","date_gmt":"2024-08-03T09:57:00","guid":{"rendered":"https:\/\/systw.net\/note\/?p=2483"},"modified":"2025-10-11T09:49:41","modified_gmt":"2025-10-11T01:49:41","slug":"owasp-top-10-2021","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/2483","title":{"rendered":"OWASP Top 10 2021"},"content":{"rendered":"\n<p>OWASP Top 10 \u662f\u7531\u5168\u7403\u77e5\u540d\u7684\u975e\u71df\u5229\u7d44\u7e54\u300c\u958b\u653e\u5f0f\u7db2\u8def\u61c9\u7528\u5b89\u5168\u8a08\u756b\uff08OWASP, The Open Web Application Security Project\uff09\u300d\u6240\u5236\u5b9a\uff0c\u65e8\u5728\u8b58\u5225\u4e26\u63ed\u9732\u6700\u5177\u4ee3\u8868\u6027\u7684\u5341\u5927\u7db2\u8def\u61c9\u7528\u7a0b\u5f0f\u5b89\u5168\u98a8\u96aa\u3002<\/p>\n\n\n\n<p>\u9019\u4efd\u98a8\u96aa\u6e05\u55ae\u4e26\u975e\u55ae\u7d14\u7684\u7d71\u8a08\u6392\u540d\uff0c\u800c\u662f\u7d50\u5408\u4e86\u4f86\u81ea\u5168\u7403\u6578\u4ee5\u842c\u8a08\u7684\u5be6\u969b\u653b\u64ca\u6578\u64da\u3001\u6f0f\u6d1e\u901a\u5831\u3001\u5c08\u5bb6\u8a55\u4f30\u8207\u793e\u7fa4\u554f\u5377\u8abf\u67e5\uff0c\u91dd\u5c0d\u98a8\u96aa\u7684\u300c\u6280\u8853\u56b4\u91cd\u6027\u300d\u3001\u300c\u88ab\u5229\u7528\u7684\u53ef\u80fd\u6027\u300d\u3001\u300c\u696d\u754c\u95dc\u6ce8\u7a0b\u5ea6\u300d\u7b49\u591a\u9762\u5411\u9032\u884c\u6b0a\u91cd\u8861\u91cf\u5f8c\u6240\u5f97\u51fa\u7684\u7d50\u679c\u3002OWASP\u63d0\u5230\u7684\u5f31\u9ede\u5982\u4e0b\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A01:2021 \u2013 \u5b58\u53d6\u63a7\u5236\u5931\u6548\uff08Broken Access Control\uff09<\/li>\n\n\n\n<li>A02:2021 \u2013 \u52a0\u5bc6\u5931\u6548\uff08Cryptographic Failures\uff09<\/li>\n\n\n\n<li>A03:2021 \u2013 \u6ce8\u5165\u653b\u64ca\uff08Injection\uff09<\/li>\n\n\n\n<li>A04:2021 \u2013 \u8a2d\u8a08\u4e0d\u826f\uff08Insecure Design\uff09<\/li>\n\n\n\n<li>A05:2021 \u2013 \u5b89\u5168\u8a2d\u5b9a\u932f\u8aa4\uff08Security Misconfiguration\uff09<\/li>\n\n\n\n<li>A06:2021 \u2013 \u4f7f\u7528\u6709\u6f0f\u6d1e\u6216\u904e\u671f\u5143\u4ef6\uff08Vulnerable and Outdated Components\uff09<\/li>\n\n\n\n<li>A07:2021 \u2013 \u8eab\u4efd\u9a57\u8b49\u8207\u7ba1\u7406\u5931\u6548\uff08Identification and Authentication Failures\uff09<\/li>\n\n\n\n<li>A08:2021 \u2013 \u8edf\u9ad4\u8207\u8cc7\u6599\u5b8c\u6574\u6027\u5931\u6548\uff08Software and Data Integrity Failures\uff09<\/li>\n\n\n\n<li>A09:2021 \u2013 \u5b89\u5168\u65e5\u8a8c\u8207\u76e3\u63a7\u5931\u6548\uff08Security Logging and Monitoring Failures\uff09<\/li>\n\n\n\n<li>A10:2021 \u2013 \u4f3a\u670d\u5668\u7aef\u8acb\u6c42\u507d\u9020\uff08Server-Side Request Forgery, SSRF\uff09<\/li>\n<\/ul>\n\n\n\n<p>refer\uff1a<a href=\"https:\/\/owasp.org\/Top10\" target=\"_blank\" rel=\"noopener\">https:\/\/owasp.org\/Top10<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">1.Broken Access Control<\/h2>\n\n\n\n<p>\u5b58\u53d6\u63a7\u5236\u7684\u6838\u5fc3\u5728\u65bc\u78ba\u4fdd\u4f7f\u7528\u8005\u7121\u6cd5\u903e\u8d8a\u5176\u6388\u6b0a\u7bc4\u570d\u57f7\u884c\u64cd\u4f5c\u3002\u4e00\u65e6\u63a7\u7ba1\u5931\u6548\uff0c\u5c07\u5c0e\u81f4\u672a\u6388\u6b0a\u7684\u8cc7\u6599\u6d29\u6f0f\u3001\u7ac4\u6539\u3001\u522a\u9664\uff0c\u6216\u8b93\u4f7f\u7528\u8005\u57f7\u884c\u5176\u6b0a\u9650\u5916\u7684\u696d\u52d9\u529f\u80fd\u3002\u9019\u985e\u6f0f\u6d1e\u5f80\u5f80\u6e90\u81ea\u6b0a\u9650\u9a57\u8b49\u908f\u8f2f\u4e0d\u8db3\u3001URL\u76f4\u63a5\u5b58\u53d6\u8cc7\u6e90\u3001\u672a\u6b63\u78ba\u5be6\u4f5c\u7269\u4ef6\u5c64\u7d1a\u5b58\u53d6\u63a7\u5236\u7b49\u554f\u984c\u3002<br>\u4ee5\u4e0b\u70ba\u5e38\u898b\u7684\u5b58\u53d6\u63a7\u5236\u6f0f\u6d1e\u985e\u578b\uff1a<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u6848\u4f8b\uff1a\u53c3\u6578\u7be1\u6539\uff08Parameter Tampering\uff09<\/strong><\/h3>\n\n\n\n<p>java\u7a0b\u5f0f\u78bc\uff1a\u9019\u6bb5\u7a0b\u5f0f\u5c07\u4f7f\u7528\u8005\u63d0\u4ea4\u7684 acct \u53c3\u6578\uff08\u5e33\u6236\u7de8\u865f\uff09\u76f4\u63a5\u5e36\u5165SQL\u67e5\u8a62\u4e2d\uff0c\u4e26\u6c92\u6709\u505a\u4efb\u4f55\u6b0a\u9650\u9a57\u8b49\u6216\u6aa2\u67e5\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>pstmt.setString(1, request.getParameter(\"acct\"));\nResultSet results = pstmt.executeQuery();<\/code><\/pre>\n\n\n\n<p>\u653b\u64ca\u65b9\u5f0f\uff1a \u653b\u64ca\u8005\u53ea\u9700\u8981\u6253\u958b\u700f\u89bd\u5668\uff0c\u628a\u7db2\u5740\u4e2d\u7684 acct \u53c3\u6578\u4fee\u6539\u6210\u5176\u4ed6\u5e33\u865f\uff0c\u5c31\u80fd\u67e5\u8a62\u5230\u4e0d\u5c6c\u65bc\u81ea\u5df1\u7684\u5e33\u6236\u8cc7\u6599\uff0c\u56e0\u70ba\u61c9\u7528\u7a0b\u5f0f\u5b8c\u5168\u76f8\u4fe1\u4f7f\u7528\u8005\u50b3\u4f86\u7684\u5e33\u6236\u7de8\u865f\uff0c\u6c92\u6709\u9a57\u8b49\u300c\u9019\u500b\u4f7f\u7528\u8005\u662f\u5426\u771f\u7684\u6709\u6b0a\u9650\u67e5\u8a62\u8a72\u5e33\u865f\u300d\u3002<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>https:&#47;&#47;example.com\/app\/accountInfo?acct=notmyacct<\/code><\/pre>\n\n\n\n<p>\u554f\u984c\u6838\u5fc3\uff1a \u7f3a\u4e4f\u6b0a\u9650\u9a57\u8b49\u908f\u8f2f\uff0c\u53ea\u6839\u64da\u4f7f\u7528\u8005\u8f38\u5165\u7684\u53c3\u6578\u9032\u884c\u67e5\u8a62\uff0c\u5c0e\u81f4\u4efb\u610f\u5e33\u865f\u67e5\u8a62\uff08Insecure Direct Object References, IDOR\uff09\u3002<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>\u66f4\u591a\u6848\u4f8b\u53ef\u53c3\u8003\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Bypass Access Control  <a href=\"https:\/\/systw.net\/note\/archives\/1308\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/systw.net\/note\/archives\/1308<\/a><\/li>\n\n\n\n<li>WEB Privilege Escalation <a href=\"https:\/\/systw.net\/note\/archives\/1324\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/systw.net\/note\/archives\/1324<\/a><\/li>\n\n\n\n<li>JWT Attack <a href=\"https:\/\/systw.net\/note\/archives\/1448\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/systw.net\/note\/archives\/1448<\/a><\/li>\n\n\n\n<li>API recon <a href=\"https:\/\/systw.net\/note\/archives\/1863\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/systw.net\/note\/archives\/1863<\/a><\/li>\n\n\n\n<li>CORS <a href=\"https:\/\/systw.net\/note\/archives\/1105\">https:\/\/systw.net\/note\/archives\/1105<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">2.Cryptographic Failures<\/h2>\n\n\n\n<p>\u52a0\u5bc6\u5931\u6548\u4e0d\u518d\u50c5\u805a\u7126\u65bc\u300c\u8cc7\u6599\u5916\u6d29\u300d\u9019\u7a2e\u7d50\u679c\u6027\u554f\u984c\uff0c\u800c\u662f\u56de\u6b78\u6aa2\u8a0e\u300c\u8cc7\u6599\u4fdd\u8b77\u9700\u6c42\u662f\u5426\u6b63\u78ba\u843d\u5be6\u300d\u9019\u500b\u6839\u672c\u539f\u56e0\u3002\u91dd\u5c0d\u50b3\u8f38\u4e2d\u8207\u975c\u614b\u8cc7\u6599\uff08\u5982\u5bc6\u78bc\u3001\u4fe1\u7528\u5361\u8cc7\u8a0a\u3001\u5065\u5eb7\u7d00\u9304\u3001\u4f01\u696d\u6a5f\u5bc6\u7b49\uff09\uff0c\u5fc5\u9808\u4f9d\u64daGDPR\u3001PCI DSS\u7b49\u6cd5\u898f\uff0c\u5be6\u65bd\u9069\u7576\u7684\u52a0\u5bc6\u8207\u4fdd\u8b77\u63aa\u65bd\u3002\u5f31\u52a0\u5bc6\u3001\u932f\u8aa4\u914d\u7f6e\u6216\u6191\u8b49\u7ba1\u7406\u4e0d\u7576\uff0c\u5747\u6703\u5c0e\u81f4\u52a0\u5bc6\u5931\u6548\u7684\u98a8\u96aa\u3002<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u6848\u4f8b\uff1aHash\u6f14\u7b97\u6cd5\u5c0e\u81f4\u5bc6\u78bc\u6d29\u6f0f<\/h3>\n\n\n\n<p>\u67d0\u7cfb\u7d71\u5c07\u4f7f\u7528\u8005\u5bc6\u78bc\u4ee5\u672a\u52a0Salt\u7684\u7c21\u55ae\u96dc\u6e4a\uff08\u5982MD5\u3001SHA-1\uff09\u65b9\u5f0f\u5132\u5b58\u65bc\u8cc7\u6599\u5eab\u4e2d\u3002\u7531\u65bc\u5b58\u5728\u4e00\u4e9b\u6f0f\u6d1e\u80fd\u9032\u5230DB\uff0c\u5c0e\u81f4\u653b\u64ca\u8005\u6210\u529f\u5c07\u6574\u500b\u5bc6\u78bc\u96dc\u6e4a\u8cc7\u6599\u5eab\u4e0b\u8f09\u3002\u7531\u65bc\u9019\u4e9b\u96dc\u6e4a\u672a\u7d93\u904eSalt\u8655\u7406\uff0c\u653b\u64ca\u8005\u53ef\u76f4\u63a5\u4f7f\u7528\u9810\u5148\u8a08\u7b97\u597d\u7684\u300c\u5f69\u8679\u8868\uff08Rainbow Table\uff09\u300d\u9032\u884c\u53cd\u67e5\uff0c\u8fc5\u901f\u7834\u89e3\u5927\u91cf\u4f7f\u7528\u8005\u5bc6\u78bc\u3002<\/p>\n\n\n\n<p>\u5373\u4f7f\u6709\u4e9b\u5bc6\u78bc\u52a0\u4e0a\u4e86Salt\uff0c\u82e5\u7cfb\u7d71\u4f7f\u7528\u7684\u662f\u904b\u7b97\u901f\u5ea6\u904e\u5feb\u7684\u96dc\u6e4a\u6f14\u7b97\u6cd5\uff08\u5982MD5\u6216SHA-1\uff09\uff0c\u653b\u64ca\u8005\u4ecd\u53ef\u900f\u904eGPU\u9032\u884c\u66b4\u529b\u7834\u89e3\uff08Brute Force\uff09\uff0c\u5728\u77ed\u6642\u9593\u5167\u731c\u6e2c\u51fa\u5927\u91cf\u5bc6\u78bc\u3002<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">3.Injection<\/h2>\n\n\n\n<p>\u7576\u61c9\u7528\u7a0b\u5f0f\u672a\u5c0d\u7528\u6236\u8f38\u5165\u9032\u884c\u56b4\u8b39\u7684\u9a57\u8b49\u3001\u904e\u6ffe\u6216\u8f49\u7fa9\uff0c\u4e26\u76f4\u63a5\u5c07\u9019\u4e9b\u8cc7\u6599\u5e36\u5165\u52d5\u614b\u67e5\u8a62\u8a9e\u53e5\u6216\u547d\u4ee4\u4e2d\u6642\uff0c\u5c07\u6703\u66b4\u9732\u65bc\u5404\u985e\u6ce8\u5165\u653b\u64ca\u98a8\u96aa\uff0c\u5305\u62ecSQL\u3001NoSQL\u3001OS\u6307\u4ee4\u3001LDAP\u3001EL\/OGNL\u7b49\u3002\u826f\u597d\u7684\u53c3\u6578\u5316\u67e5\u8a62\u3001ORM\u9632\u79a6\u8a2d\u8a08\u8207\u8f38\u5165\u9a57\u8b49\u662f\u9632\u7bc4\u95dc\u9375\u3002\u7a0b\u5f0f\u78bc\u5be9\u67e5\uff08SAST\uff09\u3001\u52d5\u614b\u6e2c\u8a66\uff08DAST\uff09\u3001\u4e92\u52d5\u6e2c\u8a66\uff08IAST\uff09\u61c9\u6574\u5408\u81f3CI\/CD\u6d41\u7a0b\uff0c\u78ba\u4fdd\u6f0f\u6d1e\u80fd\u65bc\u4e0a\u7dda\u524d\u88ab\u6514\u622a\u3002<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u6848\u4f8b\uff1aSQL \u8a9e\u53e5\u62fc\u63a5\u5c0e\u81f4\u6ce8\u5165\u6f0f\u6d1e<\/h3>\n\n\n\n<p>\u67d0\u61c9\u7528\u7a0b\u5f0f\u5728\u7d44\u5408SQL\u67e5\u8a62\u8a9e\u53e5\u6642\uff0c\u76f4\u63a5\u5c07\u4f86\u81ea\u7528\u6236\u8f38\u5165\u7684 id \u53c3\u6578\u5d4c\u5165\u81f3SQL\u67e5\u8a62\u5b57\u4e32\u4e2d\uff0c\u672a\u7d93\u4efb\u4f55\u904e\u6ffe\u6216\u53c3\u6578\u5316\u8655\u7406\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>String query = \"SELECT * FROM accounts WHERE custID='\" + request.getParameter(\"id\") + \"'\";<\/code><\/pre>\n\n\n\n<p>\u653b\u64ca\u8005\u53ea\u9700\u5c07\u7db2\u5740\u4e2d\u7684 id \u53c3\u6578\u4fee\u6539\u70ba\u60e1\u610fSQL\u8a9e\u53e5\uff0c\u5373\u53ef\u9020\u6210SQL Injection\u3002\u4f8b\u5982\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>http:\/\/example.com\/app\/accountView?id=<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\">' UNION SELECT SLEEP(10);--<\/mark><\/code><\/pre>\n\n\n\n<p>\u9019\u6bb5payload\u6703\u5c07\u539f\u672c\u7684SQL\u8a9e\u53e5\u4fee\u6539\u70ba\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SELECT * FROM accounts WHERE custID='<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\">' UNION SELECT SLEEP(10);--<\/mark><\/code><\/pre>\n\n\n\n<p>\u653b\u64ca\u8005\u900f\u904e\u6ce8\u5165UNION\u8a9e\u6cd5\u8207SLEEP\u5ef6\u9072\u6307\u4ee4\uff0c\u53ef\u4ee5\u7528\u4f86\u6e2c\u8a66SQL\u6ce8\u5165\u662f\u5426\u6210\u529f\u3002\u82e5\u61c9\u7528\u7a0b\u5f0f\u5c07\u8cc7\u6599\u5eab\u67e5\u8a62\u7d50\u679c\u56de\u50b3\u7d66\u4f7f\u7528\u8005\uff0c\u653b\u64ca\u8005\u751a\u81f3\u80fd\u5920\u53d6\u5f97\u5b8c\u6574\u7684\u5e33\u6236\u8cc7\u6599\u6216\u9032\u4e00\u6b65\u57f7\u884c\u8cc7\u6599\u4fee\u6539\u8207\u522a\u9664\u64cd\u4f5c\u3002<\/p>\n\n\n\n<p>\u66f4\u591a\u6848\u4f8b\u53ef\u53c3\u8003\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SQL Injection <a href=\"https:\/\/systw.net\/note\/archives\/257\">https:\/\/systw.net\/note\/archives\/257<\/a><\/li>\n\n\n\n<li>OS command injection <a href=\"https:\/\/systw.net\/note\/archives\/1189\">https:\/\/systw.net\/note\/archives\/1189<\/a><\/li>\n\n\n\n<li>SSTI <a href=\"https:\/\/systw.net\/note\/archives\/1215\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/systw.net\/note\/archives\/1215<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">4.Insecure Design<\/h2>\n\n\n\n<p>\u300c\u8a2d\u8a08\u4e0d\u826f\u300d\u4ee3\u8868\u7684\u662f\u5728\u7cfb\u7d71\u67b6\u69cb\u8207\u696d\u52d9\u6d41\u7a0b\u8a2d\u8a08\u968e\u6bb5\u5373\u5b58\u5728\u7684\u5b89\u5168\u63a7\u5236\u7f3a\u9677\u3002\u9019\u985e\u554f\u984c\u7121\u6cd5\u55ae\u7d14\u4f9d\u8cf4\u5b8c\u5584\u7684\u5be6\u4f5c\u53bb\u88dc\u6551\uff0c\u56e0\u70ba\u5f9e\u4e00\u958b\u59cb\u4fbf\u7f3a\u4e4f\u91dd\u5c0d\u6027\u9632\u79a6\u6a5f\u5236\u3002\u5a01\u8105\u5efa\u6a21\u3001\u5b89\u5168\u8a2d\u8a08\u6a21\u5f0f\u8207\u98a8\u96aa\u5c0e\u5411\u67b6\u69cb\u8a2d\u8a08\uff0c\u61c9\u6210\u70ba\u958b\u767c\u65e9\u671f\u7684\u6a19\u6e96\u6d41\u7a0b\uff0c\u4ee5\u964d\u4f4e\u8a2d\u8a08\u5c64\u7d1a\u7684\u8cc7\u5b89\u98a8\u96aa\u3002<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u6848\u4f8b\uff1a\u696d\u52d9\u908f\u8f2f\u7f3a\u9677 \u2014 \u5927\u898f\u6a21\u6feb\u7528\u7fa4\u9ad4\u8a02\u7968\u6a5f\u5236<\/h3>\n\n\n\n<p>\u67d0\u9023\u9396\u96fb\u5f71\u9662\u70ba\u5438\u5f15\u5718\u9ad4\u5ba2\u6236\uff0c\u63a8\u51fa\u5718\u9ad4\u8a02\u7968\u6298\u6263\u512a\u60e0\uff0c\u898f\u5b9a15\u4eba\u4ee5\u4e0a\u8a02\u7968\u53ef\u4eab\u53d7\u6298\u6263\uff0c\u7cfb\u7d71\u5728\u63a5\u53d715\u4eba\u4ee5\u4e0a\u8a02\u7968\u8acb\u6c42\u5f8c\uff0c\u6703\u66ab\u6642\u9396\u5b9a\u5ea7\u4f4d\uff08\u4f8b\u598230\u5206\u9418\uff09\u4ee5\u7b49\u5f85\u8a02\u91d1\u652f\u4ed8\u3002\u4f46\u653b\u64ca\u8005\u767c\u73fe\u7cfb\u7d71\u672a\u5c0d\u8a02\u7968\u6578\u91cf\u6216\u8acb\u6c42\u983b\u7387\u8a2d\u7f6e\u9650\u5236\uff0c\u5229\u7528\u81ea\u52d5\u5316\u8173\u672c\u77ed\u6642\u9593\u5167\u63d0\u4ea4\u5927\u91cf\u8a02\u7968\u8acb\u6c42\uff08\u4f8b\u5982\u591a\u6b21\u9810\u8a0215\u81f350\u500b\u5ea7\u4f4d\uff0c\u7e3d\u8a08\u9396\u5b9a600\u500b\u5ea7\u4f4d\uff09\uff0c\u5f9e\u800c\u5728\u4e0d\u652f\u4ed8\u8a02\u91d1\u7684\u60c5\u6cc1\u4e0b\u5360\u7528\u5ea7\u4f4d\uff0c\u963b\u6b62\u771f\u5be6\u5ba2\u6236\u8cfc\u7968\u3002\u9019\u985e\u653b\u64ca\u6703\u9020\u6210\u7968\u623f\u6536\u5165\u640d\u5931\uff0c\u4e26\u5e72\u64fe\u5be6\u969b\u6d88\u8cbb\u8005\u7684\u8cfc\u7968\u9ad4\u9a57\uff0c\u5c6c\u65bc\u696d\u52d9\u908f\u8f2f\u6f0f\u6d1e\uff08Business Logic Vulnerability\uff09\u7684\u5178\u578b\u6848\u4f8b\u3002<\/p>\n\n\n\n<p>\u66f4\u591a\u6848\u4f8b\u53ef\u53c3\u8003\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Business Logic Vulnerabilities <a href=\"https:\/\/systw.net\/note\/archives\/1516\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/systw.net\/note\/archives\/1516<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">5.Security Misconfiguration<\/h2>\n\n\n\n<p>\u5b89\u5168\u8a2d\u5b9a\u932f\u8aa4\u6db5\u84cb\u7bc4\u570d\u6975\u5ee3\uff0c\u5305\u542b\u61c9\u7528\u7a0b\u5f0f\u5806\u758a\u672a\u9032\u884c\u5f37\u5316\uff08Hardening\uff09\u3001\u96f2\u7aef\u8cc7\u6e90\u6b0a\u9650\u914d\u7f6e\u932f\u8aa4\u3001\u4e0d\u5fc5\u8981\u529f\u80fd\u672a\u505c\u7528\u3001\u9810\u8a2d\u5e33\u865f\u672a\u79fb\u9664\u3001\u932f\u8aa4\u8a0a\u606f\u904e\u5ea6\u8a73\u76e1\u3001\u4f3a\u670d\u5668\u8207\u6846\u67b6\u5b89\u5168\u53c3\u6578\u672a\u6b63\u78ba\u8a2d\u5b9a\u3001\u7f3a\u4e4f\u5b89\u5168\u6a19\u982d\uff08HTTP Security Headers\uff09\u7b49\u3002\u7d44\u7e54\u61c9\u5236\u5b9a\u6a19\u6e96\u5316\u3001\u53ef\u91cd\u8907\u57f7\u884c\u7684\u5b89\u5168\u914d\u7f6e\u6d41\u7a0b\uff0c\u4ee5\u964d\u4f4e\u56e0\u4eba\u70ba\u758f\u5ffd\u800c\u7522\u751f\u7684\u8a2d\u5b9a\u98a8\u96aa\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u6848\u4f8b\uff1a\u904e\u5ea6\u8a73\u76e1\u7684\u932f\u8aa4\u8a0a\u606f\u56de\u61c9 \u2014 \u8cc7\u8a0a\u6d29\u6f0f\u98a8\u96aa<\/h3>\n\n\n\n<p>\u4f3a\u670d\u5668\u8a2d\u5b9a\u4e0d\u7576\uff0c\u4f7f\u5f97\u61c9\u7528\u7a0b\u5f0f\u5728\u7570\u5e38\u767c\u751f\u6642\uff0c\u5c07\u8a73\u7d30\u932f\u8aa4\u8a0a\u606f\uff08\u4f8b\u5982Stack Trace\u3001\u4f3a\u670d\u5668\u7aef\u4f8b\u5916\u8a0a\u606f\uff09\u56de\u50b3\u7d66\u7d42\u7aef\u4f7f\u7528\u8005\u3002\u9019\u4e9b\u932f\u8aa4\u8a0a\u606f\u4e2d\u53ef\u80fd\u5305\u542b\u654f\u611f\u8cc7\u8a0a\uff0c\u4f8b\u5982\u6846\u67b6\u6216\u5143\u4ef6\u7248\u672c\u3001\u8cc7\u6599\u5eab\u9023\u7dda\u5b57\u4e32\u3001\u61c9\u7528\u7a0b\u5f0f\u908f\u8f2f\u7d30\u7bc0\u7b49\uff0c\u8b93\u653b\u64ca\u8005\u80fd\u5920\u9032\u4e00\u6b65\u4e86\u89e3\u7cfb\u7d71\u67b6\u69cb\u8207\u6f5b\u5728\u6f0f\u6d1e\uff0c\u52a0\u901f\u5165\u4fb5\u884c\u52d5\u3002<\/p>\n\n\n\n<p>\u66f4\u591a\u6848\u4f8b\u53ef\u53c3\u8003\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Information disclosure <a href=\"https:\/\/systw.net\/note\/archives\/1310\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/systw.net\/note\/archives\/1310<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">6.Vulnerable and Outdated Components<\/h2>\n\n\n\n<p>\u8a31\u591a\u4f01\u696d\u5c0d\u6240\u4f7f\u7528\u5143\u4ef6\uff08\u542b\u524d\u7aef\u8207\u5f8c\u7aef\uff09\u7684\u7248\u672c\u8207\u4f9d\u8cf4\u95dc\u4fc2\u7f3a\u4e4f\u5b8c\u6574\u638c\u63e1\uff0c\u5c0e\u81f4\u672a\u80fd\u5373\u6642\u5f97\u77e5\u54ea\u4e9b\u5143\u4ef6\u5df2\u4e0d\u518d\u7dad\u8b77\u6216\u5b58\u5728\u5df2\u77e5\u6f0f\u6d1e\u3002\u5b9a\u671f\u9032\u884c\u5143\u4ef6\u6383\u63cf\u3001\u8a02\u95b1\u5b89\u5168\u516c\u544a\u4e26\u5efa\u7acb\u98a8\u96aa\u5c0e\u5411\u7684\u4fee\u88dc\u8207\u5347\u7d1a\u6d41\u7a0b\uff0c\u662f\u89e3\u6c7a\u9019\u985e\u554f\u984c\u7684\u95dc\u9375\u3002\u6b64\u5916\uff0c\u958b\u767c\u968e\u6bb5\u9700\u9a57\u8b49\u5143\u4ef6\u5347\u7d1a\u7684\u76f8\u5bb9\u6027\uff0c\u4ee5\u907f\u514d\u56e0\u5347\u7d1a\u800c\u7522\u751f\u984d\u5916\u98a8\u96aa\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u6848\u4f8b\uff1a\u9ad8\u98a8\u96aa\u6f0f\u6d1e\u5c0e\u81f4\u7cfb\u7d71\u5165\u4fb5<\/h3>\n\n\n\n<p>\u61c9\u7528\u7a0b\u5f0f\u6240\u4f7f\u7528\u7684\u7b2c\u4e09\u65b9\u5143\u4ef6\uff08Components\uff09\uff0c\u901a\u5e38\u6703\u4ee5\u8207\u61c9\u7528\u7a0b\u5f0f\u76f8\u540c\u7684\u6b0a\u9650\u57f7\u884c\u3002\u4e00\u65e6\u9019\u4e9b\u5143\u4ef6\u5b58\u5728\u6f0f\u6d1e\uff0c\u7121\u8ad6\u662f\u958b\u767c\u758f\u5931\uff08\u5982\u7a0b\u5f0f\u932f\u8aa4\uff09\u6216\u60e1\u610f\u690d\u5165\uff08\u5982\u5f8c\u9580\u7a0b\u5f0f\uff09\uff0c\u90fd\u53ef\u80fd\u76f4\u63a5\u5c0e\u81f4\u7cfb\u7d71\u88ab\u5b8c\u5168\u63a7\u5236\uff0c\u9020\u6210\u91cd\u5927\u8cc7\u5b89\u98a8\u96aa\u3002<\/p>\n\n\n\n<p>\u4ee5 <strong>Apache Struts 2 CVE-2017-5638<\/strong> \u70ba\u4f8b\uff0c\u8a72\u6f0f\u6d1e\u70ba\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\uff08Remote Code Execution, RCE\uff09\u6f0f\u6d1e\uff0c\u653b\u64ca\u8005\u50c5\u9700\u900f\u904e\u7cbe\u5fc3\u69cb\u9020\u7684HTTP\u8acb\u6c42\uff0c\u5373\u53ef\u5728\u4f3a\u670d\u5668\u4e0a\u57f7\u884c\u4efb\u610f\u6307\u4ee4\u3002\u8a72\u6f0f\u6d1e\u88ab\u6b78\u548e\u70ba\u591a\u8d77\u5168\u7403\u6027\u8cc7\u5b89\u4e8b\u4ef6\u7684\u4e3b\u8981\u539f\u56e0\uff0c\u986f\u793a\u51fa\u5143\u4ef6\u6f0f\u6d1e\u5e36\u4f86\u7684\u5de8\u5927\u885d\u64ca\u3002<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">7.Identification and Authentication Failures<\/h2>\n\n\n\n<p>\u6b64\u985e\u98a8\u96aa\u6db5\u84cb\u9a57\u8b49\u6d41\u7a0b\u4e2d\u7684\u5404\u7a2e\u7f3a\u9677\uff0c\u5982\u5141\u8a31\u81ea\u52d5\u5316\u653b\u64ca\uff08\u6191\u8b49\u586b\u5145\u3001\u66b4\u529b\u7834\u89e3\uff09\u3001\u4f7f\u7528\u5f31\u5bc6\u78bc\u6216\u9810\u8a2d\u5bc6\u78bc\u3001\u6191\u8b49\u56de\u5fa9\u6a5f\u5236\u8a2d\u8a08\u4e0d\u7576\u3001\u6191\u8b49\u5132\u5b58\u4e0d\u5b89\u5168\uff08\u660e\u6587\u3001\u5f31\u96dc\u6e4a\uff09\u3001\u7f3a\u4e4f\u591a\u56e0\u7d20\u9a57\u8b49\uff08MFA\uff09\u3001\u6703\u8a71\u8b58\u5225\u78bc\u66dd\u9732\u65bcURL\u6216\u91cd\u8907\u4f7f\u7528\u7b49\u3002\u4f01\u696d\u61c9\u63a1\u7528\u6a19\u6e96\u5316\u9a57\u8b49\u6846\u67b6\u3001\u5be6\u65bd\u5f37\u5316\u7684\u5e33\u865f\u5b89\u5168\u653f\u7b56\uff0c\u4e26\u78ba\u4fdd\u6703\u8a71\u7ba1\u7406\u8207\u8eab\u4efd\u9a57\u8b49\u6d41\u7a0b\u5177\u5099\u62b5\u79a6\u653b\u64ca\u7684\u80fd\u529b\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u6848\u4f8b\uff1a\u6191\u8b49\u586b\u5145\u653b\u64ca\uff08Credential Stuffing\uff09\u2014 \u5bc6\u78bc\u9a57\u8b49\u63a2\u6e2c\u5668<\/h3>\n\n\n\n<p>\u6191\u8b49\u586b\u5145\uff08Credential Stuffing\uff09\u662f\u653b\u64ca\u8005\u5229\u7528\u5df2\u6d29\u6f0f\u7684\u5e33\u865f\u5bc6\u78bc\u6e05\u55ae\uff0c\u5c0d\u5176\u4ed6\u7db2\u7ad9\u6216\u61c9\u7528\u7a0b\u5f0f\u9032\u884c\u81ea\u52d5\u5316\u767b\u5165\u5617\u8a66\u7684\u5e38\u898b\u653b\u64ca\u624b\u6cd5\u3002\u82e5\u61c9\u7528\u7a0b\u5f0f\u672a\u5be6\u4f5c\u81ea\u52d5\u5316\u5a01\u8105\u9632\u8b77\uff08\u5982 CAPTCHA\u3001\u4eba\u6a5f\u9a57\u8b49\uff09\u6216\u6191\u8b49\u586b\u5145\u9632\u79a6\u6a5f\u5236\uff0c\u653b\u64ca\u8005\u5373\u53ef\u900f\u904e\u5927\u91cf\u5e33\u865f\u5bc6\u78bc\u7d44\u5408\u9032\u884c\u9a57\u8b49\uff0c\u4e26\u5c07\u61c9\u7528\u7a0b\u5f0f\u4f5c\u70ba\u300c\u5bc6\u78bc\u63a2\u6e2c\u5668\uff08Password Oracle\uff09\u300d\u4f86\u5224\u65b7\u5e33\u5bc6\u662f\u5426\u6709\u6548\uff0c\u9032\u800c\u9020\u6210\u5927\u898f\u6a21\u5e33\u865f\u5165\u4fb5\u4e8b\u4ef6\u3002<\/p>\n\n\n\n<p>\u66f4\u591a\u6848\u4f8b\u53ef\u53c3\u8003\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cracking Password <a href=\"https:\/\/systw.net\/note\/archives\/401\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/systw.net\/note\/archives\/401<\/a><\/li>\n\n\n\n<li>Keeping-logged <a href=\"https:\/\/systw.net\/note\/archives\/1529\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/systw.net\/note\/archives\/1529<\/a><\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">8.Software and Data Integrity Failures<\/h2>\n\n\n\n<p>\u7576\u61c9\u7528\u7a0b\u5f0f\u4ef0\u8cf4\u4f86\u81ea\u4e0d\u53d7\u4fe1\u4efb\u4f86\u6e90\uff08\u5982\u7b2c\u4e09\u65b9\u5957\u4ef6\u5eab\u3001CDN\uff09\u7684\u5143\u4ef6\u3001\u5916\u639b\u6216\u6a21\u7d44\uff0c\u537b\u672a\u9032\u884c\u5b8c\u6574\u6027\u9a57\u8b49\u6642\uff0c\u5373\u66b4\u9732\u65bc\u5b8c\u6574\u6027\u5931\u6548\u98a8\u96aa\u3002\u540c\u6a23\uff0cCI\/CD\u6d41\u7a0b\u4e2d\u82e5\u7f3a\u4e4f\u6b0a\u9650\u63a7\u7ba1\u8207\u7c3d\u7ae0\u9a57\u8b49\uff0c\u4e5f\u53ef\u80fd\u5c0e\u81f4\u60e1\u610f\u7a0b\u5f0f\u88ab\u5f15\u5165\u81f3\u6b63\u5f0f\u74b0\u5883\u3002\u81ea\u52d5\u66f4\u65b0\u6a5f\u5236\u82e5\u7121\u5b8c\u6574\u6027\u9a57\u8b49\uff0c\u4e00\u4f46\u653b\u64ca\u8005\u6ce8\u5165\u60e1\u610f\u66f4\u65b0\uff0c\u672a\u9a57\u8b49\u7684\u97cc\u9ad4\u53ef\u80fd\u88ab\u7be1\u6539\u800c\u4e0d\u88ab\u767c\u73fe\u3002\u4e0d\u5b89\u5168\u7684\u53cd\u5e8f\u5217\u5316\uff08Insecure Deserialization\uff09\u4ea6\u5c6c\u65bc\u6b64\u985e\u7bc4\u7587\uff0c\u56e0\u70ba\u4e0d\u5b89\u5168\u53cd\u5e8f\u5217\u5316\u672c\u8cea\u4e0a\u662f\u4e00\u7a2e\u672a\u9a57\u8b49\u6578\u64da\u5b8c\u6574\u6027\u7684\u5931\u6557\uff0c\u53ef\u80fd\u5c0e\u81f4\u653b\u64ca\u8005\u7be1\u6539\u6216\u6ce8\u5165\u60e1\u610f\u6578\u64da\u3002\u3002<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong><strong>\u6848\u4f8b<\/strong><\/strong>1\uff1a\u672a\u9a57\u8b49\u7c3d\u7ae0\u7684\u66f4\u65b0\u6a5f\u5236\uff08Unsigned Firmware Updates\uff09<\/h3>\n\n\n\n<p>\u8a31\u591a\u5bb6\u7528\u8def\u7531\u5668\u3001\u6a5f\u4e0a\u76d2\u3001\u7269\u806f\u7db2\u8a2d\u5099\u7b49\u7522\u54c1\uff0c\u97cc\u9ad4\u66f4\u65b0\u6642\u4e26\u672a\u9032\u884c\u7c3d\u7ae0\u9a57\u8b49\uff08Firmware Signing Verification\uff09\u3002\u9019\u985e\u8a2d\u5099\u7f3a\u4e4f\u6578\u4f4d\u7c3d\u7ae0\u6aa2\u67e5\u6a5f\u5236\uff0c\u4f7f\u653b\u64ca\u8005\u80fd\u8f15\u6613\u5c07\u60e1\u610f\u97cc\u9ad4\uff08Malicious Firmware\uff09\u690d\u5165\u8a2d\u5099\u4e2d\uff0c\u9020\u6210\u5f8c\u9580\u3001\u8cc7\u6599\u7aca\u53d6\u6216\u9060\u7aef\u63a7\u5236\u7684\u98a8\u96aa\u3002\u66f4\u56b4\u91cd\u7684\u662f\uff0c\u8a31\u591a\u8a2d\u5099\u4e26\u6c92\u6709\u91dd\u5c0d\u97cc\u9ad4\u5b8c\u6574\u6027\u7684\u5373\u6642\u4fee\u88dc\u6a5f\u5236\uff0c\u50c5\u80fd\u900f\u904e\u767c\u5e03\u65b0\u7248\u97cc\u9ad4\u9032\u884c\u4fee\u6b63\uff0c\u5c0e\u81f4\u5148\u524d\u7248\u672c\u5728\u5e02\u5834\u4e0a\u9577\u671f\u8655\u65bc\u7121\u6cd5\u6709\u6548\u4fee\u88dc\u7684\u9ad8\u98a8\u96aa\u72c0\u614b\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u6848\u4f8b2\uff1aSolarWinds \u60e1\u610f\u66f4\u65b0\u4e8b\u4ef6 \u2014 \u4f9b\u61c9\u93c8\u653b\u64ca\u7d93\u5178\u6848\u4f8b<\/h3>\n\n\n\n<p>\u4f9b\u61c9\u93c8\u653b\u64ca\uff08Supply Chain Attack\uff09\u4e26\u975e\u65b0\u8208\u624b\u6cd5\uff0c\u4f46 SolarWinds Orion \u60e1\u610f\u66f4\u65b0\u4e8b\u4ef6\u582a\u7a31\u53f2\u4e0a\u6700\u5177\u7834\u58de\u529b\u7684\u653b\u64ca\u4e4b\u4e00\u3002\u653b\u64ca\u8005\u9396\u5b9a SolarWinds \u9019\u5bb6\u77e5\u540d IT \u7ba1\u7406\u8edf\u9ad4\u5ee0\u5546\uff0c\u6210\u529f\u6ef2\u900f\u5176\u5b89\u5168\u7684\u8edf\u9ad4\u5efa\u7f6e\u8207\u66f4\u65b0\u767c\u4f48\u6d41\u7a0b\uff0c\u5c07\u7cbe\u5fc3\u6253\u9020\u7684\u60e1\u610f\u7a0b\u5f0f\u78bc\u690d\u5165\u66f4\u65b0\u6a94\u6848\u4e2d\u3002\u8a72\u60e1\u610f\u66f4\u65b0\u88ab\u8d85\u904e 18,000 \u5bb6\u7d44\u7e54 \u5b89\u88dd\uff0c\u96d6\u7136\u5be6\u969b\u53d7\u5bb3\u7684\u7d04\u6709 100 \u5bb6\u5de6\u53f3\uff0c\u4f46\u5f71\u97ff\u5c64\u9762\u6db5\u84cb\u653f\u5e9c\u6a5f\u95dc\u3001\u570b\u9632\u7522\u696d\u8207\u5927\u578b\u4f01\u696d\uff0c\u986f\u793a\u5373\u4f7f\u662f\u5177\u5099\u5b8c\u6574\u66f4\u65b0\u9a57\u8b49\u6a5f\u5236\u7684\u5ee0\u5546\uff0c\u4ecd\u53ef\u80fd\u906d\u53d7\u4f9b\u61c9\u93c8\u653b\u64ca\u6240\u5e36\u4f86\u7684\u707d\u96e3\u6027\u5f8c\u679c\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u6848\u4f8b3\uff1a\u4e0d\u5b89\u5168\u53cd\u5e8f\u5217\u5316\uff08Insecure Deserialization\uff09\u5c0e\u81f4\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c<\/h3>\n\n\n\n<p>\u67d0\u61c9\u7528\u7cfb\u7d71\u63a1\u7528 React \u524d\u7aef\u642d\u914d Spring Boot \u5fae\u670d\u52d9\u67b6\u69cb\u3002\u70ba\u4e86\u7dad\u6301\u61c9\u7528\u72c0\u614b\u7684\u300c\u4e0d\u53ef\u8b8a\u6027\uff08Immutability\uff09\u300d\uff0c\u958b\u767c\u5718\u968a\u9078\u64c7\u5c07\u4f7f\u7528\u8005\u72c0\u614b\u7269\u4ef6\u9032\u884c\u5e8f\u5217\u5316\uff08Serialization\uff09\uff0c\u4e26\u65bc\u6bcf\u6b21\u8acb\u6c42\u6642\u50b3\u905e\u65bc\u524d\u5f8c\u7aef\u4e4b\u9593\u3002\u653b\u64ca\u8005\u5728\u5206\u6790\u8acb\u6c42\u6642\uff0c\u767c\u73fe\u53c3\u6578\u4e2d\u5305\u542b <strong>\u201c<\/strong>rO0<strong>\u201d<\/strong> \u9019\u985e Java \u7269\u4ef6\u5e8f\u5217\u5316\u7279\u5fb5\uff08Base64\u7de8\u78bc\uff09\u3002\u5229\u7528\u5df2\u77e5\u5de5\u5177 Java Serial Killer\uff0c\u653b\u64ca\u8005\u6210\u529f\u5c07\u60e1\u610f Payload \u53cd\u5e8f\u5217\u5316\u81f3\u4f3a\u670d\u5668\u8a18\u61b6\u9ad4\u4e2d\uff0c\u9032\u800c\u57f7\u884c\u4efb\u610f\u6307\u4ee4\uff08Remote Code Execution, RCE\uff09\uff0c\u53d6\u5f97\u4f3a\u670d\u5668\u63a7\u5236\u6b0a\u9650\u3002<\/p>\n\n\n\n<p>\u66f4\u591a\u6848\u4f8b\u53ef\u53c3\u8003\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u5e38\u898b\u7684\u53cd\u5e8f\u5217\u5316\u653b\u64ca\u624b\u6cd5 <a href=\"https:\/\/systw.net\/note\/archives\/1164\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/systw.net\/note\/archives\/1164<\/a><\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">9.Security Logging and Monitoring Failures<\/h2>\n\n\n\n<p>\u82e5\u7121\u6cd5\u5373\u6642\u76e3\u6e2c\u8207\u8a18\u9304\u95dc\u9375\u4e8b\u4ef6\uff08\u5982\u767b\u5165\u3001\u7570\u5e38\u4ea4\u6613\u3001\u932f\u8aa4\u8b66\u544a\uff09\uff0c\u5c07\u4f7f\u7d44\u7e54\u7121\u6cd5\u6709\u6548\u5075\u6e2c\u8207\u61c9\u5c0d\u5165\u4fb5\u884c\u52d5\u3002\u5e38\u898b\u554f\u984c\u5305\u62ec\u672a\u8a18\u9304\u91cd\u8981\u4e8b\u4ef6\u3001\u65e5\u8a8c\u7d00\u9304\u4e0d\u5b8c\u6574\u6216\u904e\u65bc\u6a21\u7cca\u3001\u7f3a\u4e4f\u7570\u5e38\u884c\u70ba\u76e3\u6e2c\u6a5f\u5236\u3001\u65e5\u8a8c\u50c5\u5132\u5b58\u65bc\u672c\u5730\u3001\u7121\u6709\u6548\u544a\u8b66\u8207\u61c9\u8b8a\u7a0b\u5e8f\u7b49\u3002\u4f01\u696d\u61c9\u5c07\u65e5\u8a8c\u8207\u76e3\u63a7\u7d0d\u5165\u5b89\u5168\u67b6\u69cb\u6838\u5fc3\uff0c\u4e26\u78ba\u4fdd\u6ef2\u900f\u6e2c\u8a66\u8207DAST\u6383\u63cf\u80fd\u89f8\u767c\u76f8\u61c9\u544a\u8b66\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u6848\u4f8b\uff1a\u7f3a\u4e4f\u76e3\u63a7\u8207\u65e5\u8a8c\u8a18\u9304\u5c0e\u81f4\u9577\u671f\u672a\u5075\u6e2c\u7684\u8cc7\u6599\u5916\u6d29\u4e8b\u4ef6<\/h3>\n\n\n\n<p>\u67d0\u5152\u7ae5\u5065\u5eb7\u4fdd\u96aa\u7db2\u7ad9\u56e0\u672a\u5be6\u65bd\u6709\u6548\u7684\u76e3\u63a7\u8207\u65e5\u8a8c\u8a18\u9304\u6a5f\u5236\uff0c\u5c0e\u81f4\u8cc7\u5b89\u4e8b\u4ef6\u9577\u671f\u672a\u88ab\u767c\u73fe\u3002\u8a72\u4e8b\u4ef6\u6700\u7d42\u662f\u7531\u7b2c\u4e09\u65b9\u5916\u90e8\u901a\u5831\u624d\u5f97\u77e5\uff0c\u653b\u64ca\u8005\u5df2\u6210\u529f\u5165\u4fb5\u4e26\u7ac4\u6539\u4e86\u8d85\u904e 350 \u842c\u540d\u5152\u7ae5\u7684\u654f\u611f\u5065\u5eb7\u8cc7\u6599\u3002\u4e8b\u4ef6\u5f8c\u7684\u8cc7\u5b89\u8abf\u67e5\u986f\u793a\uff0c\u7db2\u7ad9\u958b\u767c\u5718\u968a\u672a\u91dd\u5c0d\u95dc\u9375\u6027\u6f0f\u6d1e\u9032\u884c\u4fee\u88dc\uff0c\u7cfb\u7d71\u66f4\u672a\u6709\u65e5\u8a8c\u8a18\u9304\u6216\u7570\u5e38\u884c\u70ba\u76e3\u6e2c\uff0c\u63a8\u6e2c\u8cc7\u6599\u5916\u6d29\u53ef\u80fd\u5df2\u5f9e 2013 \u5e74\u6301\u7e8c\u9032\u884c\u8d85\u904e\u4e03\u5e74\uff0c\u624d\u7d42\u65bc\u88ab\u63ed\u9732\u3002<\/p>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-dots\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">10.Server-Side Request Forgery(SSRF)<\/h2>\n\n\n\n<p>\u7576\u61c9\u7528\u7a0b\u5f0f\u5141\u8a31\u4f7f\u7528\u8005\u6307\u5b9aURL\u4e26\u7531\u4f3a\u670d\u5668\u7aef\u767c\u8d77\u8acb\u6c42\uff0c\u537b\u672a\u5c0d\u8a72URL\u9032\u884c\u56b4\u683c\u9a57\u8b49\u8207\u904e\u6ffe\u6642\uff0c\u4fbf\u53ef\u80fd\u88ab\u653b\u64ca\u8005\u5229\u7528\u9032\u884cSSRF\u653b\u64ca\u3002\u653b\u64ca\u8005\u53ef\u85c9\u6b64\u7e5e\u904e\u9632\u706b\u7246\u6216\u5167\u90e8\u7db2\u8defACL\uff0c\u5c0d\u5167\u90e8\u8cc7\u6e90\u9032\u884c\u6383\u63cf\u3001\u5b58\u53d6\u96f2\u7aef\u5143\u6578\u64da\u670d\u52d9\uff0c\u751a\u81f3\u89f8\u767c\u5f8c\u7e8c\u8907\u5408\u5f0f\u653b\u64ca\u3002\u96a8\u8457\u96f2\u7aef\u67b6\u69cb\u8207\u5fae\u670d\u52d9\u7684\u666e\u53ca\uff0cSSRF\u7684\u56b4\u91cd\u6027\u8207\u5f71\u97ff\u5c64\u7d1a\u4ea6\u65e5\u76ca\u63d0\u5347\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u6848\u4f8b\uff1a\u5c0d\u5167\u90e8\u4f3a\u670d\u5668\u9032\u884c Port Scanning<\/h3>\n\n\n\n<p>\u82e5\u4f01\u696d\u5167\u90e8\u7db2\u8def\u67b6\u69cb\u672a\u9032\u884c\u6709\u6548\u5340\u9694\uff0c\u653b\u64ca\u8005\u53ef\u5229\u7528 SSRF \u9032\u884c\u6a6b\u5411\u79fb\u52d5\uff0c\u767c\u9001\u91dd\u5c0d\u5167\u90e8\u4f3a\u670d\u5668\u7684\u9023\u7dda\u8acb\u6c42\uff0c\u4ee5\u78ba\u8a8d\u7279\u5b9a Port \u662f\u5426\u958b\u555f\u6216\u5c01\u9396\u3002\u653b\u64ca\u8005\u53ef\u900f\u904e\u9023\u7dda\u7d50\u679c\u6216\u8acb\u6c42\u56de\u61c9\u6642\u9593\u7684\u5dee\u7570\uff0c\u9032\u4e00\u6b65\u63cf\u7e6a\u51fa\u5167\u90e8\u7db2\u8def\u62d3\u64b2\u5716\uff0c\u9054\u5230\u5167\u7db2\u5075\u5bdf\uff08Internal Reconnaissance\uff09\u7684\u76ee\u7684\u3002<\/p>\n\n\n\n<p>\u66f4\u591a\u6848\u4f8b\u53ef\u53c3\u8003\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SSRF <a href=\"https:\/\/systw.net\/note\/archives\/235\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/systw.net\/note\/archives\/235<\/a><\/li>\n<\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>OWASP Top 10\u662f\u4e00\u4efd\u7531\u958b\u653e\u5f0f\u7db2\u8def\u61c9\u7528\u5b89\u5168\u8a08\u756b\u5236\u5b9a\u7684\u7db2\u8def\u61c9\u7528\u7a0b\u5f0f\u5b89\u5168\u98a8\u96aa\u6e05\u55ae\uff0c\u6db5\u84cb\u5b58\u53d6\u63a7\u5236\u5931\u6548\u3001\u52a0\u5bc6\u5931\u6548\u3001\u6ce8\u5165\u653b\u64ca\u7b49\u5341\u7a2e\u4e3b\u8981\u98a8\u96aa\uff0c\u4e26\u57fa\u65bc\u5168\u7403\u653b\u64ca\u6578\u64da\u8207\u793e\u7fa4\u8abf\u67e5\u9032\u884c\u6392\u5e8f\uff0c\u65e8\u5728\u63d0\u9ad8\u5b89\u5168\u610f\u8b58\u8207\u9632\u8b77\u63aa\u65bd\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[39],"tags":[],"class_list":["post-2483","post","type-post","status-publish","format-standard","hentry","category-concept"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/2483","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=2483"}],"version-history":[{"count":6,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/2483\/revisions"}],"predecessor-version":[{"id":2839,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/2483\/revisions\/2839"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=2483"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=2483"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=2483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}