Code Yotetezedwa Wiki: Tsamba lokhala ndi njira zabwino zolembetsera

Code Yotetezedwa Wiki: Tsamba lokhala ndi njira zabwino zolembetsera

Pofuna kupititsa patsogolo Chidziwitso ndi Maphunziro, ndi Sayansi ndi ukadaulo Mwambiri, nthawi zonse kwakhala kofunikira kwambiri kukhazikitsa kwa zochita zabwino komanso zothandiza, miyeso kapena malingaliro (Makhalidwe abwino) kukwaniritsa cholinga chachikulu cha, kubweretsa zipatso zochitika zilizonse kapena njira iliyonse.

Ndipo a Mapulogalamu kapena Kupanga mapulogalamu Monga ntchito ina iliyonse ya IT ndi akatswiri, ili ndi yake "Makhalidwe abwino" yolumikizidwa ndi magawo ambiri, makamaka omwe akukhudzana ndi Kutetezeka za mapulogalamu omwe amapangidwa. Ndipo mu positiyi tiwonetsa zina «Zochita Zabwino Zotetezedwa », kuchokera patsamba losangalatsa komanso lothandiza lotchedwa "Wifi Code Wiki", zambiri za Madera Otukuka mfulu ndi lotseguka, ngati lachinsinsi komanso lotsekedwa.

Ma layisensi opangira Free and Open Software: Makhalidwe abwino

Tisanalowe nawo pamutuwu, mwachizolowezi, tidzasiya maulalo ena azofalitsa zammbuyomu zokhudzana ndi mutu wa «Zochita Zabwino Pakukonzekera Mapulogalamu kapena Mapulogalamu a Mapulogalamu ».

"… Makhalidwe abwino adakhazikitsidwa ndikufalitsidwa ndi "Code for Development Initiative" a Inter-American Development Bank, pamlingo wa Mapulogalamu Amalayisensi, zomwe ziyenera kutengedwa popanga mapulogalamu (zida zamagetsi), makamaka zaulere komanso zotseguka." Ma layisensi opangira Free and Open Software: Makhalidwe abwino

Nkhani yowonjezera:

Ma layisensi opangira Free and Open Software: Makhalidwe abwino

Nkhani yowonjezera:

Luso Laluso: Njira zabwino pakupanga Free Software

Nkhani yowonjezera:

Njira zabwino zopangira Mapulogalamu aulere ndi otseguka: Zolemba

Wotetezedwa Wiki: Njira Zabwino Zotetezera

Kodi Wiki Code Wiki ndi Chiyani?

Monga ake Website:

"Secure Code Wiki ndichimake cha machitidwe otetezedwa otetezedwa azilankhulo zosiyanasiyana."

Ndipo ndinu zabwino ndi tsamba la webusayiti ya "Wifi Code Wiki" adapangidwa ndikusamalidwa ndi bungwe laku India lotchedwa Payatus.

Zitsanzo za Zochita Zabwino mwa mitundu ya Zinenero Zamapulogalamu

Popeza webusaitiyi ili mchingerezi, tiwonetsa zina zitsanzo zamakalata otetezeka zosiyanasiyana zinenero zolumikiza, zina zaulere ndi zotseguka, ndipo zina zachinsinsi komanso zotsekedwa, zoperekedwa ndi webusayiti iyi fufuzani kuthekera ndi mtundu wazomwe zili yodzaza.

Kuphatikiza apo, ndikofunikira kuwunikira izi Makhalidwe abwino kuwonetsedwa pa Madera Otukuka zotsatirazi:

• .NET
• Java
• Java Kwa Android
• Kotlin
• NodeJS
• Cholinga C
• Php
• Python
• Ruby
• Swift
• WordPress

Iwo agawidwa m'magulu otsatirawa a Ziyankhulo Zadesi:

• A1 - jekeseni (Jekeseni)
• A2 - Kutsimikizira kwasweka (Kutsimikizika Kosweka)
• A3 - Kuwonetsedwa kwachinsinsi (Zowonetsa Zambiri)
• A4 - Mabungwe Akunja a XML (Zinthu Zakunja za XML / XXE)
• A5 - Kuwongolera kolakwika kolakwika (Broken Access Control)
• A6 - Kusintha kwachitetezo (Zosintha Zachitetezo)
• A7 - Cross Site malembedwe (Cross Site Scripting / XSS)
• A8 - Kutaya mtima mosatetezeka (Kutetezeka Kosasunthika)
• A9 - Kugwiritsa ntchito zinthu zomwe zimakhala zovuta (Kugwiritsa Ntchito Zida Zomwe Zili Ndi Vuto Lodziwika)
• A10 - Kulembetsa ndi kuyang'anira kosakwanira (Kusakwanira Kudula mitengo & Kuwunika)

Komanso agawika m'magulu otsatirawa a Ziyankhulo Zam'manja:

• M1 - Kugwiritsa ntchito nsanja molakwika (Kugwiritsa Ntchito Malo Osayenera)
• M2 - Kusungira zosatetezeka (Kusatetezeka Kwosungira Zambiri)
• M3 - Kuyankhulana kosatetezeka (Kuyankhulana Kosatetezeka)
• M4 - Kutsimikizika kosatetezeka (Kutsimikizika Kosatetezeka)
• M5 - Kulemba kosakwanira (Zosakwanira Kubisa)
• M6 - Chilolezo Chosatetezeka (Chilolezo Chosatetezeka)
• M7 - Makasitomala amakhalidwe abwino (Makhalidwe a Makasitomala)
• M8 - Kugwiritsa ntchito ma code (Kusokoneza Code)
• M9 - Zosintha Zosintha (Zosintha Zomangamanga)
• M10 - Ntchito zachilendo (Zowonjezera Kugwira Ntchito)

Chitsanzo 1: .Net (A1- Jekeseni)

Kugwiritsa ntchito njira yachibale (ORM) kapena njira zosungidwa ndiyo njira yabwino kwambiri yolimbana ndi chiopsezo cha jakisoni wa SQL.

Chitsanzo 2: Java (A2 - Kutsimikizika kwathyoledwa)

Pomwe zingatheke, tsatirani kutsimikizika kwa zinthu zingapo kuti muteteze makina, zodzikongoletsera, nkhanza, ndikugwiritsanso ntchito ziwopsezo zakuba.

Chitsanzo 3: Java Kwa Android (M3 - Kuyankhulana Kosatetezeka)

Ndikofunikira kugwiritsa ntchito SSL / TLS pama njira oyendera omwe amagwiritsidwa ntchito ndi mafoni kuti apereke chidziwitso chazovuta, ziwonetsero zamgawo kapena zina zamtundu wina ku API ya backend kapena ntchito yapaintaneti.

Chitsanzo 4: Kotlin (M4 - Kutsimikizika Kosatetezeka)

Pewani njira zofooka

Chitsanzo 5: NodeJS (A5 - Bad Access Control)

Kuwongolera kwachitsanzo kuyenera kutsimikizira umwini wa zolembedwazo, m'malo mololeza wogwiritsa ntchito kupanga, kuwerenga, kusintha, kapena kufufuta chilichonse.

Chitsanzo 6: Cholinga C (M6 - Authorization insecure)

Mapulogalamu akuyenera kupewa kugwiritsa ntchito manambala osazindikirika ngati chizindikiritso.

Chitsanzo 7: PHP (A7 - Cross Site Scripting)

Encode zilembo zonse zapadera pogwiritsa ntchito htmlspecialchars () kapena htmlentities () [ngati ili mkati mwa ma html tag].

Chitsanzo 8: Python (A8 - Kutayika Kosatetezeka)

Chosankhira ndi jsonpickle gawo sichabwino, osachigwiritsa ntchito kutaya deta yosadalirika.

Chitsanzo 9: Python (A9 - Kugwiritsa Ntchito Zida Zomwe Zili Ndi Vuto Lodziwika)

Kuthamangitsani ntchito ndi wogwiritsa ntchito mwayi wochepa

Chitsanzo 10: Swift (M10 - Strange magwiridwe)

Chotsani magwiridwe antchito akunja kapena njira zina zachitetezo chamkati zomwe sizikufuna kuti zizitulutsidwa m'malo opangira.

Chitsanzo 11: WordPress (XML-RPC Disable)

XML-RPC ndichinthu cha WordPress chomwe chimalola kusamutsa deta pakati pa WordPress ndi machitidwe ena. Lero lakhala likulowezedwa ndi REST API, koma imaphatikizidwabe muzokhazikitsira kugwirizananso kumbuyo. Ngati athandizidwa mu WordPress, wowukira amatha kuchita zankhanza, pingback (SSRF), pakati pa ena.

Pomaliza

Tikukhulupirira izi "positi yaying'ono yothandiza" za webusayiti yotchedwa «Secure Code Wiki», yomwe imapereka zinthu zamtengo wapatali zokhudzana ndi «Zochita Zabwino Zotetezedwa »; ndichofunika kwambiri komanso chothandiza, chonsecho «Comunidad de Software Libre y Código Abierto» ndikuthandizira pakufalitsa zachilengedwe, zazikulu komanso zokula zomwe zikugwiritsidwa ntchito «GNU/Linux».

Pakadali pano, ngati mumakonda izi publicación, Osayima gawani ndi ena, mumawebusayiti omwe mumawakonda, mayendedwe, magulu kapena magulu azamawebusayiti kapena makina amtokoma, makamaka aulere, otseguka komanso / kapena otetezeka monga uthengawo, Chizindikiro, Matimoni kapena ina ya Kusintha, makamaka.

Ndipo kumbukirani kuchezera tsamba lathu kunyumba «KuchokeraLinux» kuti muwone zambiri, komanso kujowina njira yathu yovomerezeka ya Telegalamu yochokera ku DesdeLinux. Pomwe, kuti mumve zambiri, mutha kuchezera aliyense Laibulale ya pa intaneti Como OpenLibra y kodi, kupeza ndi kuwerenga mabuku a digito (ma PDF) pamutuwu kapena ena.