I-Secure Code Wiki: Iwebhu yemikhuba emihle yokufaka amakhodi evikelekile
Ukuze kuthuthukiswe Ulwazi Nemfundokanye Isayensi nobuchwepheshe Ngokuvamile, bekulokhu kubaluleke kakhulu ukuqaliswa kokusetshenziswa kwe- izenzo ezingcono neziphumelelayo, izinyathelo noma izincomo (Imikhuba emihle) ukufeza inhloso enkulu yoku, letha izithelo noma yimuphi umsebenzi noma inqubo.
Futhi i Ukuhlela noma i Ukuthuthukiswa kweSoftware Njenganoma yimuphi omunye umsebenzi wobungcweti ne-IT, unowawo "Imikhuba emihle" kuhlotshaniswa nemikhakha eminingi, ikakhulukazi leyo ehlobene ne- Ukuphepha kwe-cyber kwemikhiqizo yesoftware ekhiqizwayo. Futhi kulokhu okuthunyelwe sizokwethula ezinye «Imikhuba Emihle Yokufaka Amakhodi », kusuka kuwebhusayithi ethakazelisayo newusizo ebizwa ngokuthi "Ikhodi evikelekile ye-Wiki", okuningi mayelana Amapulatifomu entuthuko ikhululekile futhi ivulekile, njengeyimfihlo futhi ivaliwe.
Amalayisense okuthuthukisa iFree and Open Software: Imikhuba emihle
Ngaphambi kokungena esihlokweni, njengenjwayelo, sizoshiya ngokuhamba kwesikhathi ezinye izixhumanisi zokushicilelwa kwangaphambilini ezihlobene nesihloko se- «Imikhuba Emihle Ekuhlelweni noma Ekuthuthukisweni Kwesoftware ».
"… Imikhuba emihle yakhulelwa futhi yasatshalaliswa yi "Code for Development Initiative" we-Inter-American Development Bank, ngokwesilinganiso se- Isoftware Yelayisense, okumele ithathwe lapho kwenziwa imikhiqizo yesoftware (amathuluzi edijithali), ikakhulukazi mahhala futhi evulekile." Amalayisense okuthuthukisa iFree and Open Software: Imikhuba emihle
Inkomba
- 1 Ikhodi Ephephile Wiki: Imikhuba Emihle Yokufaka Amakhodi
- 1.1 Yini i-Secure Code Wiki?
- 1.2 Izibonelo Zokwenza Okuhle ngezinhlobo Zezilimi Zokuhlela
- 1.2.1 Isibonelo 1: .Net (A1- Injection)
- 1.2.2 Isibonelo 2: Java (A2 - Ukufakazela ubuqiniso kwephukile)
- 1.2.3 Isibonelo 3: Java Ye-Android (M3 - Ukuxhumana Okungaphephile)
- 1.2.4 Isibonelo 4: IKotlin (M4 - Ukugunyaza Ukungavikeleki)
- 1.2.5 Isibonelo 5: NodeJS (A5 - Bad Access Control)
- 1.2.6 Isibonelo 6: Inhloso C (M6 - Ukugunyazwa ukungavikeleki)
- 1.2.7 Isibonelo 7: PHP (A7 - Cross Site Scripting)
- 1.2.8 Isibonelo 8: I-Python (A8 - Desourceization Engaphephile)
- 1.2.9 Isibonelo 9: I-Python (A9 - Kusetshenziswa Izinto Ezihlanganisiwe ezinezingozi Ezaziwayo)
- 1.2.10 Isibonelo 10: Swift (M10 - Strange ukusebenza)
- 1.2.11 Isibonelo 11: WordPress (XML-RPC Khubaza)
- 2 Isiphetho
Ikhodi Ephephile Wiki: Imikhuba Emihle Yokufaka Amakhodi
Yini i-Secure Code Wiki?
Njengoba umbhalo wayo usho iwebhusayithi:
"I-Secure Code Wiki ingumvuthwandaba wemikhuba ephephile yokufaka amakhodi ezilimini ezahlukahlukene."
Futhi ukhona imikhuba emihle kanye newebhusayithi ye "Ikhodi evikelekile ye-Wiki" zenziwe futhi zagcinwa yinhlangano yamaNdiya ebizwa I-Payatu.
Izibonelo Zokwenza Okuhle ngezinhlobo Zezilimi Zokuhlela
Njengoba, iwebhusayithi ibhalwe ngesiNgisi, sizobonisa ezinye izibonelo zokubhala ngekhodi okuphephile mayelana ahlukahlukene izilimi zokuhlela, okunye kumahhala futhi kuvulekile, kanti okunye kuyimfihlo futhi kuvaliwe, okunikezwa yile webhusayithi hlola amandla nekhwalithi yokuqukethwe kulayishiwe.
Ngaphezu kwalokho, kubalulekile ukukugqamisa lokho Imikhuba emihle kukhonjiswe kufayela le- Amapulatifomu entuthuko okulandelayo:
- .NET
- Java
- I-Java Ye-Android
- Kotlin
- I-NodeJS
- Inhloso C
- PHP
- Python
- Ruby
- Swift
- WordPress
Zihlukaniswe ngezigaba ezilandelayo zezilimi zedeskithophu:
- A1 - Ukujova (Ukujova)
- I-A2 - Ukufakazela ubuqiniso kwephuliwe (Ubuqiniso obuphukile)
- A3 - Ukuvezwa kwedatha ebucayi (Ukuzwela Kwedatha Ebucayi)
- Ama-A4 - Amabhizinisi Wangaphandle we-XML (Amabhizinisi wangaphandle weXML / XXE)
- I-A5 - Ukulawulwa kokufinyelela okuyiphutha (Ukulawula Ukufinyelela Okuphukile)
- I-A6 - Ukulungiswa kabusha kokuphepha (Ukungaguquguquki Kwezokuphepha)
- I-A7 - Isikripthi Sendawo Ebhaliwe (Isiphambano Sesayithi / I-XSS)
- I-A8 - Ukwehliswa kwesithunzi ngokungavikeleki (Ukwehliswa kwesithunzi okungavikelekile)
- A9 - Ukusetshenziswa kwezakhi ezinobungozi obaziwayo (Kusetshenziswa Izingxenye Ezinobungozi Obaziwayo)
- A10 - Ukubhaliswa okungafanele nokwenganyelwa (Ukungena okunganele nokuqapha)
Futhi ihlukaniswe ngezigaba ezilandelayo zezilimi ezihambayo:
- I-M1 - Ukusetshenziswa okungalungile kwepulatifomu (Ukusetshenziswa Kwepulatifomu Okungalungile)
- I-M2 - Isitoreji sedatha engavikelekile (Isitoreji Sedatha Engavikelekile)
- M3 - Ukuxhumana okungaphephile (Ukuxhumana Okungaphephile)
- I-M4 - Ukuqinisekiswa okungavikelekile (Ukugunyaza okungavikelekile)
- I-M5 - i-cryptography enganele (I-Cryptography Enganele)
- M6 - Ukugunyazwa okungaphephile (Ukugunyazwa Kokuphepha)
- I-M7 - Ikhwalithi yekhodi yekhasimende (Ikhwalithi yekhodi yeklayenti)
- M8 - Ukukhwabanisa kwekhodi (Ukuphazamisa ikhodi)
- I-M9 - Reverse Engineering (Reverse Engineering)
- I-M10 - Ukusebenza okungajwayelekile (Ukusebenza okungaphandle)
Isibonelo 1: .Net (A1- Injection)
Kusetshenziswa imephu yento ehlobene (i-ORM) noma izinqubo ezigciniwe kuyindlela ephumelela kunazo zonke yokulwisana nobungozi bomjovo we-SQL.
Isibonelo 2: Java (A2 - Ukufakazela ubuqiniso kwephukile)
Noma kunini lapho kungenzeka khona, sebenzisa ubuqiniso bezinto eziningi ukuvimbela ukuzenzakalela, ukugxilwa kokuqinisekisa, amandla angenangqondo, nokusetshenziswa kabusha kwemininingwane eyebiwe.
Isibonelo 3: Java Ye-Android (M3 - Ukuxhumana Okungaphephile)
Kubalulekile ukufaka i-SSL / TLS eziteshini zezokuthutha ezisetshenziswa uhlelo lokusebenza lweselula ukudlulisa imininingwane ebucayi, amathokheni weseshini noma enye idatha ebucayi kwi-API ebuyela emuva noma isevisi yewebhu.
Isibonelo 4: IKotlin (M4 - Ukugunyaza Ukungavikeleki)
Gwema amaphethini abuthakathaka
Isibonelo 5: NodeJS (A5 - Bad Access Control)
Izilawuli zokufinyelela zemodeli kufanele ziphoqelele ubunikazi bamarekhodi, kunokuvumela umsebenzisi ukuthi adale, afunde, abuyekeze noma asuse noma yiliphi irekhodi.
Isibonelo 6: Inhloso C (M6 - Ukugunyazwa ukungavikeleki)
Izinhlelo zokusebenza kufanele zigweme ukusebenzisa izinombolo eziqagelwayo njengesithenjwa esikhombayo.
Isibonelo 7: PHP (A7 - Cross Site Scripting)
Faka ikhodi zonke izinhlamvu ezikhethekile usebenzisa i-htmlspecialchars () noma i-htmlentities () [uma kungaphakathi kwamathegi we-html].
Isibonelo 8: I-Python (A8 - Desourceization Engaphephile)
Imodyuli ye-pickle ne-jsonpickle ayiphephile, ungalokothi uyisebenzisele ukwesula idatha engathenjiwe.
Isibonelo 9: I-Python (A9 - Kusetshenziswa Izinto Ezihlanganisiwe ezinezingozi Ezaziwayo)
Qalisa uhlelo lokusebenza ngomsebenzisi onelungelo elincane
Isibonelo 10: Swift (M10 - Strange ukusebenza)
Susa ukusebenza kwangaphakathi okufihliwe noma ezinye izilawuli zokuphepha zangaphakathi zentuthuko ezingahloselwe ukukhishwa endaweni yokukhiqiza.
Isibonelo 11: WordPress (XML-RPC Khubaza)
I-XML-RPC isici se-WordPress esivumela ukudluliswa kwedatha phakathi kwe-WordPress nezinye izinhlelo. Namuhla ithathelwe indawo yi-REST API, kepha isafakiwe ekufakweni kokuhambisana nokubuyela emuva. Uma inikwe amandla ku-WordPress, umhlaseli angenza ukuhlukunyezwa, ukuhlaselwa kwe-pingback (SSRF), phakathi kwabanye.
Isiphetho
Siyethemba lokhu "okuthunyelwe okuwusizo okuncane" mayelana newebhusayithi ebizwa «Secure Code Wiki»
, enikeza okuqukethwe okubalulekile okuhlobene ne- «Imikhuba Emihle Yokufaka Amakhodi »; inentshisekelo enkulu futhi iyasiza, kuyo yonke «Comunidad de Software Libre y Código Abierto»
kanye negalelo elikhulu ekusabalalisweni kwemvelo emangalisayo, enkulu futhi ekhulayo yezicelo ze «GNU/Linux»
.
Okwamanje, uma ukuthandile lokhu publicación
, Ungami yabelana ngayo nabanye, kumawebhusayithi wakho owathandayo, iziteshi, amaqembu noma imiphakathi yokuxhumana nabantu noma amasistimu wokuthumela imiyalezo, okungcono mahhala, okuvulekile kanye / noma okuphephe kakhulu njenge yocingo, Isignali, I-mastodon noma enye ye- I-Fediverse, okungcono.
Futhi khumbula ukuvakashela ikhasi lethu lasekhaya ku- «KusukaLinux» ukuhlola izindaba eziningi, kanye nokujoyina isiteshi sethu esisemthethweni se- Yocingo kusuka ku-DesdeLinux. Ngenkathi, ukuthola eminye imininingwane, ungavakashela noma yikuphi Umtapo wolwazi oku-inthanethi njengoba I-OpenLibra y I-JedIT, ukufinyelela nokufunda izincwadi zedijithali (ama-PDF) ngalesi sihloko noma ezinye.
Amazwana, shiya okwakho
I-athikili ethokozisayo, kufanele ibe yisibopho kubo bonke onjiniyela ..