I-Secure Code Wiki: Iwebhu yemikhuba emihle yokufaka amakhodi evikelekile

I-Secure Code Wiki: Iwebhu yemikhuba emihle yokufaka amakhodi evikelekile

I-Secure Code Wiki: Iwebhu yemikhuba emihle yokufaka amakhodi evikelekile

Ukuze kuthuthukiswe Ulwazi Nemfundokanye Isayensi nobuchwepheshe Ngokuvamile, bekulokhu kubaluleke kakhulu ukuqaliswa kokusetshenziswa kwe- izenzo ezingcono neziphumelelayo, izinyathelo noma izincomo (Imikhuba emihle) ukufeza inhloso enkulu yoku, letha izithelo noma yimuphi umsebenzi noma inqubo.

Futhi i Ukuhlela noma i Ukuthuthukiswa kweSoftware Njenganoma yimuphi omunye umsebenzi wobungcweti ne-IT, unowawo "Imikhuba emihle" kuhlotshaniswa nemikhakha eminingi, ikakhulukazi leyo ehlobene ne- Ukuphepha kwe-cyber kwemikhiqizo yesoftware ekhiqizwayo. Futhi kulokhu okuthunyelwe sizokwethula ezinye «Imikhuba Emihle Yokufaka Amakhodi », kusuka kuwebhusayithi ethakazelisayo newusizo ebizwa ngokuthi "Ikhodi evikelekile ye-Wiki", okuningi mayelana Amapulatifomu entuthuko ikhululekile futhi ivulekile, njengeyimfihlo futhi ivaliwe.

Amalayisense okuthuthukisa iFree and Open Software: Imikhuba emihle

Amalayisense okuthuthukisa iFree and Open Software: Imikhuba emihle

Ngaphambi kokungena esihlokweni, njengenjwayelo, sizoshiya ngokuhamba kwesikhathi ezinye izixhumanisi zokushicilelwa kwangaphambilini ezihlobene nesihloko se- «Imikhuba Emihle Ekuhlelweni noma Ekuthuthukisweni Kwesoftware ».

"… Imikhuba emihle yakhulelwa futhi yasatshalaliswa yi "Code for Development Initiative" we-Inter-American Development Bank, ngokwesilinganiso se- Isoftware Yelayisense, okumele ithathwe lapho kwenziwa imikhiqizo yesoftware (amathuluzi edijithali), ikakhulukazi mahhala futhi evulekile." Amalayisense okuthuthukisa iFree and Open Software: Imikhuba emihle

I-athikili ehlobene:
Amalayisense okuthuthukisa iFree and Open Software: Imikhuba emihle

I-athikili ehlobene:
Ikhwalithi Yezobuchwepheshe: Imikhuba emihle ekwakhiweni kweSoftware Emahhala
I-athikili ehlobene:
Imikhuba emihle yokwakha iSoftware yamahhala nevulekile: Imibhalo

Ikhodi Ephephile Wiki: Imikhuba Emihle Yokufaka Amakhodi

Ikhodi Ephephile Wiki: Imikhuba Emihle Yokufaka Amakhodi

Yini i-Secure Code Wiki?

Njengoba umbhalo wayo usho iwebhusayithi:

"I-Secure Code Wiki ingumvuthwandaba wemikhuba ephephile yokufaka amakhodi ezilimini ezahlukahlukene."

Futhi ukhona imikhuba emihle kanye newebhusayithi ye "Ikhodi evikelekile ye-Wiki" zenziwe futhi zagcinwa yinhlangano yamaNdiya ebizwa I-Payatu.

Izibonelo Zokwenza Okuhle ngezinhlobo Zezilimi Zokuhlela

Njengoba, iwebhusayithi ibhalwe ngesiNgisi, sizobonisa ezinye izibonelo zokubhala ngekhodi okuphephile mayelana ahlukahlukene izilimi zokuhlela, okunye kumahhala futhi kuvulekile, kanti okunye kuyimfihlo futhi kuvaliwe, okunikezwa yile webhusayithi hlola amandla nekhwalithi yokuqukethwe kulayishiwe.

Ngaphezu kwalokho, kubalulekile ukukugqamisa lokho Imikhuba emihle kukhonjiswe kufayela le- Amapulatifomu entuthuko okulandelayo:

  • .NET
  • Java
  • I-Java Ye-Android
  • Kotlin
  • I-NodeJS
  • Inhloso C
  • PHP
  • Python
  • Ruby
  • Swift
  • WordPress

Zihlukaniswe ngezigaba ezilandelayo zezilimi zedeskithophu:

  • A1 - Ukujova (Ukujova)
  • I-A2 - Ukufakazela ubuqiniso kwephuliwe (Ubuqiniso obuphukile)
  • A3 - Ukuvezwa kwedatha ebucayi (Ukuzwela Kwedatha Ebucayi)
  • Ama-A4 - Amabhizinisi Wangaphandle we-XML (Amabhizinisi wangaphandle weXML / XXE)
  • I-A5 - Ukulawulwa kokufinyelela okuyiphutha (Ukulawula Ukufinyelela Okuphukile)
  • I-A6 - Ukulungiswa kabusha kokuphepha (Ukungaguquguquki Kwezokuphepha)
  • I-A7 - Isikripthi Sendawo Ebhaliwe (Isiphambano Sesayithi / I-XSS)
  • I-A8 - Ukwehliswa kwesithunzi ngokungavikeleki (Ukwehliswa kwesithunzi okungavikelekile)
  • A9 - Ukusetshenziswa kwezakhi ezinobungozi obaziwayo (Kusetshenziswa Izingxenye Ezinobungozi Obaziwayo)
  • A10 - Ukubhaliswa okungafanele nokwenganyelwa (Ukungena okunganele nokuqapha)

Futhi ihlukaniswe ngezigaba ezilandelayo zezilimi ezihambayo:

  • I-M1 - Ukusetshenziswa okungalungile kwepulatifomu (Ukusetshenziswa Kwepulatifomu Okungalungile)
  • I-M2 - Isitoreji sedatha engavikelekile (Isitoreji Sedatha Engavikelekile)
  • M3 - Ukuxhumana okungaphephile (Ukuxhumana Okungaphephile)
  • I-M4 - Ukuqinisekiswa okungavikelekile (Ukugunyaza okungavikelekile)
  • I-M5 - i-cryptography enganele (I-Cryptography Enganele)
  • M6 - Ukugunyazwa okungaphephile (Ukugunyazwa Kokuphepha)
  • I-M7 - Ikhwalithi yekhodi yekhasimende (Ikhwalithi yekhodi yeklayenti)
  • M8 - Ukukhwabanisa kwekhodi (Ukuphazamisa ikhodi)
  • I-M9 - Reverse Engineering (Reverse Engineering)
  • I-M10 - Ukusebenza okungajwayelekile (Ukusebenza okungaphandle)

Isibonelo 1: .Net (A1- Injection)

Kusetshenziswa imephu yento ehlobene (i-ORM) noma izinqubo ezigciniwe kuyindlela ephumelela kunazo zonke yokulwisana nobungozi bomjovo we-SQL.

Isibonelo 2: Java (A2 - Ukufakazela ubuqiniso kwephukile)

Noma kunini lapho kungenzeka khona, sebenzisa ubuqiniso bezinto eziningi ukuvimbela ukuzenzakalela, ukugxilwa kokuqinisekisa, amandla angenangqondo, nokusetshenziswa kabusha kwemininingwane eyebiwe.

Isibonelo 3: Java Ye-Android (M3 - Ukuxhumana Okungaphephile)

Kubalulekile ukufaka i-SSL / TLS eziteshini zezokuthutha ezisetshenziswa uhlelo lokusebenza lweselula ukudlulisa imininingwane ebucayi, amathokheni weseshini noma enye idatha ebucayi kwi-API ebuyela emuva noma isevisi yewebhu.

Isibonelo 4: IKotlin (M4 - Ukugunyaza Ukungavikeleki)

Gwema amaphethini abuthakathaka

Isibonelo 5: NodeJS (A5 - Bad Access Control)

Izilawuli zokufinyelela zemodeli kufanele ziphoqelele ubunikazi bamarekhodi, kunokuvumela umsebenzisi ukuthi adale, afunde, abuyekeze noma asuse noma yiliphi irekhodi.

Isibonelo 6: Inhloso C (M6 - Ukugunyazwa ukungavikeleki)

Izinhlelo zokusebenza kufanele zigweme ukusebenzisa izinombolo eziqagelwayo njengesithenjwa esikhombayo.

Isibonelo 7: PHP (A7 - Cross Site Scripting)

Faka ikhodi zonke izinhlamvu ezikhethekile usebenzisa i-htmlspecialchars () noma i-htmlentities () [uma kungaphakathi kwamathegi we-html].

Isibonelo 8: I-Python (A8 - Desourceization Engaphephile)

Imodyuli ye-pickle ne-jsonpickle ayiphephile, ungalokothi uyisebenzisele ukwesula idatha engathenjiwe.

Isibonelo 9: I-Python (A9 - Kusetshenziswa Izinto Ezihlanganisiwe ezinezingozi Ezaziwayo)

Qalisa uhlelo lokusebenza ngomsebenzisi onelungelo elincane

Isibonelo 10: Swift (M10 - Strange ukusebenza)

Susa ukusebenza kwangaphakathi okufihliwe noma ezinye izilawuli zokuphepha zangaphakathi zentuthuko ezingahloselwe ukukhishwa endaweni yokukhiqiza.

Isibonelo 11: WordPress (XML-RPC Khubaza)

I-XML-RPC isici se-WordPress esivumela ukudluliswa kwedatha phakathi kwe-WordPress nezinye izinhlelo. Namuhla ithathelwe indawo yi-REST API, kepha isafakiwe ekufakweni kokuhambisana nokubuyela emuva. Uma inikwe amandla ku-WordPress, umhlaseli angenza ukuhlukunyezwa, ukuhlaselwa kwe-pingback (SSRF), phakathi kwabanye.

Isithombe esijwayelekile seziphetho ze-athikili

Isiphetho

Siyethemba lokhu "okuthunyelwe okuwusizo okuncane" mayelana newebhusayithi ebizwa «Secure Code Wiki», enikeza okuqukethwe okubalulekile okuhlobene ne- «Imikhuba Emihle Yokufaka Amakhodi »; inentshisekelo enkulu futhi iyasiza, kuyo yonke «Comunidad de Software Libre y Código Abierto» kanye negalelo elikhulu ekusabalalisweni kwemvelo emangalisayo, enkulu futhi ekhulayo yezicelo ze «GNU/Linux».

Okwamanje, uma ukuthandile lokhu publicación, Ungami yabelana ngayo nabanye, kumawebhusayithi wakho owathandayo, iziteshi, amaqembu noma imiphakathi yokuxhumana nabantu noma amasistimu wokuthumela imiyalezo, okungcono mahhala, okuvulekile kanye / noma okuphephe kakhulu njenge yocingoIsignaliI-mastodon noma enye ye- I-Fediverse, okungcono.

Futhi khumbula ukuvakashela ikhasi lethu lasekhaya ku- «KusukaLinux» ukuhlola izindaba eziningi, kanye nokujoyina isiteshi sethu esisemthethweni se- Yocingo kusuka ku-DesdeLinuxNgenkathi, ukuthola eminye imininingwane, ungavakashela noma yikuphi Umtapo wolwazi oku-inthanethi njengoba I-OpenLibra y I-JedIT, ukufinyelela nokufunda izincwadi zedijithali (ama-PDF) ngalesi sihloko noma ezinye.


Okuqukethwe yi-athikili kunamathela ezimisweni zethu ze izimiso zokuhlelela. Ukubika iphutha chofoza lapha.

Amazwana, shiya okwakho

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   luix kusho

    I-athikili ethokozisayo, kufanele ibe yisibopho kubo bonke onjiniyela ..