Namuhla, sizoqhubeka nokungenile kwethu okuhlobene nesihloko esithi Ukuphepha Kwe-IT (I-Cybersecurity, Ubumfihlo kanye Nokungaziwa) futhi kubo sizogxila kukho OWASP y OSINT.
Ngenkathi, OWASP kuwumthombo ovulekile womsebenzi ozinikele ekunqumeni nasekulweni izimbangela ezenza ukuthi i-software ingaphephi, OSINT iqoqo lamasu namathuluzi asetshenziselwa ukuqoqa imininingwane yomphakathi, ukuhlanganisa idatha nokuyicubungula, ukuze kutholakale ulwazi olusebenzisekayo nolusebenzayo lwezinhloso noma izindawo ezithile.
Ngaphambi kokuntywila esihlokweni se- OWASP y OSINT, njengokujwayelekile, sincoma ukuthi ngemuva kokufunda le ncwadi, hlola okuqukethwe kwezinye izincwadi zethu zangaphambilini ezihlobene nesihloko se- Ukuphepha Kwe-IT.
… Kuhle ukusho ukuthi umqondo ophathelene nokuPhepha koLwazi akufanele udidaniswe nowe-Computer Security, ngoba, ngenkathi owokuqala ubhekisa ekuvikelweni nasekuvikelweni kolwazi oluhlanganisiwe lwesihloko (Umuntu, Inkampani, Isikhungo, i-Ejensi , Umphakathi, uHulumeni), okwesibili kugxila ekuvikeleni idatha ngaphakathi kohlelo lwekhompyutha kanjalo. Ukuphepha Kwemininingwane: Umlando, Amatemu kanye Nensimu Yesenzo
I-OWASP ne-OSINT: Izinhlangano, Amaphrojekthi kanye Namathuluzi
Yini i-OWASP?
Ngokwe-website esemthethweni ye- OWASP es:
"I-Open Web Application Security Project (OWASP) ephethwe yisisekelo esingenzi nzuzo segama elifanayo esisebenza ukuthuthukisa ukuphepha kwesoftware. Futhi isakhiwo sayo sifaka phakathi ukwakhiwa kwamaphrojekthi wesoftware yomthombo ovulekile oholwa ngumphakathi. I-Said Foundation njengamanje inezahluko ezingaphezu kuka-200 zendawo emhlabeni wonke, amashumi ezinkulungwane zamalungu futhi iqhuba izingqungquthela ezihola phambili kwezemfundo nokuqeqesha emkhakheni."
Ngakho-ke, kusobala ukuthi umgomo we Isisekelo se-OWASP es:
"Ukuze ube umphakathi ovulekile ozinikele ekwenzeni izinhlangano zikwazi ukukhulelwa, ukuthuthukisa, ukuthola, ukusebenza, kanye nokugcina izinhlelo zokusebenza ezethembekile. Futhi kubo, wonke amaphrojekthi wabo, amathuluzi, amadokhumenti, izinkundla kanye nezahluko ezakhiwe zikhululekile futhi zivulekele noma ngubani onentshisekelo yokwenza ngcono ukuphepha kohlelo lokusebenza."
Amaphrojekthi we-OWASP
Konke Amaphrojekthi weSoftware Namathuluzi yenziwe ngu OWASP ingabukwa kufayela lakho le- Isigaba Samaphrojekthi, nakuwebhusayithi yabo esemthethweni ku- GitHub. Futhi phakathi kokwaziwa kakhulu singasho okulandelayo:
- I-OWASP ephezulu engu-10Iphrojekthi enedokhumende elijwayelekile lokuqwashisa lonjiniyela bezinhlelo zokusebenza zewebhu kanye nokuphepha. Futhi lokho kubonisa ukuvumelana okubanzi ngezingozi ezibaluleke kakhulu zokuphepha kubo.
- Umhlahlandlela Wokuhlola Ukuphepha Kwewebhu (WSTG): Iphrojekthi equkethe Umhlahlandlela Wokuhlola Ukuphepha KweWebhu okhiqiza insiza yokuqala yokuhlola ukuphepha kwe-cyber yabathuthukisi bezinhlelo zokusebenza zewebhu kanye nabasebenza kwezokuphepha. Ngakho-ke, umhlahlandlela omuhle kakhulu futhi ophelele wokuhlola insiza yewebhu kanye nokuvikeleka kohlelo lokusebenza, njengoba inikeza uhlaka lwemikhuba emihle esetshenziswa ngabahloli bokungena nezinhlangano emhlabeni jikelele. Kukhona neyodwa yezicelo ukuhamba.
Yini i-OSINT?
Kusukela OSINT Kunjengoba, njengoba sishilo ekuqaleni: "iqoqo lamasu namathuluzi asetshenziselwa ukuqoqa imininingwane yomphakathi, ukuhlanganisa idatha nokuyicubungula, ukuze kutholakale ulwazi olusebenzayo nolusebenzayo lwezinjongo ezithile noma izindawo ezithile"; okufanayo ayinayo iwebhusayithi esemthethweni. Noma kunjalo, kunamawebhusayithi amaningi ahlinzeka ngemininingwane eminingi ewusizo namathuluzi we-OSINT. Okungasetshenziswa kokubili ukuphenya nokuhlasela isihloko esihlosiwe, noma noma ngubani ukuthi athathe izinyathelo ezidingekayo zokuvimbela lokho kuhlaselwa.
Kubalulekile ukucacisa mayelana OSINT Okulandelayo:
"Igama elithi "umthombo ovulekile" ngaphakathi kwe-OSINT alibhekiseli ekuhambeni kwesoftware yomthombo ovulekile, yize amathuluzi amaningi e-OSINT enguMthombo Ovulekile; kunalokho, ichaza isimo esidlangalaleni sedatha ehlaziywayo."
Luyini Uhlaka lwe-OSINT?
Phakathi kwamawebhusayithi ahlobene ne- OSINT singasho Uhlaka lwe-OSINT. Ingachazwa njenge:
Indawo yokugcina online efaka inani elikhulu lamathuluzi (izinhlelo zokusebenza, izinsiza zewebhu) ukwenza usesho kwimithombo yolwazi evulekile. Isebenza njengefayela eligcina futhi lihlukanise amathuluzi athi azosetshenziswa ekuphenyweni kwe-OSINT. Lawa mathuluzi futhi ayisethi yemitapo yolwazi yohlobo lwe-GPLv3 (umthombo wamahhala novulekile), ovumela ukuqoqa zonke izinhlobo zemininingwane (imininingwane) yophenyo oludingekayo. Ngokuqondile, lawa mathuluzi angathola futhi aqoqe idatha, efana, Amagama abasebenzisi, amakheli e-imeyili, amakheli e-IP, izinsizakusebenza ze-Multimedia, Amaphrofayli kumanethiwekhi omphakathi, i-Geolocation, phakathi kokunye okuningi.
Okwalabo, abanesifiso sokufuna ukwazi kabanzi mayelana OSINT ungavakashela i- iwebhusayithi esemthethweni ku-GitHub noma okulandelayo isixhumanisi.
Siyethemba lokhu "okuthunyelwe okuwusizo okuncane" cishe «OWASP y OSINT»
, Izihloko ezi-2 ezithakazelisayo ezihlanganisa izinhlangano, amaphrojekthi, amathuluzi, nokunye okuningi, esivuna okuqinile nokusobala Ukuphepha Kwe-IT (Ukuphepha kwe-cyber, ubumfihlo nokungaziwa); inentshisekelo enkulu futhi iyasiza, kuyo yonke «Comunidad de Software Libre y Código Abierto»
kanye negalelo elikhulu ekusabalalisweni kwemvelo emangalisayo, enkulu futhi ekhulayo yezicelo ze «GNU/Linux»
.
Okwamanje, uma ukuthandile lokhu publicación
, Ungami yabelana ngayo nabanye, kumawebhusayithi wakho owathandayo, iziteshi, amaqembu noma imiphakathi yokuxhumana nabantu noma amasistimu wokuthumela imiyalezo, okungcono mahhala, okuvulekile kanye / noma okuphephe kakhulu njenge yocingo, Isignali, I-mastodon noma enye ye- I-Fediverse, okungcono. Futhi khumbula ukuvakashela ikhasi lethu lasekhaya ku- «DesdeLinux» ukuhlola izindaba eziningi, kanye nokujoyina isiteshi sethu esisemthethweni se- I-Telegram ye DesdeLinux. Ngenkathi, ukuthola eminye imininingwane, ungavakashela noma yikuphi Umtapo wolwazi oku-inthanethi njengoba I-OpenLibra y I-JedIT, ukufinyelela nokufunda izincwadi zedijithali (ama-PDF) ngalesi sihloko noma ezinye.