Kwv yees li ib xyoos dhau los, peb ntawm DataLine launched nrhiav thiab txheeb xyuas qhov tsis zoo hauv IT daim ntawv thov. Qhov kev pabcuam yog raws li Qualys huab daws, hais txog kev ua haujlwm ntawm qhov twg . Nyob rau hauv ib lub xyoo ntawm kev ua hauj lwm nrog cov kev daws teeb meem, peb tau ua 291 scans rau txawv qhov chaw thiab sau cov txheeb cais ntawm ib qho yooj yim vulnerabilities nyob rau hauv web daim ntaub ntawv.
Nyob rau hauv tsab xov xwm hauv qab no kuv yuav qhia koj raws nraim li cas qhov hauv lub vev xaib kev ruaj ntseg tau muab zais tom qab ntau theem ntawm kev thuam. Cia peb saib seb qhov tsis zoo ntawm lub scanner pom tshwj xeeb tshaj yog vim li cas lawv tuaj yeem tshwm sim, thiab yuav tiv thaiv koj tus kheej li cas.
Qualys faib tag nrho cov kev tsis txaus ntseeg hauv lub vev xaib rau hauv peb theem ntawm kev thuam: qis, nruab nrab thiab siab. Yog tias koj saib qhov kev faib tawm los ntawm "qhov hnyav", nws zoo li tias txhua yam tsis zoo li ntawd. Muaj ob peb qhov tsis zoo nrog rau qib siab ntawm kev thuam, feem ntau txhua yam tsis yog qhov tseem ceeb:
Tab sis uncritical tsis txhais hais tias tsis muaj teeb meem. Lawv kuj tuaj yeem ua rau muaj kev puas tsuaj loj.
Sab saum toj "tsis tseem ceeb" vulnerabilities
- Mixed ntsiab lus vulnerabilities.
Tus txheej txheem rau kev ruaj ntseg lub vev xaib yog kev hloov pauv ntawm cov ntaub ntawv ntawm tus neeg siv khoom thiab cov neeg rau zaub mov ntawm HTTPS raws tu qauv, uas txhawb nqa encryption thiab tiv thaiv cov ntaub ntawv los ntawm kev cuam tshuam.
Qee qhov chaw siv cov ntsiab lus sib xyaw: Qee cov ntaub ntawv raug xa mus ntawm HTTP raws tu qauv tsis ruaj ntseg. Qhov no yog li cas nws yog feem ntau conveyed cov ntsiab lus passive - cov ntaub ntawv uas cuam tshuam tsuas yog cov zaub ntawm lub xaib: duab, css styles. Tab sis qee zaum qhov no yog li cas nws kis tau cov ntsiab lus nquag: scripts uas tswj tus cwj pwm ntawm lub xaib. Hauv qhov no, siv cov software tshwj xeeb, koj tuaj yeem txheeb xyuas cov ntaub ntawv nrog cov ntsiab lus nquag tuaj ntawm lub server, hloov kho koj cov lus teb ntawm ya thiab ua rau lub tshuab ua haujlwm hauv txoj hauv kev uas tsis yog los ntawm nws cov neeg tsim.
Cov tshiab versions ntawm browsers ceeb toom cov neeg siv tias cov chaw nrog cov ntsiab lus sib xyaw tsis muaj kev nyab xeeb thiab thaiv cov ntsiab lus. Cov neeg tsim lub vev xaib kuj tau txais kev ceeb toom browser hauv console. Piv txwv li, qhov no yog qhov nws zoo li hauv :
Dab tsi yog qhov txaus ntshai: Cov neeg tawm tsam siv cov txheej txheem tsis ruaj ntseg los cuam tshuam cov neeg siv cov ntaub ntawv, hloov cov ntawv sau thiab xa cov lus thov mus rau qhov chaw sawv cev. Txawm hais tias tus neeg tuaj saib lub vev xaib tsis nkag mus rau cov ntaub ntawv, qhov no tsis tiv thaiv nws phishing - tau txais cov ntaub ntawv tsis pub lwm tus paub siv txoj kev dag ntxias. Piv txwv li, siv ib tsab ntawv, koj tuaj yeem hloov tus neeg siv mus rau qhov chaw tsis zoo uas ua rau tus neeg siv paub zoo. Qee zaum, lub vev xaib siab phem zoo li zoo dua li qhov qub, thiab tus neeg siv tuaj yeem sau daim ntawv nws tus kheej thiab xa cov ntaub ntawv tsis pub lwm tus paub.Dab tsi tus tsim lub vev xaib yuav tsum nco ntsoov: Txawm hais tias tus thawj tswj hwm lub xaib tau teeb tsa thiab teeb tsa SSL / TLS daim ntawv pov thawj, qhov tsis zoo yuav tshwm sim vim tib neeg yuam kev. Piv txwv li, yog tias nyob rau ntawm ib nplooj ntawv koj muab tsis yog ib qho kev sib txuas, tab sis qhov tseeb txuas los ntawm http, thiab ntxiv rau koj tsis tau teeb tsa redirects los ntawm http rau https.
Koj tuaj yeem tshawb xyuas cov ntsiab lus sib xyaw ntawm lub xaib siv lub browser: tshawb xyuas nplooj ntawv qhov chaws, nyeem cov ntawv ceeb toom hauv tus tsim tawm console. Txawm li cas los xij, tus tsim tawm yuav tau tinker nrog cov cai rau lub sijhawm ntev thiab tediously. Koj tuaj yeem ua kom cov txheej txheem nrawm nrog cov cuab yeej tsom xam, piv txwv li: , Dawb Lighthouse software lossis them software Screaming Qav SEO Kab laug sab.
Tsis tas li ntawd, qhov tsis zoo yuav tshwm sim vim muaj teeb meem nrog legacy-code - code uas tau txais qub txeeg qub teg. Piv txwv li, yog tias qee nplooj ntawv raug tsim los siv cov qauv qub, uas tsis suav nrog kev hloov pauv ntawm qhov chaw mus rau https.
- Cov ncuav qab zib tsis muaj "HTTPOnly" thiab "kev ruaj ntseg" chij.
Tus cwj pwm "HTTPOnly" tiv thaiv cov ncuav qab zib los ntawm kev ua tiav los ntawm cov ntawv sau uas cov neeg tawm tsam siv los nyiag cov neeg siv cov ntaub ntawv. Tus chij "kev ruaj ntseg" tsis tso cai rau cov ncuav qab zib xa tuaj rau hauv cov ntawv ntshiab. Kev sib txuas lus tsuas yog tso cai yog tias HTTPS raws tu qauv raug siv los xa cov ncuav qab zib.
Ob tus cwj pwm tau teev tseg hauv cov khoom qab zib:
Set-Cookie: Secure; HttpOnlyDab tsi yog qhov txaus ntshai: Yog tias tus tsim tawm lub vev xaib tsis qhia cov yam ntxwv no, tus neeg tawm tsam tuaj yeem cuam tshuam tus neeg siv cov ntaub ntawv los ntawm cov ncuav qab zib thiab siv nws. Yog tias cov ncuav qab zib tau siv rau kev lees paub thiab kev tso cai, nws yuav muaj peev xwm nyiag tus neeg siv qhov kev sib tham thiab ua haujlwm ntawm qhov chaw sawv cev.
Dab tsi tus tsim lub vev xaib yuav tsum nco ntsoov: Raws li txoj cai, nyob rau hauv lub moj khaum nrov cov cwj pwm no tau teem cia. Tab sis tseem xyuas lub web server configuration thiab teeb tus chij: Teem-Cookie HttpOnly; ruaj ntseg.
Hauv qhov no, tus cwj pwm "HTTPOnly" yuav ua rau cov ncuav qab zib tsis pom ntawm koj tus kheej JavaScript.
- Path-Based Vulnerabilities.
Lub scanner qhia txog qhov tsis zoo no yog tias nws pom cov ntaub ntawv nkag mus rau pej xeem lossis cov npe hauv lub vev xaib nrog cov ntaub ntawv tsis pub lwm tus paub. Piv txwv li, nws pom ib tus neeg cov ntaub ntawv configuration los yog nkag mus rau tag nrho cov ntaub ntawv system. Qhov xwm txheej no tuaj yeem ua tau yog tias cov cai nkag mus tau raug teeb tsa tsis raug ntawm lub xaib.
Dab tsi yog qhov txaus ntshai: Yog tias cov ntaub ntawv kaw lus "tso tawm," tus neeg tawm tsam tuaj yeem poob rau hauv kev ua haujlwm interface thiab sim nrhiav cov folders nrog cov passwords yog tias lawv khaws cia hauv cov ntawv ntshiab (tsis txhob ua li ntawd!). Lossis koj tuaj yeem nyiag tus password hashes thiab brute yuam tus password, thiab tseem sim tsa cov cai hauv lub kaw lus thiab txav mus tob rau hauv cov txheej txheem.
Dab tsi tus tsim lub vev xaib yuav tsum nco ntsoov: Tsis txhob hnov ββββqab txog cov cai nkag thiab teeb tsa lub platform, lub vev xaib server, lub vev xaib thov kom nws tsis tuaj yeem "tshem" lub vev xaib.
- Daim ntawv rau nkag mus rau cov ntaub ntawv rhiab nrog nws pib-fill enabled.
Yog tias tus neeg siv nquag sau cov ntawv hauv cov vev xaib, lawv tus browser khaws cov ntaub ntawv no siv lub autofill feature.
Cov ntaub ntawv hauv cov vev xaib yuav suav nrog cov ntaub ntawv rhiab heev, xws li passwords lossis credit card naj npawb. Rau cov teb zoo li no, nws tsim nyog tsis siv daim ntawv autofill muaj nuj nqi ntawm lub xaib nws tus kheej.
Dab tsi yog qhov txaus ntshai: Yog tias tus neeg siv lub browser khaws cov ntaub ntawv rhiab, tus neeg tawm tsam tuaj yeem cuam tshuam nws tom qab, piv txwv li los ntawm phishing. Hauv qhov tseeb, tus tsim tawm lub vev xaib uas tsis nco qab txog qhov nuance no tab tom teeb tsa nws cov neeg siv.
Dab tsi tus tsim lub vev xaib yuav tsum nco ntsoov: Hauv qhov no, peb muaj kev tsis sib haum xeeb classic: yooj yim vs kev ruaj ntseg. Yog tias tus tsim tawm lub vev xaib tab tom xav txog cov neeg siv kev paub dhau los, nws tuaj yeem txiav txim siab xaiv autocomplete. Piv txwv li, yog tias nws tseem ceeb ua raws - Cov lus pom zoo rau kev nkag tau ntawm cov ntsiab lus rau cov neeg siv tsis taus.
Rau feem ntau browsers, koj tuaj yeem lov tes taw autocomplete nrog autocompete = "off" attribute, piv txwv li:
<body> <form action="/hmn/form/submit" method="get" autocomplete="off"> <div> <input type="text" placeholder="First Name"> </div> <div> <input type="text" id="lname" placeholder="Last Name" autocomplete="on"> </div> <div> <input type="number" placeholder="Credit card number"> </div> <input type="submit"> </form> </body>Tab sis nws yuav tsis ua haujlwm rau Chrome. Qhov no yog hla siv JavaScript, ib qho txawv ntawm daim ntawv qhia tuaj yeem pom .
- X-Frame-Options header tsis tau teeb tsa hauv qhov chaw code.
Cov header no cuam tshuam cov ncej, iframe, embed, lossis cov cim cim npe. Nrog nws cov kev pab, koj tuaj yeem txwv tsis pub kos koj qhov chaw hauv ib lub thav duab. Ua li no, koj yuav tsum qhia tus nqi X-Frame-Options: tsis lees paub. Lossis koj tuaj yeem hais qhia X-Frame-Options: tib lub hauv paus, tom qab ntawd embedding hauv iframe tsuas yog muaj nyob rau ntawm koj lub npe.
Dab tsi yog qhov txaus ntshai: Qhov tsis muaj xws li header tuaj yeem siv rau ntawm qhov chaw tsis zoo rau clickjacking. Rau qhov kev tawm tsam no, tus neeg tawm tsam tsim cov duab pob tshab rau saum cov nyees khawm thiab ua rau tus neeg siv dag zog. Piv txwv li: scammers thav duab social networking nplooj ntawv ntawm lub vev xaib. Tus neeg siv xav tias nws tab tom nyem khawm ntawm lub xaib no. Hloov chaw, nias yog cuam tshuam thiab tus neeg siv qhov kev thov raug xa mus rau lub social network qhov twg muaj kev sib tham ua haujlwm. Qhov no yog li cas cov neeg tawm tsam xa spam sawv cev ntawm cov neeg siv lossis tau txais cov neeg siv thiab nyiam.
Yog tias koj tsis lov tes taw qhov no, tus neeg tawm tsam tuaj yeem tso koj daim ntawv thov khawm rau ntawm qhov chaw phem. Tej zaum nws yuav txaus siab rau koj qhov kev xa mus lossis koj cov neeg siv.
Dab tsi tus tsim lub vev xaib yuav tsum nco ntsoov: Qhov tsis zoo yuav tshwm sim yog X-Frame-Options nrog tus nqi tsis sib haum yog teem rau ntawm lub web server lossis load balancer. Hauv qhov no, tus neeg rau zaub mov thiab kev sib npaug yuav tsuas yog rov sau lub header, vim lawv muaj qhov tseem ceeb dua piv rau cov lej rov qab.
Qhov tsis lees paub thiab qhov tseem ceeb ntawm X-Frame-Options header yuav cuam tshuam nrog kev ua haujlwm ntawm Yandex web saib. Txhawm rau tso cai siv iframes rau lub vev xaib saib, koj yuav tsum sau ib txoj cai cais hauv qhov chaw. Piv txwv li, rau nginx koj tuaj yeem teeb tsa nws zoo li no:
http{ ... map $http_referer $frame_options { "~webvisor.com" "ALLOW-FROM http://webvisor.com"; default "SAMEORIGIN"; } add_header X-Frame-Options $frame_options; ... } - PRSSI (Path-relative stylesheet ntshuam) vulnerabilities.
Qhov no yog qhov tsis zoo ntawm qhov chaw styling. Nws tshwm sim yog tias cov txheeb ze txuas xws li href="/hmn/somefolder/styles.css/" siv los nkag rau cov ntaub ntawv style. Tus neeg tawm tsam yuav siv qhov zoo ntawm qhov no yog tias lawv pom txoj hauv kev los hloov tus neeg siv mus rau nplooj ntawv phem. Nplooj ntawv yuav ntxig ib tus txheeb ze txuas rau hauv nws qhov url thiab simulate tus qauv hu. Koj yuav tau txais ib daim ntawv thov xws li badsite.ru/β¦/somefolder/styles.css/, uas tuaj yeem ua phem ua phem raws li kev coj ua ntawm style.
Dab tsi yog qhov txaus ntshai: Tus neeg dag ntxias tuaj yeem siv qhov tsis zoo no yog tias lawv pom lwm qhov kev nyab xeeb. Yog li ntawd, nws muaj peev xwm nyiag cov neeg siv cov ntaub ntawv los ntawm ncuav qab zib lossis tokens.
Dab tsi tus tsim lub vev xaib yuav tsum nco ntsoov: Teem lub X-Cov Ntsiab Lus-Hom-Kev xaiv header rau: nosniff. Hauv qhov no, tus browser yuav tshawb xyuas cov ntsiab lus ntawm cov qauv. Yog tias hom yog lwm yam tsis yog ntawv / css, browser yuav thaiv qhov kev thov.
Tseem ceeb vulnerabilities
- Ib nplooj ntawv nrog lo lus zais teb yog kis los ntawm cov neeg rau zaub mov hla qhov tsis ruaj ntseg channel (HTML daim ntawv uas muaj lo lus zais (s) tau txais kev pabcuam dhau HTTP).
Cov lus teb los ntawm tus neeg rau zaub mov dhau ntawm qhov tsis muaj kev sib txuas lus yog qhov yooj yim rau "Txiv neej nyob nruab nrab" kev tawm tsam. Tus neeg tawm tsam tuaj yeem cuam tshuam kev khiav tsheb thiab cuam tshuam nws tus kheej ntawm tus neeg siv khoom thiab cov neeg rau zaub mov thaum nplooj ntawv taug kev los ntawm lub server mus rau tus neeg siv khoom.
Dab tsi yog qhov txaus ntshai: Tus neeg dag ntxias yuav tuaj yeem hloov nplooj ntawv thiab xa tus neeg siv daim foos rau cov ntaub ntawv tsis pub lwm tus paub, uas yuav mus rau tus neeg tua neeg lub server.
Dab tsi tus tsim lub vev xaib yuav tsum nco ntsoov: Qee qhov chaw xa cov neeg siv ib zaug code los ntawm email / xov tooj es tsis txhob siv tus password. Nyob rau hauv cov ntaub ntawv no, qhov yooj yim yog tsis yog li ntawd tseem ceeb, tab sis lub mechanism yuav complicate lub neej ntawm cov neeg siv.
- Xa ib daim ntawv nrog tus ID nkag mus thiab lo lus zais hla ib qho channel tsis ruaj ntseg (Daim Ntawv Teev Npe Tsis Muaj Xa Los Ntawm HTTPS).
Nyob rau hauv rooj plaub no, ib daim ntawv nrog tus ID nkag mus thiab lo lus zais raug xa los ntawm tus neeg siv mus rau tus neeg rau zaub mov ntawm cov channel tsis tau nkag mus.
Dab tsi yog qhov txaus ntshai: Tsis zoo li cov ntaub ntawv dhau los, qhov no yog qhov tseem ceeb heev. Nws yooj yim dua los cuam tshuam cov ntaub ntawv rhiab vim tias koj tsis tas yuav sau cov lej los ua nws.
- Siv JavaScript cov tsev qiv ntawv uas paub qhov tsis zoo.
Thaum lub sijhawm luam theej duab, cov tsev qiv ntawv siv ntau tshaj plaws yog jQuery nrog ntau tus qauv. Txhua version muaj tsawg kawg yog ib qho, lossis ntau dua, paub qhov tsis zoo. Qhov cuam tshuam tuaj yeem sib txawv heev nyob ntawm qhov xwm txheej ntawm qhov tsis zoo.
Dab tsi yog qhov txaus ntshai: Muaj exploits rau paub qhov tsis zoo, piv txwv li:
Dab tsi tus tsim lub vev xaib yuav tsum nco ntsoov: Rov qab mus rau lub voj voog tsis tu ncua: tshawb nrhiav qhov paub tsis meej - kho - tshawb xyuas. Yog tias koj siv cov tsev qiv ntawv qub txeeg qub teg txhob txwm ua, piv txwv li los txhawb cov browsers qub lossis txuag nyiaj, nrhiav lub sijhawm los kho qhov tsis zoo uas paub. - Hla-site scripting (XSS).
Cross-Site Scripting (XSS), lossis cross-site scripting, yog kev tawm tsam ntawm daim ntawv thov web uas ua rau muaj malware raug nkag mus rau hauv cov ntaub ntawv. Yog tias Qualys pom qhov tsis zoo li no, nws txhais tau hais tias tus neeg muaj peev xwm tawm tsam tuaj yeem lossis twb tau qhia nws tus kheej js tsab ntawv rau hauv lub vev xaib code los ua qhov phem.Khaws XSS txaus ntshai dua, txij li tsab ntawv tau kos rau ntawm tus neeg rau zaub mov thiab tua txhua lub sijhawm qhib nplooj ntawv tawm tsam hauv browser.
Reflected XSS yooj yim dua los nqa tawm txij li cov ntawv tsis zoo tuaj yeem raug txhaj rau hauv HTTP thov. Daim ntawv thov yuav tau txais HTTP thov, yuav tsis lees paub cov ntaub ntawv, yuav ntim nws, thiab xa tam sim ntawd. Yog tias tus neeg tawm tsam cuam tshuam kev khiav tsheb thiab ntxig ib tsab ntawv zoo li
<script>/*+ΡΡΠΎ+ΡΠΎ+ΠΏΠ»ΠΎΡ ΠΎΠ΅+*/</script>ces qhov kev thov siab phem yuav raug xa mus rau tus neeg siv khoom.
Ib qho piv txwv zoo ntawm XSS: js sniffers uas simulate nplooj ntawv nkag rau CVC, daim npav hnub tas sijhawm, thiab lwm yam.
Dab tsi tus tsim lub vev xaib yuav tsum nco ntsoov: Hauv Cov Ntsiab Lus-Security-Policy header, siv cov ntawv sau-src kom yuam tus neeg siv browser tsuas yog rub tawm thiab ua tiav cov lej los ntawm qhov chaw ntseeg siab. Piv txwv li, script-src 'self' whitelists tag nrho cov ntawv sau los ntawm peb lub xaib nkaus xwb.
Qhov kev coj ua zoo tshaj plaws yog Inline code: tsuas yog tso cai rau inline javascript siv tus nqi tsis zoo-inline. Tus nqi no tso cai rau siv inline js / css, tab sis tsis txwv tsis pub suav nrog js cov ntaub ntawv. Nyob rau hauv ua ke nrog script-src 'tus kheej' peb lov tes taw lwm scripts los ntawm raug tua.Nco ntsoov sau txhua yam uas siv daim ntawv qhia-uri thiab saib kev sim ua kom siv nws rau hauv qhov chaw.
- SQL txhaj tshuaj.
Qhov tsis muaj peev xwm qhia tau tias muaj peev xwm txhaj SQL code rau hauv lub vev xaib uas nkag mus rau lub vev xaib database ncaj qha. Kev txhaj tshuaj SQL tuaj yeem ua tau yog tias cov ntaub ntawv los ntawm tus neeg siv tsis raug tshuaj xyuas: nws tsis raug kuaj xyuas kom raug thiab siv tam sim ntawd hauv cov lus nug. Piv txwv li, qhov no tshwm sim yog tias ib daim ntawv ntawm lub vev xaib tsis kuaj xyuas seb cov tswv yim puas phim cov ntaub ntawv hom.Dab tsi yog qhov txaus ntshai: Yog tias tus neeg tawm tsam nkag mus rau SQL lus nug rau hauv daim ntawv no, nws tuaj yeem tsoo cov ntaub ntawv lossis nthuav tawm cov ntaub ntawv tsis pub lwm tus paub.
Dab tsi tus tsim lub vev xaib yuav tsum nco ntsoov: Tsis txhob ntseeg dab tsi los ntawm browser. Koj yuav tsum tiv thaiv koj tus kheej ntawm ob tus neeg siv khoom thiab sab server.
Ntawm cov neeg siv khoom, sau daim teb validation siv JavaScript.
Built-in functions nyob rau hauv lub moj khaum nrov kuj pab kom dim tej yam txawv txawv cov neeg rau zaub mov. Nws tseem pom zoo kom siv cov lus nug ntawm cov ntaub ntawv parameterized ntawm lub server.
Txiav txim siab qhov twg raws nraim qhov kev sib cuam tshuam nrog cov ntaub ntawv siv nyob rau hauv daim ntawv thov web.
Kev sib cuam tshuam tshwm sim thaum peb tau txais cov ntaub ntawv: ib qho kev thov nrog tus ID (hloov tus ID), kev tsim tus neeg siv tshiab, kev tawm tswv yim tshiab, lossis kev nkag tshiab hauv cov ntaub ntawv. Qhov no yog qhov uas SQL txhaj tshuaj tuaj yeem tshwm sim. Txawm hais tias peb rho tawm cov ntaub ntawv los ntawm cov ntaub ntawv, SQL txhaj tshuaj yog ua tau.
Kev pom zoo
Tsis txhob rov tsim lub log - siv cov txheej txheem pov thawj. Raws li txoj cai, lub moj khaum nrov muaj kev nyab xeeb dua. Rau .NET - ASP.NET MVC thiab ASP.NET Core, rau Python - Django lossis Flask, rau Ruby - Ruby ntawm Rails, rau PHP - Symfony, Laravel, Yii, rau JavaScript - Node.JS-Express.js, rau Java - Spring MVC.
Ua raws li tus neeg muag khoom hloov tshiab thiab hloov tshiab tsis tu ncua. Lawv yuav pom qhov muaj qhov tsis zoo, tom qab ntawd sau ib qho kev siv, ua kom muaj kev tshaj tawm rau pej xeem, thiab txhua yam yuav tshwm sim dua. Sau npe yuav hloov tshiab rau cov qauv ruaj khov los ntawm tus neeg muag khoom software.
Tshawb xyuas cov cai nkag. Nyob rau sab server, ib txwm kho koj cov cai raws li nws, los ntawm thawj mus rau tsab ntawv kawg, tau sau los ntawm koj tus yeeb ncuab uas ntxub tshaj, uas xav rhuav koj lub xaib, ua txhaum kev ncaj ncees ntawm koj cov ntaub ntawv. Ntxiv mus, qee zaum qhov no muaj tseeb.
Siv cov clones, kuaj qhov chaw, thiab tom qab ntawd siv lawv rau kev tsim khoom. Qhov no yuav pab, ua ntej, kom tsis txhob ua yuam kev thiab ua yuam kev hauv ib puag ncig tsim khoom: ib puag ncig tsim khoom nqa nyiaj, ib puag ncig tsim khoom yooj yim yog qhov tseem ceeb. Thaum ntxiv, kho lossis kaw ib qho teeb meem, nws tsim nyog ua haujlwm hauv ib puag ncig kev sim, tom qab ntawd kuaj xyuas qhov ua haujlwm thiab qhov tsis zoo pom, thiab tom qab ntawd npaj ua haujlwm nrog ib puag ncig tsim khoom.
Tiv thaiv koj lub vev xaib thov nrog thiab integrate cov ntaub ntawv los ntawm qhov tsis zoo scanner nrog nws. Piv txwv li, DataLine siv Qualys thiab FortiWeb ua ib pob ntawm cov kev pabcuam.
Tau qhov twg los: www.hab.com