{"id":696,"date":"2022-08-19T16:30:28","date_gmt":"2022-08-19T08:30:28","guid":{"rendered":"https:\/\/cms.aaasec.com.tw\/?p=696"},"modified":"2023-04-20T10:21:00","modified_gmt":"2023-04-20T02:21:00","slug":"owasp-top-10-2021","status":"publish","type":"post","link":"https:\/\/cms.aaasec.com.tw\/index.php\/2022\/08\/19\/owasp-top-10-2021\/","title":{"rendered":"OWASP Top 10 2021\u5165\u9580\u4ecb\u7d39"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" width=\"1024\" height=\"1024\" src=\"https:\/\/cms.aaasec.com.tw\/wp-content\/uploads\/2022\/08\/1110808-OWASP-TOP-10_\u5de5\u4f5c\u5340\u57df-1-1-1024x1024.png\" alt=\"\" class=\"wp-image-699\" srcset=\"https:\/\/cms.aaasec.com.tw\/wp-content\/uploads\/2022\/08\/1110808-OWASP-TOP-10_\u5de5\u4f5c\u5340\u57df-1-1-1024x1024.png 1024w, https:\/\/cms.aaasec.com.tw\/wp-content\/uploads\/2022\/08\/1110808-OWASP-TOP-10_\u5de5\u4f5c\u5340\u57df-1-1-300x300.png 300w, https:\/\/cms.aaasec.com.tw\/wp-content\/uploads\/2022\/08\/1110808-OWASP-TOP-10_\u5de5\u4f5c\u5340\u57df-1-1-150x150.png 150w, https:\/\/cms.aaasec.com.tw\/wp-content\/uploads\/2022\/08\/1110808-OWASP-TOP-10_\u5de5\u4f5c\u5340\u57df-1-1-768x768.png 768w, https:\/\/cms.aaasec.com.tw\/wp-content\/uploads\/2022\/08\/1110808-OWASP-TOP-10_\u5de5\u4f5c\u5340\u57df-1-1-1536x1536.png 1536w, https:\/\/cms.aaasec.com.tw\/wp-content\/uploads\/2022\/08\/1110808-OWASP-TOP-10_\u5de5\u4f5c\u5340\u57df-1-1-2048x2048.png 2048w, https:\/\/cms.aaasec.com.tw\/wp-content\/uploads\/2022\/08\/1110808-OWASP-TOP-10_\u5de5\u4f5c\u5340\u57df-1-1-250x250.png 250w, https:\/\/cms.aaasec.com.tw\/wp-content\/uploads\/2022\/08\/1110808-OWASP-TOP-10_\u5de5\u4f5c\u5340\u57df-1-1-1040x1040.png 1040w, https:\/\/cms.aaasec.com.tw\/wp-content\/uploads\/2022\/08\/1110808-OWASP-TOP-10_\u5de5\u4f5c\u5340\u57df-1-1-640x640.png 640w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<!--more-->\n\n\n\n<p>By Robert\u3001Yun<\/p>\n\n\n\n<p>OWASP\u5168\u540d\u70baThe Open Web Application Security Project\uff08\u958b\u653e\u5f0fWeb\u61c9\u7528\u7a0b\u5f0f\u5b89\u5168\u5c08\u6848\uff09\uff0c\u662f\u4e00\u500b\u81f4\u529b\u65bc\u63d0\u9ad8\u7db2\u7ad9\u61c9\u7528\u5b89\u5168\u7684\u793e\u7fa4\u7d44\u7e54\uff0c\u5176\u5e95\u4e0b\u6709\u975e\u5e38\u591a\u7684\u5c08\u6848\u9805\u76ee\u3002\u7576\u4e2d\u7684OWASP Top 10\u662f\u5176\u4e2d\u4e00\u9805\u77e5\u540d\u7684\u9805\u76ee\uff0c\u5176\u6838\u5fc3\u5167\u5bb9\u70ba\u63d0\u51fa\u5341\u5927\u7db2\u7ad9\u5b89\u5168\u98a8\u96aa\u5f31\u9ede\uff0c\u81f4\u529b\u65bc\u5354\u52a9\u4f01\u696d\u55ae\u4f4d\u6df1\u5165\u77ad\u89e3\u4e26\u6539\u5584\u7db2\u7ad9\u4e0a\u7684\u5b89\u5168\u6027\uff0c\u56e0\u6b64\u8a31\u591a\u653f\u5e9c\u55ae\u4f4d\u3001\u4f01\u696d\u516c\u53f8\u90fd\u6703\u95dc\u6ce8\uff0c\u751a\u81f3\u8996\u70ba\u6307\u6a19\u3002<br>\uff08\u5ef6\u4f38\u95b1\u8b80\uff1a<a rel=\"noreferrer noopener\" href=\"https:\/\/cms.aaasec.com.tw\/index.php\/2019\/09\/17\/z_09\/\" target=\"_blank\">OWASP MOBILE TOP 10 \u57fa\u672c\u4ecb\u7d39<\/a>\uff09<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><strong>\u65b0\u7248\u672c\u7684\u5dee\u7570<\/strong><\/p>\n\n\n\n<p>OWASP Top 10\u7d04\u6bcf3\uff5e4\u5e74\u6703\u66f4\u65b0\u4e26\u516c\u544a\u65b0\u7248\u672c\uff0c\u76ee\u524d\u6700\u65b0\u7248\u672c\u70ba2021\u5e7409\u670824\u65e5\u63a8\u51fa\u3002\u82072017\u5e74\u7684\u7248\u672c\u76f8\u6bd4\uff0c2021\u5e74\u7684\u7248\u672c\u591a\u4e863\u500b\u65b0\u7684\u5f31\u9ede\u985e\u578b\uff0c\u4f462017\u5e74\u7684\u5341\u5927\u5f31\u9ede\u4e26\u6c92\u6709\u88ab\u79fb\u9664\uff0c\u800c\u662f\u8abf\u6574\u4e86\u540d\u7a31\u6216\u8207\u5176\u4ed6\u7684\u5f31\u9ede\u5408\u4f75\u3002<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><strong>OWASP Top 10 2021\u5f31\u9ede\u7c21\u4ecb<\/strong><\/p>\n\n\n\n<p><strong>A01\u3000\u6b0a\u9650\u63a7\u5236\u5931\u6548<\/strong><br>\u6307\u6b0a\u9650\u63a7\u5236\u4e0d\u7576\uff0c\u8b93\u4f7f\u7528\u8005\u57f7\u884c\u9810\u671f\u6b0a\u9650\u5916\u7684\u884c\u70ba\u3002\u6b64\u5f31\u9ede\u901a\u5e38\u5c0e\u81f4\u8cc7\u6599\u5916\u6d29\u3001\u8cc7\u6599\u88ab\u7ac4\u6539\u6216\u640d\u6bc0\u7b49\u3002<\/p>\n\n\n\n<p><strong>A02\u3000\u52a0\u5bc6\u6a5f\u5236\u5931\u6548<\/strong><br>\u91dd\u5c0d\u654f\u611f\u8cc7\u6599\uff0c\u4f7f\u7528\u5f31\u52a0\u5bc6\u6f14\u7b97\u6cd5\u9032\u884c\u52a0\u5bc6\uff0c\u6216\u9032\u884c\u8cc7\u6599\u50b3\u8f38\u6642\u672a\u52a0\u5bc6\u3002\u4f8b\u5982\uff1a\u4ee5\u660e\u6587\u50b3\u8f38\u3001\u4ee5\u660e\u6587\u5132\u5b58\uff0c\u6216\u4f7f\u7528\u5f31\u52a0\u5bc6\u6f14\u7b97\u6cd5\u7d50\u679c\u906d\u5230\u7834\u89e3\u3002<br>\uff08\u5ef6\u4f38\u95b1\u8b80\uff1a<a href=\"https:\/\/cms.aaasec.com.tw\/index.php\/2019\/03\/07\/aaa_k_websiteaddr\/#more-276\" target=\"_blank\" rel=\"noreferrer noopener\">\u7db2\u5740\u5217\u5c0f\u9396\u7684\u610f\u7fa9\uff5c\u4f60\u77e5\u9053\u55ce\uff1f<\/a>\uff09<\/p>\n\n\n\n<p><strong>A03\u3000\u6ce8\u5165\u5f0f\u653b\u64ca<\/strong><br>\u5e38\u898b\u7684\u6ce8\u5165\u5f0f\u653b\u64ca\u5982SQL Injection\u3001Command Injection\u3001Cross Site Scripting\uff08XSS\uff09\u7b49\u3002\u901a\u5e38\u662f\u61c9\u7528\u7a0b\u5f0f\u672a\u9a57\u8b49\u6216\u904e\u6ffe\u4f7f\u7528\u8005\u63d0\u4f9b\u7684\u8cc7\u6599\uff0c\u56e0\u6b64\u88ab\u653b\u64ca\u8005\u6ce8\u5165\u7279\u6b8a\u8a9e\u6cd5\uff0c\u800c\u8a72\u8a9e\u6cd5\u53ef\u88ab\u57f7\u884c\u6216\u89f8\u767c\u3002<br>\uff08\u5ef6\u4f38\u95b1\u8b80\uff1a<a href=\"https:\/\/cms.aaasec.com.tw\/index.php\/2018\/07\/09\/00020\/\">Code Injection Attack \u2013 SQL Injection<\/a>\uff09<br>\uff08\u5ef6\u4f38\u95b1\u8b80\uff1a<a href=\"https:\/\/cms.aaasec.com.tw\/index.php\/2018\/09\/21\/code-injection-attack-cross-site-scripting-attack\/\">Code Injection Attack \u2013 Cross-Site Scripting Attack<\/a>\uff09<\/p>\n\n\n\n<p><strong>A04\u3000\u4e0d\u5b89\u5168\u8a2d\u8a08\uff08\u65b0\uff09<\/strong><br>\u5728\u61c9\u7528\u7a0b\u5f0f\u8a2d\u8a08\u6642\uff0c\u6c92\u6709\u91dd\u5c0d\u8a72\u88ab\u4fdd\u8b77\u7684\u5167\u5bb9\u5be6\u4f5c\u9632\u8b77\u63aa\u65bd\uff0c\u9032\u800c\u88ab\u6709\u5fc3\u4eba\u58eb\u5229\u7528\u3002<\/p>\n\n\n\n<p><strong>A05\u3000\u5b89\u5168\u8a2d\u5b9a\u7f3a\u9677<\/strong><br>\u6307\u7cfb\u7d71\u7ba1\u7406\u6216\u914d\u7f6e\u4e0d\u7576\u5c0e\u81f4\u7684\u5b89\u5168\u6027\u5f31\u9ede\u3002\u4f8b\u5982\uff1a\u555f\u7528\u4e0d\u5fc5\u8981\u7684\u670d\u52d9\u3001\u9801\u9762\u6216\u5e33\u865f\uff0c\u5411\u4f7f\u7528\u8005\u66b4\u9732\u904e\u591a\u7684\u932f\u8aa4\u8cc7\u8a0a\uff0c\u6216\u662f\u56e0\u7cfb\u7d71\u5347\u7d1a\u5c0e\u81f4\u4e0d\u5b89\u5168\u7684\u8a2d\u5b9a\u7b49\u3002<\/p>\n\n\n\n<p><strong>A06\u3000\u5371\u96aa\u6216\u904e\u820a\u7684\u5143\u4ef6<\/strong><br>\u6307\u4f7f\u7528\u5df2\u4e0d\u652f\u63f4\u66f4\u65b0\u6216\u5177\u5df2\u77e5\u5f31\u9ede\u7684\u5143\u4ef6\u3001\u672a\u5b9a\u671f\u57f7\u884c\u6383\u63cf\u53ca\u66f4\u65b0\u3001\uff0c\u6216\u672a\u91dd\u5c0d\u66f4\u65b0\u7684\u7a0b\u5f0f\u505a\u76f8\u5bb9\u6e2c\u8a66\u7b49\uff0c\u53ef\u80fd\u6210\u70ba\u88ab\u60e1\u610f\u5229\u7528\u7684\u6f0f\u6d1e\u3002<\/p>\n\n\n\n<p><strong>A07\u3000\u8a8d\u8b49\u53ca\u9a57\u8b49\u6a5f\u5236\u5931\u6548<\/strong><br>\u6307\u4f7f\u7528\u8005\u7684\u8eab\u5206\u3001\u8a8d\u8b49\u3001session\u7ba1\u7406\u7b49\u5b58\u5728\u6f0f\u6d1e\u3002\u4f8b\u5982\uff1a\u767b\u5165\u53e3\u53ef\u88ab\u66b4\u529b\u7834\u89e3\u6216\u5176\u4ed6\u81ea\u52d5\u5316\u653b\u64ca\uff0c\u4f7f\u7528\u9810\u8a2d\u6216\u5e38\u898b\u7684\u5f31\u5bc6\u78bc\u88ab\u8f15\u6613\u7834\u89e3\u7b49\u3002<br>\uff08\u5ef6\u4f38\u95b1\u8b80\uff1a<a href=\"https:\/\/cms.aaasec.com.tw\/index.php\/2021\/09\/09\/password_cracking_and_defense\/\">\u5bc6\u78bc\u7684\u7834\u89e3\u8207\u9632\u79a6<\/a>\uff09<\/p>\n\n\n\n<p><strong>A08\u3000\u8edf\u9ad4\u53ca\u8cc7\u6599\u5b8c\u6574\u6027\u5931\u6548\uff08\u65b0\uff09<\/strong><br>\u7531\u65bc\u61c9\u7528\u7a0b\u5f0f\u7f3a\u4e4f\u5b8c\u6574\u6027\u9a57\u8b49\u4e4b\u529f\u80fd\uff0c\u5c0e\u81f4\u8cc7\u6599\u88ab\u7ac4\u6539\u3002\u4f8b\u5982\uff1a\u7a0b\u5f0f\u78bc\u906d\u690d\u5165\u60e1\u610f\u7a0b\u5f0f\u78bc\u3001\u63a5\u6536\u4f86\u81ea\u4e0d\u5b89\u5168\u7684\u4f86\u6e90\u4e4b\u8cc7\u6599\u7b49\u3002<\/p>\n\n\n\n<p><strong>A09\u3000\u8cc7\u5b89\u8a18\u9304\u53ca\u76e3\u63a7\u5931\u6548<\/strong><br>\u6307\u61c9\u7a3d\u6838\u7d00\u9304\u7684\u4e8b\u4ef6\u672a\u8a18\u9304\uff0c\u6216\u65bc\u8b66\u544a\u53ca\u932f\u8aa4\u767c\u751f\u6642\uff0c\u672a\u7522\u751f\u660e\u78ba\u7684\u65e5\u8a8c\u7d00\u9304\u7b49\u3002\u53ef\u80fd\u9020\u6210\u5728\u8cc7\u5b89\u4e8b\u4ef6\u767c\u751f\u6642\uff0c\u8b93\u4e8b\u4ef6\u96e3\u4ee5\u88ab\u5bdf\u89ba\u6216\u8abf\u67e5\u3002<\/p>\n\n\n\n<p><strong>A10\u3000\u4f3a\u670d\u7aef\u8acb\u6c42\u507d\u9020\uff08\u65b0\uff09<\/strong><br>\u7576\u7db2\u7ad9\u61c9\u7528\u7a0b\u5f0f\u5728\u53d6\u5f97\u9060\u7aef\u8cc7\u6e90\u6642\uff0c\u672a\u9a57\u8b49\u4f7f\u7528\u8005\u63d0\u4f9b\u7684\u8cc7\u6599\uff0c\u6b64\u6642\u5c31\u6703\u767c\u751f\u507d\u9020\u4f3a\u670d\u7aef\u8acb\u6c42\u3002\u653b\u64ca\u8005\u53ef\u80fd\u5229\u7528\u6b64\u5f31\u9ede\uff0c\u5b58\u53d6\u5167\u90e8\u8cc7\u6599\u6216\u670d\u52d9\u3002<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><strong>\u53c3\u8003\u8cc7\u6599<\/strong><\/p>\n\n\n\n<ol><li><a href=\"https:\/\/owasp.org\/\">OWASP<\/a><\/li><li><a href=\"https:\/\/zh.wikipedia.org\/zh-tw\/OWASP\">OWASP\u7dad\u57fa\u767e\u79d1<\/a><\/li><li><a href=\"https:\/\/owasp.org\/Top10\/\">OWASP TOP 10 2021 \u4ecb\u7d39<\/a><\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[9,6],"tags":[5],"_links":{"self":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts\/696"}],"collection":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/comments?post=696"}],"version-history":[{"count":8,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts\/696\/revisions"}],"predecessor-version":[{"id":755,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/posts\/696\/revisions\/755"}],"wp:attachment":[{"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/media?parent=696"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/categories?post=696"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms.aaasec.com.tw\/index.php\/wp-json\/wp\/v2\/tags?post=696"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}