Peb zoo siab tshaj tawm qhov ntawd AhaSlides tau txais tag nrho cov-encompassing Greybox Pentest tswj los ntawm Viettel Cyber Security. Qhov kev ntsuam xyuas kev ruaj ntseg hauv qhov tob no tau tsom peb ob lub vev xaib hauv online: tus Presenter app (presenter.ahaslides.com) thiab Audience app (viewers.ahaslides.com).
Qhov kev ntsuam xyuas kev ruaj ntseg, uas tau khiav txij lub Kaum Ob Hlis 20 txog rau Lub Kaum Ob Hlis 27, 2023, koom nrog kev soj ntsuam xyuas ntau yam kev ruaj ntseg tsis muaj zog. Pab neeg no los ntawm Viettel Cyber Security tau ua qhov kev soj ntsuam tob tob thiab taw qhia ntau qhov chaw rau kev txhim kho hauv peb lub cev.
Cov Ntsiab Lus Tseem Ceeb:
- Lub Sijhawm Xeem: Kaum Ob Hlis 20-27, 2023
- Scope: Nyob rau hauv-tob tsom xam ntawm ntau yam kev ruaj ntseg tsis muaj zog
- Tshwm sim: AhaSlides dhau qhov kev ntsuam xyuas tom qab hais txog qhov muaj qhov tsis zoo
- Kev cuam tshuam: Txhim kho kev ruaj ntseg thiab kev ntseeg siab rau peb cov neeg siv
Viettel Security's Pentest yog dab tsi?
Ib qho Pentest, luv luv rau Kev Ntsuas Kev Ntsuas, yog qhov tseem ceeb ntawm kev thuam cyberattack ntawm koj lub cev kom pom cov kab laum siv tau. Nyob rau hauv cov ntsiab lus ntawm cov ntawv thov web, Pentest yog qhov kev ntsuam xyuas tag nrho los txheeb xyuas, txheeb xyuas, thiab tshaj tawm txog kev ruaj ntseg tsis zoo hauv daim ntawv thov. Xav tias nws yog qhov kev ntsuam xyuas kev ntxhov siab rau koj lub cev tiv thaiv - nws pom tias qhov twg muaj peev xwm ua txhaum cai tuaj yeem tshwm sim.
Ua los ntawm cov kws tshaj lij ntawm lub caij nyoog ntawm Viettel Cyber Security, tus dev saum toj kawg nkaus hauv qhov chaw cybersecurity, qhov kev sim no yog ib feem ntawm lawv qhov kev pabcuam kev nyab xeeb dav dav. Greybox test methodology siv nyob rau hauv peb qhov kev ntsuam xyuas suav nrog ob qho tib si lub thawv dub thiab lub thawv dawb. Testers muaj qee qhov kev txawj ntse ntawm kev ua haujlwm sab hauv ntawm peb lub platform, ua raws li kev tawm tsam los ntawm hacker uas muaj qee qhov kev cuam tshuam ua ntej nrog lub kaw lus.
Los ntawm kev siv ntau lub ntsej muag ntawm peb lub vev xaib kev tsim kho, los ntawm kev teeb tsa tsis raug ntawm cov servers thiab kev sau ntawv hla mus rau kev lees paub qhov tseeb thiab cov ntaub ntawv rhiab heev, Pentest muab cov duab tiag tiag ntawm kev hem thawj. Nws yog tag nrho, encompassing ntau yam attack vectors, thiab yog ua nyob rau hauv ib tug tswj ib puag ncig kom ntseeg tau tias tsis muaj kev puas tsuaj tiag tiag rau lub tshuab koom nrog.
Daim ntawv tshaj tawm zaum kawg tsis tsuas yog txheeb xyuas qhov tsis zoo xwb tab sis kuj tseem ceeb rau lawv los ntawm qhov hnyav thiab suav nrog cov lus pom zoo los kho lawv. Kev xeem dhau qhov kev ntsuam xyuas dav thiab nruj ua rau pom lub zog ntawm lub koom haum kev ruaj ntseg cybersecurity thiab yog lub hauv paus tsim thaiv kev ntseeg siab hauv lub hnub nyoog digital.
Txheeb xyuas qhov tsis muaj zog thiab kho
Thaum lub sijhawm sim, ntau qhov tsis zoo tau pom, xws li Cross-Site Scripting (XSS) mus rau Broken Access Control (BAC). Txhawm rau kom paub meej, qhov kev sim tsis pom muaj qhov tsis zoo xws li Stored XSS hla ntau yam nta, Insecure Direct Object References (IDOR) hauv Kev nthuav qhia tshem tawm muaj nuj nqi, thiab Kev Tshaj Tawm Tshaj Tawm thoob plaws ntau yam haujlwm.
cov AhaSlides pab pawg tech, ua haujlwm sib koom tes nrog Viettel Cyber Security, tau hais txog txhua yam teeb meem. Kev ntsuas xws li cov ntaub ntawv nkag mus, cov ntaub ntawv tso zis encoding, kev siv cov lus teb tsim nyog headers, thiab kev txais yuav cov ntsiab lus ruaj ntseg (CSP) tau siv los txhawb peb kev tiv thaiv.
AhaSlides Ua tiav qhov Kev Ntsuas Kev Ntsuas los ntawm Viettel Security
Ob daim ntawv thov Presenter thiab cov neeg tuaj saib tau ua tiav qhov kev ntsuam xyuas nkag los ntawm Viettel Security. Qhov kev ntsuam xyuas nruj no qhia txog peb txoj kev mob siab rau kev coj ua kev nyab xeeb thiab kev tiv thaiv tus neeg siv cov ntaub ntawv.
Qhov kev sim, ua thaum lub Kaum Ob Hlis 2023, ua haujlwm Greybox txoj kev, simulating qhov xwm txheej tshwm sim hauv ntiaj teb tiag. Viettel cov kws paub txog kev ruaj ntseg tau soj ntsuam xyuas peb lub platform rau qhov tsis muaj peev xwm, txheeb xyuas thaj chaw rau kev txhim kho.
Cov teeb meem uas tau txheeb xyuas tau hais los ntawm lub AhaSlides pab pawg engineering koom tes nrog Viettel Security. Cov kev ntsuas tau siv suav nrog kev nkag cov ntaub ntawv lim dej, tso tawm cov ntaub ntawv encoding, cov ntsiab lus ruaj ntseg (CSP), thiab cov lus teb tsim nyog los txhawb lub platform ntxiv.
AhaSlides kuj tau nqis peev rau hauv cov cuab yeej saib xyuas qib siab rau kev hem thawj ntawm lub sijhawm tiag tiag thiab teb. Tsis tas li ntawd, peb cov txheej txheem teb qhov xwm txheej tau raug kho kom zoo kom ceev thiab ua tau zoo thaum muaj kev ua txhaum cai ruaj ntseg.
Lub Platform ruaj ntseg thiab ruaj ntseg
Cov neeg siv tuaj yeem ntseeg tau tias lawv cov ntaub ntawv muaj kev tiv thaiv thiab lawv cov kev sib tham sib tham tseem muaj kev nyab xeeb. Nrog rau kev ntsuam xyuas kev ruaj ntseg thiab kev txhim kho tas mus li, peb tau cog lus los tsim lub platform txhim khu kev qha thiab ruaj ntseg rau peb cov neeg siv.