AhaSlides Wapambana Mayeso olowera a Viettel Cyber ​​​​Security

zolengeza

AhaSlides Team 05 December, 2024 4 kuwerenga

satifiketi yoyeserera kulowa kwa viettel ya ma ahaslides

Ndife okondwa kulengeza zimenezo AhaSlides yakwaniritsa zonse za Greybox Pentest zoyendetsedwa ndi Viettel Cyber ​​Security. Kuwunika mozama kwachitetezoku kunayang'ana nsanja zathu ziwiri zapaintaneti: pulogalamu ya Presenter (presenter.ahaslides.com) ndi pulogalamu ya Omvera (omvera.ahaslides.com).

Kuyesa kwachitetezo, komwe kudayamba pa Disembala 20 mpaka Disembala 27, 2023, kudakhudza kufufuza mosamala zofooka zosiyanasiyana zachitetezo. Gulu lochokera ku Viettel Cyber ​​​​Security lidaunika mozama ndikuyika madera angapo kuti asinthe machitidwe athu.

Mfundo Zothandiza:

  • Nthawi Yoyeserera: Disembala 20-27, 2023
  • Kuchuluka: Kusanthula mozama za zofooka zosiyanasiyana zachitetezo zomwe zingachitike
  • Zotsatira: AhaSlides adapambana mayeso atatha kuthana ndi zovuta zomwe zadziwika
  • Zotsatira: Kupititsa patsogolo chitetezo ndi kudalirika kwa ogwiritsa ntchito

Kodi Pentest ya Viettel Security ndi chiyani?

Pentest, yachidule ya Mayeso Olowera, kwenikweni ndi chiwonongeko chapakompyuta pamakina anu kuti muvumbulutse nsikidzi zomwe zingagwiritsidwe ntchito. Pankhani yakugwiritsa ntchito pa intaneti, Pentest ndikuwunika kokwanira kuti muwone, kusanthula, ndikuwonetsa zolakwika zomwe zili mkati mwa pulogalamuyo. Ganizirani izi ngati kuyesa kupsinjika kwa chitetezo cha dongosolo lanu - zikuwonetsa komwe kuphwanya kungachitike.

Kuyesedwa ndi akatswiri odziwa ntchito ku Viettel Cyber ​​​​Security, galu wapamwamba kwambiri pachitetezo cha cybersecurity, mayesowa ndi gawo lachitetezo chawo chokwanira. Njira yoyesera ya Greybox yomwe imagwiritsidwa ntchito pakuwunika kwathu imaphatikizanso zinthu zonse za bokosi lakuda komanso kuyesa kwa bokosi loyera. Oyesa ali ndi chidwi ndi momwe amagwirira ntchito papulatifomu yathu, kutengera kuwukira kwa wowononga yemwe adalumikizana ndi dongosololi.

Mwa kugwiritsa ntchito mwadongosolo mbali zosiyanasiyana zamawebusayiti athu, kuchokera pakusintha kolakwika kwa seva ndi zolemba zapamalo osiyanasiyana mpaka kutsimikizika kolakwika komanso kuwonekera kwachinsinsi, Pentest imapereka chithunzi chenicheni cha ziwopsezo zomwe zingachitike. Ndikokwanira, kuphatikiza ma vector osiyanasiyana owukira, ndipo imayendetsedwa m'malo olamulidwa kuti zitsimikizire kuti palibe vuto lililonse pamakina omwe akukhudzidwa.

Lipoti lomaliza silimangotchula zofooka zokha, komanso limaika patsogolo mozama komanso limaphatikizapo malingaliro okonza. Kupambana mayeso athunthu komanso okhwima ngati awa kumatsimikizira kulimba kwachitetezo cha pa intaneti cha bungwe ndipo ndichinthu chofunikira kwambiri chokhulupirira m'badwo wa digito.

Zofooka Zodziwika ndi Zokonza

Mugawo loyesa, zofooka zingapo zidapezeka, kuyambira pa Cross-Site Scripting (XSS) kupita ku Broken Access Control (BAC). Kunena zachindunji, mayesowo adavumbulutsa zovuta monga Kusungidwa kwa XSS pazinthu zingapo, Insecure Direct Object References (IDOR) mu ntchito yochotsa Presentation, ndi Privilege Escalation pazinthu zosiyanasiyana.

The AhaSlides gulu laukadaulo, lomwe likugwira ntchito limodzi ndi Viettel Cyber ​​Security, lathana ndi zovuta zonse zomwe zadziwika. Njira monga kusefa zolowetsamo, kusungitsa deta, kugwiritsa ntchito mitu yoyankhira yoyenera, ndi kukhazikitsidwa kwa Policy Contest Security Policy (CSP) zakhazikitsidwa pofuna kulimbikitsa chitetezo chathu.

AhaSlides Anapambana Mayeso Olowera ndi Viettel Security

Mapulogalamu onse a Presenter ndi Audience adapambana mayeso olowera omwe amachitidwa ndi Viettel Security. Kuwunika kozamaku kumatsimikizira kudzipereka kwathu pachitetezo champhamvu komanso chitetezo cha ogwiritsa ntchito.

Mayesowa, omwe adachitika mu Disembala 2023, adagwiritsa ntchito njira ya Greybox, kutengera zomwe zikuchitika padziko lonse lapansi. Akatswiri achitetezo aku Viettel adawunika mosamalitsa nsanja yathu kuti ikhale pachiwopsezo, ndikuzindikira madera oyenera kukonza.

Zowopsa zomwe zadziwika zidayankhidwa ndi a AhaSlides gulu la engineering mogwirizana ndi Viettel Security. Njira zomwe zakhazikitsidwa zikuphatikiza kusefa kwa data, kusungitsa deta, ndondomeko yolimba ya Content Security Policy (CSP), ndi mitu yoyenera kuyankha kuti mulimbikitse nsanja.

AhaSlides waikanso ndalama m'zida zowunikira zowunikira zenizeni zenizeni zenizeni komanso kuyankha. Kuphatikiza apo, ndondomeko zathu zoyankhira zochitika zakonzedwanso kuti zitsimikizire kuchitapo kanthu mwachangu komanso moyenera pakagwa chitetezo.

Pulatifomu Yotetezedwa Ndi Yotetezedwa

Ogwiritsa ntchito akhoza kukhala ndi chidaliro kuti deta yawo ndi yotetezedwa ndipo zochitika zawo zoyankhulana zimakhala zotetezeka. Ndi kuwunika kosalekeza kwachitetezo ndikuwongolera mosalekeza, tadzipereka kumanga nsanja yodalirika komanso yotetezeka kwa ogwiritsa ntchito.