AhaSlides Akapfuura Viettel Cyber ​​​​Security's Penetration Test

zviziviso

AhaSlides chikwata 05 Zvita, 2024 4 min kuverenga

viettel penetration test certificate yeahaslides

Tinofara kuzivisa izvozvo AhaSlides yakawedzera iyo-inotenderedza Greybox Pentest inotungamirwa neViettel Cyber ​​​​Security. Iyi yekuongorora yakadzama yekuchengetedza yakanangana edu maviri epamhepo mapuratifomu: iyo Presenter app (presenter.ahaslides.com) uye Audience app (vateereri.ahaslides.com).

Muedzo wekuchengetedza, wakatanga kubva Zvita 20 kusvika Zvita 27, 2023, waisanganisira kuferefeta kwakasiyana-siyana kwekuchengetedza. Chikwata kubva kuViettel Cyber ​​​​Security yakaita ongororo yakadzama uye yakamaka nzvimbo dzinoverengeka dzekuvandudza mukati mehurongwa hwedu.

Zvinonyanya kukosha:

  • Nguva Yekuedza: Zvita 20-27, 2023
  • Scope: Kuongorora kwakadzama kweakasiyana-siyana angangoita kusasimba kwekuchengetedza
  • Mhinduro: AhaSlides vakapasa bvunzo mushure mekutarisa kusagadzikana kwakaonekwa
  • Impact: Kuwedzeredzwa kuchengetedzeka uye kuvimbika kune vashandisi vedu

Chii chinonzi Viettel Security's Pentest?

Pentest, ipfupi yePenetration Test, inyaya yekusekesa cyberattack pane yako system kufumura tsikidzi dzinogona kushandiswa. Mumamiriro ezvinhu ewebhu maapplication, Pentest inziyo inoperera yekunongedza, kuongorora, uye kushuma pamusoro pezvikanganiso zvekuchengetedza mukati mekushandisa. Funga nezvayo seyedzo yekushushikana yekudzivirira kwehurongwa hwako - inoratidza panogona kuitika kukanganisa.

Inoitiswa nenyanzvi dzine ruzivo kuViettel Cyber ​​​​Security, imbwa yepamusoro munzvimbo yecybersecurity, bvunzo iyi chikamu cheyavo yakakura yekuchengetedza sevhisi. Iyo Greybox yekuyedza nzira inoshandiswa mukuongorora kwedu inosanganisira zvinhu zveese dema bhokisi uye chena bhokisi kuyedzwa. Matesta ane hungwaru pakushanda kwemukati kwepuratifomu yedu, kutevedzera kurwiswa kweanobira ane kumwe kupindirana kwekutanga nehurongwa.

Nekushandisa zvine hungwaru zvinhu zvakasiyana-siyana zvemawebhusaiti edu, kubva pakusarongeka kwesevha uye kuyambuka-saiti scripting kusvika kune yakaputsika yechokwadi uye inonzwisisika data kuratidzwa, Pentest inopa mufananidzo chaiwo wekutyisidzira kungangoitika. Iyo yakakwana, inosanganisira akasiyana mavector ekurwisa, uye inoitwa munzvimbo inodzorwa kuti ive nechokwadi chekuti hapana kukuvadza chaiko kune masisitimu anobatanidzwa.

Chirevo chekupedzisira hachingoratidzi kusasimba chete asi chinozvikoshesa nekuomarara uye chinosanganisira kurudziro yekuzvigadzirisa. Kupasa bvunzo yakazara uye yakaoma kudaro kunosimbisa kusimba kwesangano cybersecurity uye chinhu chakakosha chivakwa chekuvimba muzera redhijitari.

Kuzivikanwa Utera uye Kugadziriswa

Munguva yechikamu chekuyedza, kusadzivirirwa kwakawanda kwakawanikwa, kubva kuCross-Site Scripting (XSS) kuenda kuBroken Access Control (BAC) nyaya. Kunyatsotaura, bvunzo yakafumura kusasimba seyakachengetwa XSS pane akawanda maficha, Insecure Direct Object References (IDOR) muPresentation deletion function, uye Ropafadzo Escalation pane akasiyana mashandiro.

The AhaSlides tech timu, ichishanda ruoko-in-ruoko neViettel Cyber ​​​​Security, yagadzirisa nyaya dzese dzakaonekwa. Matanho akaita sesefa yedata rekuisa, kuburitsa data encoding, kushandisa misoro yemhinduro yakakodzera, uye kutorwa kweConstitutional Security Policy yakasimba (CSP) yakaitwa kusimbisa dziviriro yedu.

AhaSlides Yakabudirira Kupfuura Muedzo Wekupinda neViettel Security

Zvese zviri zviviri Presenter uye Vateereri zvikumbiro zvakabudirira kupasa bvunzo yakazara yekupinda inoitiswa neViettel Security. Uku kuongorora kwakasimba kunosimbisa kuzvipira kwedu kune yakasimba kuchengetedza maitiro uye mushandisi kuchengetedza data.

Muedzo, wakaitwa muna Zvita 2023, wakashandisa nzira yeGreybox, kutevedzera mamiriro ekurwisa kwepasirese. Nyanzvi dzekuchengetedza yeViettel dzakanyatsoongorora chikuva chedu chekusagadzikana, vachiona nzvimbo dzekuvandudza.

Izvo zvisizvo zvakaonekwa zvakagadziriswa ne AhaSlides Injiniya timu yakabatana neViettel Security. Matanho akaitwa anosanganisira kusefa data, kubuda data encoding, yakasimba Content Security Policy (CSP), uye yakakodzera misoro yemhinduro kuti uwedzere kusimbisa chikuva.

AhaSlides yakaisawo mari mumaturusi epamusoro ekutarisisa ekuona-nguva chaiyo yekutyisidzira uye mhinduro. Pamusoro pezvo, mapuroteni edu ekupindura chiitiko akakwenenzverwa kuti ave nechokwadi chekukurumidza uye chinoshanda chiitiko kana pakatyorwa kuchengetedza.

Yakachengeteka uye Yakachengetedzwa Platform

Vashandisi vanogona kuva nechivimbo chekuti data ravo rakachengetedzwa uye zviitiko zvavo zvekudyidzana zvinoramba zvakachengeteka. Nekuenderera mberi kwekuongorora kuchengetedza uye kuenderera mberi kwekuvandudza, isu takazvipira kuvaka yakavimbika uye yakachengeteka chikuva chevashandisi vedu.