AhaSlides Yakapfuura Viettel Cyber ​​​​Security Yekupinda Muedzo

zviziviso

AhaSlides Chikwata 30 August, 2024 4 min kuverenga

ahaslides akapasa bvunzo yekupinda

Isu tinofara kuzivisa kuti AhaSlides yatora iyo-inotenderedza Greybox Pentest inotungamirwa neViettel Cyber ​​​​Security. Iyi yekuongorora yakadzama yekuchengetedza yakanangana edu maviri epamhepo mapuratifomu: iyo Presenter app (presenter.ahaslides.com) uye Audience app (vateereri.ahaslides.com).

Muedzo wekuchengetedza, wakatanga kubva Zvita 20 kusvika Zvita 27, 2023, waisanganisira kuferefeta kwakasiyana-siyana kwekuchengetedza. Chikwata kubva kuViettel Cyber ​​​​Security yakaita ongororo yakadzama uye yakamaka nzvimbo dzinoverengeka dzekuvandudza mukati mehurongwa hwedu.

Zvinonyanya kukosha:

  • Nguva Yekuedza: Zvita 20-27, 2023
  • Scope: Kuongorora kwakadzama kweakasiyana-siyana angangoita kusasimba kwekuchengetedza
  • Mhedzisiro: AhaSlides yakapasa bvunzo mushure mekutarisa kusazvibata kwakaonekwa
  • Impact: Kuwedzeredzwa kuchengetedzeka uye kuvimbika kune vashandisi vedu

Chii chinonzi Viettel Security's Pentest?

Pentest, ipfupi yePenetration Test, inyaya yekusekesa cyberattack pane yako system kufumura tsikidzi dzinogona kushandiswa. Mumamiriro ezvinhu ewebhu maapplication, Pentest inziyo inoperera yekunongedza, kuongorora, uye kushuma pamusoro pezvikanganiso zvekuchengetedza mukati mekushandisa. Funga nezvayo seyedzo yekushushikana yekudzivirira kwehurongwa hwako - inoratidza panogona kuitika kukanganisa.

Inoitiswa nenyanzvi dzine ruzivo kuViettel Cyber ​​​​Security, imbwa yepamusoro munzvimbo yecybersecurity, bvunzo iyi chikamu cheyavo yakakura yekuchengetedza sevhisi. Iyo Greybox yekuyedza nzira inoshandiswa mukuongorora kwedu inosanganisira zvinhu zveese dema bhokisi uye chena bhokisi kuyedzwa. Matesta ane hungwaru pakushanda kwemukati kwepuratifomu yedu, kutevedzera kurwiswa kweanobira ane kumwe kupindirana kwekutanga nehurongwa.

Nekushandisa zvine hungwaru zvinhu zvakasiyana-siyana zvemawebhusaiti edu, kubva pakusarongeka kwesevha uye kuyambuka-saiti scripting kusvika kune yakaputsika yechokwadi uye inonzwisisika data kuratidzwa, Pentest inopa mufananidzo chaiwo wekutyisidzira kungangoitika. Iyo yakakwana, inosanganisira akasiyana mavector ekurwisa, uye inoitwa munzvimbo inodzorwa kuti ive nechokwadi chekuti hapana kukuvadza chaiko kune masisitimu anobatanidzwa.

Chirevo chekupedzisira hachingoratidzi kusasimba chete asi chinozvikoshesa nekuomarara uye chinosanganisira kurudziro yekuzvigadzirisa. Kupasa bvunzo yakazara uye yakaoma kudaro kunosimbisa kusimba kwesangano cybersecurity uye chinhu chakakosha chivakwa chekuvimba muzera redhijitari.

Kuzivikanwa Utera uye Kugadziriswa

Munguva yechikamu chekuyedza, kusadzivirirwa kwakawanda kwakawanikwa, kubva kuCross-Site Scripting (XSS) kuenda kuBroken Access Control (BAC) nyaya. Kunyatsotaura, bvunzo yakafumura kusasimba seyakachengetwa XSS pane akawanda maficha, Insecure Direct Object References (IDOR) muPresentation deletion function, uye Ropafadzo Escalation pane akasiyana mashandiro.

Iyo AhaSlides tech timu, ichishanda ruoko-in-ruoko neViettel Cyber ​​​​Security, yagadzirisa nyaya dzese dzakaonekwa.. Matanho akaita sesefa yedata rekuisa, kuburitsa data encoding, kushandisa misoro yemhinduro yakakodzera, uye kutorwa kweConstitutional Security Policy yakasimba (CSP) yakaitwa kusimbisa dziviriro yedu.

AhaSlides Yakabudirira Kupfuura Muedzo Wekupinda neViettel Security

Zvese zviri zviviri Presenter uye Vateereri zvikumbiro zvakabudirira kupasa bvunzo yakazara yekupinda inoitiswa neViettel Security. Uku kuongorora kwakasimba kunosimbisa kuzvipira kwedu kune yakasimba kuchengetedza maitiro uye mushandisi kuchengetedza data.

Muedzo, wakaitwa muna Zvita 2023, wakashandisa nzira yeGreybox, kutevedzera mamiriro ekurwisa kwepasirese. Nyanzvi dzekuchengetedza yeViettel dzakanyatsoongorora chikuva chedu chekusagadzikana, vachiona nzvimbo dzekuvandudza.

Kusagadzikana kwakaonekwa kwakagadziriswa neAhaSlides engineering timu yakabatana neViettel Security. Matanho akaitwa anosanganisira kusefa data, kubuda data encoding, yakasimba Content Security Policy (CSP), uye yakakodzera misoro yemhinduro kuti uwedzere kusimbisa chikuva.

AhaSlides yakaisawo mari mumaturusi epamusoro ekutarisa ekuona-nguva chaiyo yekutyisidzira uye mhinduro. Pamusoro pezvo, mapuroteni edu ekupindura chiitiko akakwenenzverwa kuti ave nechokwadi chekukurumidza uye chinoshanda chiitiko kana pakatyorwa kuchengetedza.

Yakachengeteka uye Yakachengetedzwa Platform

Vashandisi vanogona kuva nechivimbo chekuti data ravo rakachengetedzwa uye zviitiko zvavo zvekudyidzana zvinoramba zvakachengeteka. Nekuenderera mberi kwekuongorora kuchengetedza uye kuenderera mberi kwekuvandudza, isu takazvipira kuvaka yakavimbika uye yakachengeteka chikuva chevashandisi vedu.

Tags:
AhaSlides Chikwata

AhaSlides Team

Tinodiwa nevashandisi vane mamirioni maviri pasi rese, isu tiri boka revadzidzisi, mabhizinesi, uye vanofarira tekinoroji vakazvipira kuita mharidzo yako kwete kungodzidzisa, asi isingakanganwike.

Mazano ekuita nePolls & Trivia

nyanzvi yepepanhau
👏 Maita basa nekunyoresa!

Zvimwe kubva kuAhaSlides

AhaSlides muna 2022 - Dzokorora zvedu Zvinyowani Zvimiro!

zviziviso

AhaSlides muna 2022 - Dzokorora zvedu Zvinyowani Zvimiro!
AhaSlides yeUkraine

zviziviso

AhaSlides yeUkraine
Hopin x AhaSlides: Kubatanidzwa Kutsva kweZviitiko Zvinoshanda

zviziviso

Hopin x AhaSlides: Kubatanidzwa Kutsva kweZviitiko Zvinoshanda
Vanhu veAhaSlides | Kusvika pakuziva Lawrence Haywood

zviziviso

Vanhu veAhaSlides | Kusvika pakuziva Lawrence Haywood
AhaSlides 'Yese-Nyowani Branding

zviziviso

AhaSlides 'Yese-Nyowani Branding
NTU Alumni Batanidza uye Bata paDunhu Musangano neAhaSlides

zviziviso

NTU Alumni Batanidza uye Bata paDunhu Musangano neAhaSlides
AhaSlides kuHR Tech Mutambo Asia 2024

zviziviso

AhaSlides kuHR Tech Mutambo Asia 2024
AhaSlides x Zoom Kubatanidzwa: Iyo Dynamic Duo Iwe Unoda Kunakidzwa Kunopindirana Mharidzo.

zviziviso

AhaSlides x Zoom Kubatanidzwa: Iyo Dynamic Duo Iwe Unoda Kunakidzwa Kunopindirana Mharidzo.