Re thabetse ho phatlalatsa seo AhaSlides e fetisitse Greybox Pentest e akaretsang eohle e tsamaisoang ke Viettel Cyber Security. Tlhahlobo ena e tebileng ea ts'ireletso e shebane le lipolanete tsa rona tse peli tsa marang-rang: Presenter app (presenter.ahaslides.com) le app ea Bamameli (bamameli.ahaslides.com).
Teko ea ts'ireletso, e qalileng ka la 20 Tšitoe ho isa la 27 Tšitoe, 2023, e kenyelelitse tlhahlobo e hlokolosi ea mefokolo e fapaneng ea ts'ireletso. Sehlopha se tsoang Viettel Cyber Security se entse tlhahlobo e tebileng mme sa tšoaea libaka tse 'maloa tse lokelang ho ntlafatsoa ka har'a sistimi ea rona.
Senotlolo Lintlha:
- Nako ea Teko: Tšitoe 20-27, 2023
- Scope: Tlhahlobo e tebileng ea mefokolo e fapaneng e ka bang teng ea ts'ireletso
- sephetho: AhaSlides ba fetile tekong ka mor'a ho sebetsana le bofokoli bo hloailoeng
- Tšusumetso: Tšireletseho e matlafalitsoeng le ho tšepahala ho basebelisi ba rona
Pentest ea Viettel Security ke eng?
Pentest, e khuts'oane bakeng sa Teko ea Penetration, ha e le hantle ke tlhaselo ea cyberattack ho sistimi ea hau ho sibolla likokoana-hloko. Boemong ba lits'ebetso tsa webo, Pentest ke tlhahlobo e felletseng ea ho supa, ho sekaseka, le ho tlaleha ka liphoso tsa ts'ireletso kahare ho kopo. Nahana ka sena e le teko ea khatello ea maikutlo bakeng sa ts'ireletso ea sistimi ea hau - e bonts'a moo litlolo tse ka bang teng li ka bang teng.
E entsoe ke litsebi tse nang le phihlelo ho Viettel Cyber Security, ntja e ka sehloohong sebakeng sa cybersecurity, tlhahlobo ena ke karolo ea setsi sa bona se pharaletseng sa ts'ebeletso ea ts'ireletso. Mokhoa oa tlhahlobo oa Greybox o sebelisitsoeng tlhahlobong ea rona o kenyelletsa likarolo tsa tlhahlobo ea lebokose le letšo le lebokose le lesoeu. Bahlahlobi ba na le bohlale bo itseng mabapi le tšebetso ea ka hare ea sethala sa rona, ba etsisa tlhaselo ea senokoane se nang le tšebelisano pele le sistimi.
Ka ho sebelisa hampe likarolo tse fapaneng tsa lits'ebetso tsa marang-rang, ho tloha ho litlhophiso tse fosahetseng tsa li-server le ho ngola libakeng tse fapaneng ho isa ho netefatso e robehileng le ho pepeseha ha data, Pentest e fana ka setšoantšo sa 'nete sa litšokelo tse ka bang teng. E nepahetse, e kenyelletsa li-vector tse fapaneng tsa tlhaselo, 'me e etsoa sebakeng se laoloang ho netefatsa hore ha ho na kotsi ea 'nete ho litsamaiso tse amehang.
Tlaleho ea ho qetela ha e khetholle feela bofokoli empa hape e bo etelletsa pele ka ho teba ebile e kenyelletsa likhothaletso tsa ho li lokisa. Ho feta tekong e felletseng le e matla hakana ho totobatsa matla a ts'ireletso ea marang-rang ea mokhatlo mme ke motheo oa motheo oa ho tšepa mehla ea dijithale.
Mefokolo le Litokiso tse Khethiloeng
Nakong ea teko, ho ile ha fumanoa likotsi tse 'maloa, ho tloha ho Cross-Site Scripting (XSS) ho ea ho Broken Access Control (BAC). Ho bua ka ho hlaka, teko e ile ea senola bofokoli bo kang Beketsoe XSS likarolong tse ngata, Insecure Direct Object References (IDOR) ts'ebetsong ea ho hlakola Presentation, le Privilege Escalation mesebetsing e fapaneng.
The AhaSlides sehlopha sa theknoloji, se sebetsanang ka matsoho le Viettel Cyber Security, se rarolla mathata ohle a khethiloeng. Mehato e kang ho sefa lintlha tse kentsoeng, khouto ea tlhahiso ea data, tšebeliso ea lihlooho tse nepahetseng tsa karabo, le ho amoheloa ha Leano le matla la Ts'ireletso ea Content (CSP) e kentsoe tšebetsong ho matlafatsa ts'ireletso ea rona.
AhaSlides E atlehile ho Fetola Teko ea ho Kena ka Viettel Security
Likopo tse peli tsa Presenter le Audience li atlehile ho feta tlhahlobo e felletseng ea ho kenella e entsoeng ke Viettel Security. Tlhahlobo ena e matla e totobatsa boitlamo ba rona ba mekhoa e matla ea ts'ireletso le ts'ireletso ea data ea basebelisi.
Teko, e entsoeng ka Tšitoe 2023, e sebelisitse mokhoa oa Greybox, o etsisang boemo ba tlhaselo ea 'nete lefatšeng. Litsebi tsa ts'ireletso tsa Viettel li hlahlobile sethala sa rona ka hloko bakeng sa bofokoli, tsa supa libaka tseo re lokelang ho li ntlafatsa.
Bofokoli bo khethiloeng bo ile ba rarolloa ke ba AhaSlides sehlopha sa boenjiniere se sebelisana le Viettel Security. Mehato e kentsoeng ts'ebetsong e kenyelletsa ho sefa data ea ho kenya, khouto ea data e hlahisoang, Leano le matla la Ts'ireletso ea Content (CSP), le lihlooho tse nepahetseng tsa karabelo ho matlafatsa sethala.
AhaSlides e boetse e tsetetse lisebelisoa tse tsoetseng pele tsa ho beha leihlo bakeng sa ho lemoha le ho arabela ka nako ea sebele. Ho feta moo, liprothokholo tsa rona tsa karabelo ea liketsahalo li ntlafalitsoe ho netefatsa ts'ebetso e potlakileng le e sebetsang ha ho ka ba le tlolo ea ts'ireletso.
Sethala se Sireletsehileng le se Sirelelitsoeng
Basebelisi ba ka ba le ts'epo ea hore data ea bona e sirelelitsoe mme liphihlelo tsa bona tse sebetsanang li lula li bolokehile. Ka tlhahlobo e tsoelang pele ea ts'ireletso le ntlafatso e tsoelang pele, re ikemiselitse ho aha sethala se tšepahalang le se sireletsehileng bakeng sa basebelisi ba rona.