Taiwan

norton antivirus product key hack apartheid of south africa nortun antivirus pc cillin antivirus updates african goddesses.com how to remove symantec antivirus asian pacific islander history asiatique teen auto air conditioning vent pipe africa fauna avg6.0 antivirus south africa rugby team nickname panda antivirus platinum 7 crack antivirus realtime protection failed to load american asian poem hustler asian fever http commonwealth bank australia london cricket score england v south africa sure trace asia wholesale aftermarket auto body part panda titanium 2006 antivirus crack south germany africa and travel wellington golf club south africa jazz age for african american artists african influence on music south africa tourist office london map asia human in management resource 2005 budget speech south africa australian cattle hound home automation blue tooth auto upholstery in az manually uninstall symantec antivirus corporate 9 african grey parrot cage 1570711429 amazon.com asian exec obidos antivirus software for pc business software alliance australia cnc swiss automatic machining african american woman model australian female hot model arab caucasian not avg antivirus 7.0 download australian humour audi a4 auto part webmap asian ts preview top

æ­¡è¿å å¥OWASPå°ç£åæï¼ãç¶²ç«å®å¨çç¬¬ä¸æ­¥ï¼å¾å å¥OWASPå°ç£åæéå§ãã

Taiwan

å°ç£åææé·[mailto:wayne@owasp.org.tw é»èæåçï¼Wayne Huangï¼]æ¨åæå·¥ä½åä»è¡·å¿è¯å®æ¨çåèï¼ä¸ç®¡æ¨å¨ä½èï¼çè³æ¨åæ¾çä¸ç¶²è·¯è¶³è·¡æ¼å°ç£ï¼æè¬æ¨é¡æè·å¤§å®¶ä¸èµ·åäº«ï¼è®æåç¨æ´å¤ä¸åçè§åº¦ä¾æª¢è¦Webå®å¨çè¶¨å¢ãå¨èãåé¡èè§£æ±ºæ¹æ¡ã

ç¬¬ä¸å±OWASPå®æ¹äºæ´²å¹´æ(OWASP Asia 2007)
Security 3.0 in Web 2.0 Age â Practices and Challenges of Web 2.0 Security

[OWASP_AppSec_Asia_2007 http://www.owasp.org/images/f/f7/Owasp_taiwan_2007small.png]

Whitehat Securityãç¾åéé(American Express)ãé¿ç¢¼ç§æ(Armorize)ãQualysç­è·¨åä¼æ¥­èè³å®å¬å¸çé«éä¸»ç®¡èé¦å¸­ç ç©¶å¡é½èå°ç£ï¼æ¨ç¥éä»åå¦ä½çå¾Web 2.0æä»£ä¹ Security 3.0åï¼å°å°ç£èå¨ççå«ææ¯ä»éº¼ï¼ææ¿åºãä¼æ¥­èä¸è¬ä½¿ç¨èåè©²å¦ä½å æï¼å¾ä¸é¢éäº2007å¹´çè³å®çå¤§æ°èï¼éé²èææ¨£çè¨æ¯ï¼ ç¬¬ä¸å±OWASPå®æ¹äºæ´²å¹´æå°æ¼9æ27æ¥(é±å)ä¸å1é»æ¼å°å¤§é«é¢åéæè­°ä¸­å¿201å®¤(å°åå¸ä¸­æ­£åå¾å·è·¯äºè)'''èè¾¦ï¼æ­¡è¿æ¨ä¾å±è¥çèï¼æ»¿è¼èæ­¸!éææ´å¤...
 * 5æ11æ¥èµ·ï¼Googleéå§ç£æ§é­é§­ç¶²ç«ï¼ä¸¦è²¼ä¸å±éªç¶²ç«ä¹æ¨ç±¤!
 * 5æ15æ¥æOWASPå¬ä½2007å¹´ææ°çåå¤§Webå¼±é»ï¼è·¨ç«è³æ¬æ»æ(XSS)ç»ä¸æ¦é¦!
 * 6æ6æ¥IBMè³¼ä½µWatchfireï¼HPé¨å³æ¼6æ19æ¥è³¼ä½µSPI Dynamics!èåå­çCenzicä»¥æ»²éæ¸¬è©¦æè¡æ¼6æ18æ¥ç²å¾ç¾åå°å©!
 * Web 2.0çè³å®å¨èï¼å æä¹éï¼Security 3.0ï¼æåçå¯¦åæ¡ä¾ï¼

ç¬¬ä¸å±å°ç£é§­å®¢å¹´æ(HIT 2007)
ç¬¬ä¸å±å°ç£é§­å®¢å¹´æ(HIT 2007)å·²æ¼2007å¹´7æ21æ¥(é±å­)è³22æ¥(é±æ¥)å¨åç«èºç£ç§æå¤§å­¸å¬é¤¨æ ¡ååæ»¿è½å¹ï¼æ´»åçæ³ç©ºåï¼è©³æè«è¦ HIT 2007 å®æ¹ç¶²ç«: http://www.owasp.org/images/b/b5/Owasp_taiwan_HIT-linkLOGO.gif http://hitcon.org

æ­¡è¿æ¨çåè
å å¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨ï¼æå¡è³æ ¼å®å¨éæ¾çµ¦ä»»ä½å°æ¼æç¨ç¨å¼å®å¨æèè¶£çäººå£«ï¼ æåé¼åµæå¡æ¼OWASPå°ç£åæåäº«ä»åçç¥è­ä¸¦æä¾å°é¡æ¼è¬ï¼ èå¨å å¥æå¡åï¼è«æ¨ä»ç´°é±è®åææå¡æåã è¥è¦å å¥æ¬åæçmailing listï¼è«é£çµå°mailing listç¶²é ï¼ ææçæ´»åè¨è«èæ´»åå°é»å°éééåæ¸å®ä¾è¨è«ï¼ æ¨ä¹å¯ä»¥å¾email è¨è«åä»½ä¸­æ¾å°æåä¹åè¨è«çåä»½ã æå¾æéæ¨ï¼åå æ´»ååï¼è«åæ¬¡æª¢æ¥æ¨mailing listçä¿¡ä»¶ä»¥ç¢ºå®æ´»åå°é»èæéï¼ææ¯ä»»ä½æéæ´»åè¨éçäºé ã

æéOWASP (About OWASP)
OWASP(éæ¾Webè»é«å®å¨è¨ç« - Open Web Application Security Project)æ¯ä¸åéæ¾ç¤¾ç¾¤ãéçå©æ§çµç¹ï¼ç®åå¨çæ82ååæè¿è¬åæå¡ï¼å¶ä¸»è¦ç®æ¨æ¯ç è­°åå©è§£æ±ºWebè»é«å®å¨ä¹æ¨æºãå·¥å·èæè¡æä»¶ï¼é·æè´åæ¼åå©æ¿åºæä¼æ¥­ç­è§£ä¸¦æ¹åç¶²é æç¨ç¨å¼èç¶²é æåçå®å¨æ§ãç±æ¼æç¨ç¯åæ¥å»£ï¼ç¶²é æç¨å®å¨å·²ç¶éæ¼¸çåå°éè¦ï¼ä¸¦æ¼¸æ¼¸æçºå¨å®å¨é åçä¸åç±éè©±é¡ï¼å¨æ­¤åæï¼é§­å®¢åä¹ææçå°ç¦é»è½ç§»å°ç¶²é æç¨ç¨å¼éç¼æææç¢ççå¼±é»ä¾é²è¡æ»æèç ´å£ã

ç¾åè¯é¦è²¿æå§å¡æ(FTC)å¼·çå»ºè­°ææä¼æ¥­ééµå¾ªOWASPæç¼ä½çåå¤§Webå¼±é»é²è­·å®åãç¾ååé²é¨äº¦åçºæä½³å¯¦åï¼åéä¿¡ç¨å¡è³æå®å¨æè¡PCIæ¨æºæ´å°å¶åçºå¿è¦åä»¶ãç®åOWASPæ30å¤åé²è¡ä¸­çè¨ç«ï¼åæ¬æç¥åçOWASP Top 10(åå¤§Webå¼±é»)ãWebGoat(ä»£ç½ªç¾ç¾)ç·´ç¿å¹³å°ãå®å¨PHP/Java/ASP.Netç­è¨ç«ï¼éå°ä¸åçè»é«å®å¨åé¡å¨é²è¡è¨è«èç ç©¶ã

ç¶è²´å®ä½æ±ºå®éæ¾ç¶²é æåæï¼å°±å¿é è®ä¾èªæ¼å¨ççç¶²é è«æ±é²å¥å®ä½å§é¨çç¶²é ä¼ºæå¨ãé§­å®¢å¯ä»¥èç±é±èå¨åæ³çç¶²é è«æ±å§ï¼ééé²ç«çãå¥ä¾µåµæ¸¬ç³»çµ±æå¶ä»é²ç¦¦ç³»çµ±çåµæ¸¬ï¼å èçä¹çé²å¥å®ä½å§é¨æèç±å®ä½ç¶²ç«åç¶è·³æ¿èä¸­ç¹¼ç«èåå¶ä»åå®³èç¼åæ»æãéæå³èä¼æ¥­çç¶²é ç¨å¼ç¢¼ä¹å¿é æçºæ©é(æ§)å®ä½å¨éçå®å¨é²è­·ä¹ä¸ï¼ç¶å®ä½ç¶²é æåçè¦æ¨¡èè¤éæ§å¢å æï¼å®ä½æ´é²æ¼å¤çé¢¨éªä¹éæ¼¸å¢å ã

OWASP å°ç£åæ (OWASP Taiwan Chapter)

 * ç¶²é :http://www.owasp.org.tw
 * é»éµ:info@owasp.org.tw
 * ç¾¤çµ:owasp-taiwan@lists.owasp.org
 * ä½å:å°åå¸115åæ¸¯åä¸éè·¯19-13è(åæ¸¯è»é«åå)Eæ£5æ¨554å®¤

Chapter meetings are held several times a year, typically in the offices of our sponsor.

Please subscribe to the mailing list for meeting announcements.

åè²»å å¥OWASPå°ç£åæ


å å¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨ å å¥æå¡æ¹æ³è«è¦æ¬é ä¸æ¹ å¦ä½å å¥æå¡

å å¥OWASPå°ç£åæä¸éä»»ä½è²»ç¨ï¼æå¡è³æ ¼å®å¨éæ¾çµ¦ä»»ä½å°æ¼æç¨ç¨å¼å®å¨æèè¶£çäººå£«ï¼ æåé¼åµæå¡æ¼OWASPå°ç£åæåäº«ä»åçç¥è­ä¸¦æä¾å°é¡æ¼è¬ï¼ èå¨å å¥æå¡åï¼è«æ¨ä»ç´°é±è®åææå¡æåã

è¥è¦å å¥æ¬åæçmailing listï¼è«é£çµå°mailing listç¶²é ï¼ ææçæ´»åè¨è«èæ´»åå°é»å°éééåæ¸å®ä¾è¨è«ï¼ æ¨ä¹å¯ä»¥å¾email è¨è«åä»½ä¸­æ¾å°æåä¹åè¨è«çåä»½ã

æå¾æéæ¨ï¼åå æ´»ååï¼è«åæ¬¡æª¢æ¥æ¨mailing listçä¿¡ä»¶ä»¥ç¢ºå®æ´»åå°é»èæéï¼ææ¯ä»»ä½æéæ´»åè¨éçäºé ã

OWASPå°ç£åæ é¨è½æ ¼ blog
éè¦ä¸æè³å®æå ±ï¼æè¡åæï¼å¸å ´è³è¨åï¼

æ­¡è¿å¸¸ä¾ OWASPå°ç£åæ é¨è½æ ¼ blog

http://www.owasp.org/images/d/da/OWASP_Banner_Blog.png

å¦ä½å å¥æå¡
æ­¡è¿åè²»å å¥OWASP Taiwanå°ç£åæï¼å å¥æ¹å¼æä¸ç¨®ï¼ç·ä¸å ±åï¼emailå ±åä»¥åå³çå ±åï¼ å·¥ä½åä»ææçºéç¥æææå¡æéOWASPææ°æ´»åè³è¨èåº§è«æè­°ç¨.

ç·ä¸å ±å
è«ææ­¤å¡«å¯«ç·ä¸å ±åå®

Emailå ±å
è«emailï¼[mailto:info@owasp.org.tw info@owasp.org.tw]å å¥å°ç£åæ,è«è¨»æä¸åè³è¨.
 * 1) å§å
 * 2) å®ä½
 * 3) è·ç¨±
 * 4) é»å­éµä»¶
 * 5) è¯çµ¡é»è©±

å³çå ±å
è«åå°æ­¤å ±åè¡¨,å¡«å¯«å¾å³çè³(02)6616-1100å³å¯.



è¿ææ¶æ¯

 * Webæç¨ç¨å¼å®å¨ç è¨æ:å¨2008å¹´7æ22æ¥èµ·ï¼è¡æ¿é¢ç èæèè³éå®å¨æå ±ææä¸­å¿èè¾¦ä¹æ¿åºæ©éè»é«å®å¨æè¡ç è¨æï¼ééWeb æç¨ç¨å¼å®å¨åèæå¼å°å¥æ¡ä¾ï¼ç­è§£Webæç¨ç¨å¼å¯è½å¼±é»ï¼æä¾åæ©é(æ§)å§å¤ç®¡çåèã


 * Webå®å¨æ°è:å¨2007å¹´6æ11æ¥ï¼iThomeå ±å°ãç¶²ç«å®å¨æ½°å ¤ï¼ä¸å®å¨å°±æ²é¡§å®¢ãï¼æ·±å¥è¿½è¹¤Googleæå°å¼æå ææ¡æç¶²ç«ä¹æ°æªæ½ï¼å¶æå°çµææçºæè³å®åé¡çç¶²ç«è²¼ä¸è­¦åæ¨ç±¤ï¼ä¸¦é»æ­¢ä½¿ç¨èç´æ¥çè¦½ã


 * OWASPå°ç£åæåå±:å¨2007å¹´4æ16è³18æ¥ï¼å°ååéè³å®å±(http://www.secutech.com/tw/is/index.asp) ééç»å ´ï¼OWASPå°ç£åæéæ¨èè¨æ¤ä½A402èA404ï¼å³å¯ç²å¾Webè³å®åç¢ä¸å¼µï¼ä¸¦è¦ªèªåæé«é©æ¯æ»²éæ¸¬è©¦ãå¼±é»ç¨½æ ¸ç­å³çµ±è³å®æª¢æ¸¬æ¹å¼æ´çºåªç°çèªåæºç¢¼æª¢æ¸¬æè¡ã


 * Webå®å¨æ°è:å¨2007å¹´4æ11æ¥ï¼iThomeå ±å°ãOWASPå°ç£åææç«æå¡åè²»æåä¸­ï¼ç¼å©æåWebå®å¨é²è­·è·ä¸åéè¶¨å¢ãã


 * Webå®å¨æ°è:å¨2007å¹´4æ9æ¥ï¼èææ¥å ±å ±å°å°ç£å·²æESPNé«è²å°ç­è¨±å¤èæ°ç¾çæ´»æ¯æ¯ç¸éçäºåä¸åå®ç¶²ï¼ä¸æä»¥ä¾é¸çºé­é§­å®¢æ¤å¥æ¨é¦¬å¾éï¼èç±è»é«å» åå°ç¡ä¿®è£ç¨å¼çãé¶æå·®æ»æãï¼Zero-Day Attackï¼ï¼ç¡è¾ä½¿ç¨èåªè¦é£ä¸ç¶²çè¦½ï¼é»è¦å°±ä¸­çï¼è¼èå¸³èãå¯ç¢¼é­ç«ï¼èº«åè¢«çç¨ï¼éèæ©æè³æå¤æ´©æè²¡ç©æå¤±ã


 * Webæç¨ç¨å¼å®å¨ç è¨æ:å¨2007å¹´3æ27è³4æ11æ¥ï¼è¡æ¿é¢ç èæèè³éå®å¨æå ±ææä¸­å¿èè¾¦ä¹æ¿åºè³éå®å¨é²è­·å·¡è¿´ç è¨æï¼è³å®ç¼å±è¶¨å¢åç¶²è·¯æç¨æåè³è¨å®å¨ï¼æ­¡è¿æ¿åºæ©é(æ§)è² è²¬è³éå®å¨ç¸éäººå¡è¸´èºåå ãNEW!ç è¨æè¬ç¾©ä¸è¼


 * Webå®å¨æ°è:å¨2007å¹´3æ21æ¥ï¼ä¸­åæå ±å ±å°ãä¸ç¶²æä¸å®å¨åå®¶ï¼å°ç£é«å±ç¬¬äºãï¼ç±æ³åé¨èª¿æ¥å±ãåäºå±ç­å®ä½å±åéå°å°ç£ç¶²è·¯å®å¨é²è¡è§å¯ç¼ç¾ï¼å°ç£ç¶²è·¯çè³è¨å®å¨å¨èï¼é«å±äºæ´²ç¬¬äºï¼åæ¬¡æ¼ä¸­åã2007å¹´åè³ä»ï¼å¹³åæ¯å¤©é½æç¼ç5ä»¶é§­å®¢å¥ä¾µäºä»¶ã


 * Webå®å¨æ°è:å¨2007å¹´3æ8æ¥ï¼æ±æ£®æ°èå ±å°ãå°ç£é§­å®¢æ»æäºä»¶åå°é¾ä¹å ï¼90ï¼éè¡æ¾é­å¥ä¾µãï¼ç¶èè¨±å¤ä¼æ¥­é½ä»¥æ²æé ç®çºç±ï¼ä¸é¡æå¢å é²è­·è¨­åèäººåï¼è¢«é§­å®¢ç«æ¹å¥ä¾µç¶²é ï¼ä¸ç­è§£èå¾å´éçæç¾©ï¼ç¶²é æ¹åå¾ï¼ä¸¦æ²æå¢å é²è­·è¨­åï¼çè³éæå®ä¸ä¼æ¥­è¢«é§­é£çºé«é82æ¬¡ãåæ°èé£çµ



ç¶²ç«èWebæåçäºå¤§è³å®å°å¢

 * 1) ITäººå¡ä¸è¶³
 * 2) ç¼ºä¹è³å®é åå°æ¥­ç¥è­
 * 3) åè½æ§é©æ¶çºä¸»
 * 4) ç¼ºä¹èªååå·¥å·
 * 5) ææ¬ãæçå°åå°æ¡æ¨¡å¼ä¸å©ç¢ºä¿å°æ¡åè³ª

åå¤§Webè³å®æ¼æ´åè¡¨

 * A1. è·¨ç¶²ç«çå¥ä¾µå­ä¸²(Cross Site Scriptingï¼ç°¡ç¨±XSSï¼äº¦ç¨±çºè·¨ç«è³æ¬æ»æ)ï¼Webæç¨ç¨å¼ç´æ¥å°ä¾èªä½¿ç¨èçå·è¡è«æ±éåçè¦½å¨å·è¡ï¼ä½¿å¾æ»æèå¯æ·åä½¿ç¨èçCookieæSessionè³æèè½ååç´æ¥ç»å¥çºåæ³ä½¿ç¨èã
 * A2. æ³¨å¥ç¼ºå¤±(Injection Flaw)ï¼Webæç¨ç¨å¼å·è¡ä¾èªå¤é¨åæ¬è³æåº«å¨å§çæ¡ææä»¤ï¼SQL InjectionèCommand Injectionç­æ»æåæ¬å¨å§ã
 * A3. æ¡ææªæ¡å·è¡(Malicious File Execution)ï¼Webæç¨ç¨å¼å¼å¥ä¾èªå¤é¨çæ¡ææªæ¡ä¸¦å·è¡æªæ¡å§å®¹ã
 * A4. ä¸å®å¨çç©ä»¶åè(Insecure Direct Object Reference)ï¼æ»æèå©ç¨Webæç¨ç¨å¼æ¬èº«çæªæ¡è®ååè½ä»»æå­åæªæ¡æéè¦è³æï¼æ¡ä¾åæ¬http://example/read.php?file=../../../../../../../c:\boot.iniã
 * A5. è·¨ç¶²ç«çå½é è¦æ± (Cross-Site Request Forgeryï¼ç°¡ç¨±CSRF): å·²ç»å¥Webæç¨ç¨å¼çåæ³ä½¿ç¨èå·è¡å°æ¡æçHTTPæä»¤ï¼ä½Webæç¨ç¨å¼å»ç¶æåæ³éæ±èçï¼ä½¿å¾æ¡ææä»¤è¢«æ­£å¸¸å·è¡ï¼æ¡ä¾åæ¬ç¤¾äº¤ç¶²ç«åäº«ç QuickTimeãFlashå½±çä¸­èææ¡æçHTTPè«æ±ã
 * A6. è³è¨æ­é²èä¸é©ç¶é¯èª¤èç½® (Information Leakage and Improper Error Handling)ï¼Webæç¨ç¨å¼çå·è¡é¯èª¤è¨æ¯åå«ææè³æï¼æ¡ä¾åæ¬:ç³»çµ±æªæ¡è·¯å¾çæ­é²æè³æåº«æ¬ä½åç¨±ã
 * A7. é­ç ´å£çéå¥èé£ç·ç®¡ç(Broken Authentication and Session Management)ï¼Webæç¨ç¨å¼ä¸­èªè¡æ°å¯«çèº«åé©è­ç¸éåè½æç¼ºé·ã
 * A8. ä¸å®å¨çå¯ç¢¼å²å­å¨ (Insecure Cryptographic Storage)ï¼Webæç¨ç¨å¼æ²æå°æææ§è³æä½¿ç¨å å¯ãä½¿ç¨è¼å¼±çå å¯æ¼ç®æ³æå°éé°å²å­æ¼å®¹æè¢«åå¾ä¹èã
 * A9. ä¸å®å¨çéè¨(Insecure Communication)ï¼å³éæææ§è³ææä¸¦æªä½¿ç¨HTTPSæå¶ä»å å¯æ¹å¼ã
 * A10. çæ¼éå¶URLå­å(Failure to Restrict URL Access)ï¼æäºç¶²é å çºæ²ææ¬éæ§å¶ï¼ä½¿å¾æ»æèå¯ééç¶²åç´æ¥å­åï¼æ¡ä¾åæ¬åè¨±ç´æ¥ä¿®æ¹WikiæBlogç¶²é å§å®¹ã

éæ¬¡OWASPå¬å¸æ°çTop 10åæ åºç®åçæ»æç¾æ³ï¼ä»¥ä»å¹´çºä¾ï¼Cross-Site Scripting(XSS)èª¿æ´çº10å¤§æ»æä¹é¦ï¼çå¯¦çåæ åºç®åç¶²è·¯é£é­èè©æ¬ºçæ»ææ¿«ç¨XSSçæå½¢ï¼äºå¯¦ä¸ï¼ç¾ååé²é¨çBSIè¨ç«(Build-Security In,https://buildsecurityin.us-cert.gov/) åMitreç ç©¶æ©æ§çCVEè³å®èå¼±æ§åè¡¨(http://cve.mitre.org/) äº¦é¡¯ç¤º1)Cross Site Scriptingè2)SQL Injectionå·²é£çºå©å¹´åçºå¨çé ­èå´éè³å®å¼±é».

ç´æ¥èç¨å¼ç¢¼å®å¨åè³ªæé

 * [å¿è¦*]A1. è·¨ç¶²ç«å¥ä¾µå­ä¸²(Cross Site Scripting)
 * [å¿è¦*]A2. æ³¨å¥ç¼ºå¤±(Injection Flaw)
 * [å»ºè­°*]A3. æ¡ææªæ¡å·è¡(Malicious File Execution)
 * [å»ºè­°*]A4. ä¸å®å¨çç©ä»¶åè(Insecure Direct Object Reference)
 * [é¸æ*]A5. è·¨ç¶²ç«è¦æ±å½é  (Cross-Site Request Forgery)

* OWASPå°ç£åæå¼·çå»ºè­°åå®ä½å¨é²è¡æºç¢¼æª¢æ¸¬æï¼å°¤ä»¥æ¿åºæ©é(æ§)ï¼æéµå¾ªæ¿åºè³éå®å¨ä½æ¥­è¦ç¯(http://www.giscc.org.tw) ä¹ãWebæç¨ç¨å¼å®å¨åèæå¼ãï¼ä¸¦å°1è2åçºå¿è¦æª¢æ¸¬é ç®ï¼3è4åçºå»ºè­°æª¢æ¸¬é ç®ï¼è5åçºé¸ææª¢æ¸¬é ç®ã

ï¼å¨å¯¦åæ¡ä¾ä¸ï¼æª¢æ¸¬ä¸¦ä¿®æ­£1è2å³å¯é¿åçµå¤§å¤æ¸çWebè³å®å¨èã

å ä¸è¿°æ¼æ´éæ¥é ææèWebä¼ºæå¨åå¤é¨è¨­å®æé

 * Information Leakage and Improper Error Handling
 * Broken Authentication and Session Management
 * Insecure Cryptographic Storage
 * Insecure Communications
 * Failure to Restrict URL Access

æå¡åè¡¨ (Member List)
Coming up soon!

http://www.owasp.org.tw/dot.png