32. 操作指令-確認掃描排程
• Checking the status of a scan
– mono
console/SkyAnalyzer.Interface.Console.exe –
credential user_name --interface scan --method
status --scanid scan_id
Application vulnerabilities are bugs in source code that allow hackers to bypass security features such as authentication or firewall
Application Security Feels Like an Uphill Battle
They’re expensive problems, and also are expensive to fix
Allow the execution of arbitrary JavaScript on website visitors browsers
Almost every popular website has been hit with XSS in the past
Allow the execution of arbitrary SQL queries and system commands on the database server
Over 80% of e-commerce sites in Taiwan currently have SQL injections
What did you do to identify vulnerabilities in your applications?
What steps were taken to prevent vulnerable applications from being published?
Three different kinds of static code analysis tools