{"id":16489,"date":"2020-05-29T20:20:43","date_gmt":"2020-05-29T13:20:43","guid":{"rendered":"https:\/\/amonous.com\/?p=16489"},"modified":"2020-05-29T20:20:43","modified_gmt":"2020-05-29T13:20:43","slug":"cac-buoc-kiem-thu-web-application","status":"publish","type":"post","link":"https:\/\/amonous.com\/cac-buoc-kiem-thu-web-application\/","title":{"rendered":"C\u00e1c b\u01b0\u1edbc ki\u1ec3m th\u1eed Web Application"},"content":{"rendered":"

Trong th\u1eddi \u0111\u1ea1i c\u00f4ng ngh\u1ec7 s\u1ed1, th\u01b0\u01a1ng m\u1ea1i \u0111i\u1ec7n t\u1eed ng\u00e0y c\u00e0ng ph\u00e1t tri\u1ec3n d\u1eabn \u0111\u1ebfn c\u00e1c Web Application ( \u1ee9ng d\u1ee5ng Web) c\u00e0ng ng\u00e0y c\u00e0ng tr\u1edf n\u00ean ph\u1ed5 bi\u1ebfn nh\u1eb1m \u0111\u00e1p \u1ee9ng nhu c\u1ea7u c\u1ee7a ng\u01b0\u1eddi s\u1eed d\u1ee5ng. V\u1eady \u0111\u1ec3 c\u00e1c \u1ee9ng d\u1ee5ng Web \u0111\u01b0\u1ee3c ng\u01b0\u1eddi s\u1eed d\u1ee5ng tin d\u00f9ng v\u00e0 \u0111\u00e1nh gi\u00e1 cao th\u00ec ph\u1ea3i qua vi\u1ec7c ki\u1ec3m th\u1eed<\/strong>. Sau \u0111\u00e2y s\u1ebd gi\u1edbi thi\u1ec7u c\u00e1c b\u01b0\u1edbc ki\u1ec3m th\u1eed \u1ee9ng d\u1ee5ng Web<\/em><\/p>\n

1. Ki\u1ec3m th\u1eed Web Application<\/span><\/h2>\n

\u00a0V\u1ec1 m\u1eb7t b\u1ea3n ch\u1ea5t, c\u00e1c \u1ee9ng d\u1ee5ng web c\u0169ng l\u00e0 ph\u1ea7n m\u1ec1m, n\u00ean c\u00e1c lo\u1ea1i ki\u1ec3m th\u1eed \u00e1p d\u1ee5ng cho ph\u1ea7n m\u1ec1m c\u0169ng \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng khi ki\u1ec3m th\u1eed \u1ee9ng d\u1ee5ng web.<\/p>\n

Ki\u1ec3m th\u1eed \u1ee9ng d\u1ee5ng Web<\/i><\/b>\u00a0 l\u00e0 m\u1ed9t ph\u01b0\u01a1ng ph\u00e1p \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh, ph\u00e2n t\u00edch v\u00e0 b\u00e1o c\u00e1o nh\u1eefng l\u1ed7 h\u1ed5ng \u0111\u00e3 t\u1ed3n t\u1ea1i tr\u00ean \u1ee9ng d\u1ee5ng Web. Ch\u1eb3ng h\u1ea1n c\u00e1c l\u1ed7 h\u1ed5ng nh\u01b0 l\u1ed7i tr\u00e0n b\u1ed9 \u0111\u1ec7m, l\u1ed7i \u0111\u1ea7u v\u00e0o, x\u00e1c th\u1ef1c Bypass, SQL Injection, CSRF, XSS. Qu\u00e1 tr\u00ecnh v\u00e0 quy tr\u00ecnh ki\u1ec3m th\u1eed cho m\u1ed9t \u1ee9ng d\u1ee5ng Web s\u1ebd \u0111\u01b0\u1ee3c l\u1eb7p \u0111i l\u1eb7p l\u1ea1i th\u01b0\u1eddng xuy\u00ean nh\u1eb1m \u0111\u1ea3m b\u1ea3o ng\u0103n ch\u1eb7n m\u1ecdi l\u1ed7 h\u1ed5ng v\u00e0 nh\u1eefng nguy c\u01a1 t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 x\u1ea3y ra.<\/p>\n

2. C\u00e1c b\u01b0\u1edbc ki\u1ec3m th\u1eed Web Application<\/span><\/h2>\n

Ki\u1ec3m th\u1eed ch\u1ee9c n\u0103ng<\/span><\/em><\/h3>\n

Ki\u1ec3m th\u1eed ch\u1ee9c n\u0103ng \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 ki\u1ec3m tra xem s\u1ea3n ph\u1ea9m c\u1ee7a b\u1ea1n c\u00f3 \u0111\u00fang nh\u01b0 nh\u1eefng g\u00ec b\u1ea1n mu\u1ed1n \u1edf trong \u0111\u1eb7c t\u1ea3 y\u00eau c\u1ea7u kh\u00f4ng, xem c\u00e1c y\u00eau c\u1ea7u v\u1ec1 t\u00ednh n\u0103ng c\u00f3 \u0111\u00fang nh\u01b0 nh\u1eefng g\u00ec b\u1ea1n \u0111\u00e3 ch\u1ec9 ra trong c\u00e1c t\u00e0i li\u1ec7u ph\u00e1t tri\u1ec3n. C\u00e1c ho\u1ea1t \u0111\u1ed9ng ki\u1ec3m th\u1eed bao g\u1ed3m:\u00a0Test all links:<\/em>\u00a0Ki\u1ec3m tra t\u1ea5t c\u1ea3 c\u00e1c link trong trang web c\u00f3 \u0111ang l\u00e0m vi\u1ec7c ch\u00ednh x\u00e1c kh\u00f4ng v\u00e0 \u0111\u1ea3m b\u1ea3o r\u1eb1ng kh\u00f4ng c\u00f3 link n\u00e0o b\u1ecb h\u1ecfng. Ngo\u00e0i ra c\u00f2n c\u00f3 k\u1ebft n\u1ed1i c\u01a1 s\u1edf d\u1eef li\u1ec7u, ki\u1ec3m tra cookies v\u00e0 x\u00e1c minh HTML\/CSS.<\/p>\n

Ki\u1ec3m th\u1eed kh\u1ea3 n\u0103ng t\u01b0\u01a1ng th\u00edch<\/em><\/span><\/h3>\n