at t - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

at t

Description:

ep?st? ?????? d?at?? ?? ??a d? ?s?e?s? se s???d??a. ... ???e ????? ??e? d?af??et??? p???? ?a st? s???d???. ... ???s? t?? silencer _at_ se e??d??? ?p?? _at_mysql_connect ... – PowerPoint PPT presentation

Number of Views:43
Avg rating:3.0/5.0
Slides: 13
Provided by: jame86
Category:
Tags: silencer

less

Transcript and Presenter's Notes

Title: at t


1
??ad??t?a?? ?fa?µ??? ??a ??a?e???s? S??ed????
  • ?a?t??? ??µ?t????
  • ?p?ß??p?? ?a????t?? S?d???p????? ??t?????

2
?e????af? S?st?µat??
  • S?st?µa ??a?e???s?? S??ed???? µe ???µa
    PaperReview.
  • St???? s?st?µat??
  • s??????
  • a???????s?
  • ep?????
  • ep?st?µ?????? d?at??ß?? ??a d?µ?s?e?s? se
    s???d??a.
  • ?p?st????eta? ? d?e?a???? p????? s??ed????
    ta?t?????a.

3
???ste? S?st?µat??
  • ??e?? ????? ???st??
  • Chairman
  • Reviewer
  • Author
  • ?a? ? system administrator.
  • ???e ????? ??e? d?af??et??? p????µ?a st?
    s???d???.
  • ?? ???ste? e??a? d??at?? ?a ????? ?a? t??? t?e??
    ?????? st? ?d?? s???d???.

4
???ste? S?st?µat?? (s????e?a)
  • Chairman ep?ß?e?? s??ed???? ?a? d?a?e???s?
    ?e?t?????? t??.
  • Reviewer a???????s? ?a? ßa?µ?????s? d?at??ß??
    p?? t?? ????? a?ate?e?.
  • Author ?p?ß??? d?at??ß?? se s???d???.
  • O? p??? ta p????µ?a st? s?st?µa, ta?t??eta? µe
    t?? common user.
  • System Administrator d?µ??????a s??ed????,
    a???es? chairmen se s???d??a, ?e???? ep?ß?e??
    s?st?µat??.

5
?????d????aµµa ?e?t??????? S?st?µat??
6
?e???????e? ???pt????
  • XHTML
  • ???s?µ?p??e?ta? ??a s?µa?s? d?af??et????
    pe??e??µ???? st?? ?st?se??de?.
  • ?e? pe???aµß????ta? ?d???e? ??a pa???s?ast???
    ?st?se????.
  • CSS
  • ?e???aµß??e? ??e? t?? ?d???e? ??a pa???s?ast???
    ?st?se??d??.
  • JavaScript
  • ???s?µ?p??e?ta? ??a e?d???? ?e?t?????e? p??? st??
    ??d??a XHTML
  • p.?. toggling content visibility, e?sa????
    p???ap??? authors se d?at??ß?, user menus.

7
?e???????e? ???pt???? (s????e?a)
  • AJAX
  • ???s?µ?p??e?ta? ??a ta sliders st? ??af???
    d?ep?f??e?a t?? a???????s?? d?at??ß??.
  • MySQL
  • ??at??e? t? database t?? s?st?µat??.
  • PHP
  • ????d?? ??a
  • asf??e?a s?st?µat?? ?a? d?a?e???s? p????µ???
    ???st??
  • ep????????a µe database.
  • pa???s?as? ap?te?esµ?t?? ?e?t??????? se XHTML.

8
??s? ?ed?µ???? PRDB
  • ?p?te?e?ta? ap? 14 p??a?e?.
  • 2 ???ste? st? PRDB
  • prdbadm G?a t?? ep????????a t?? system
    administrator µe t? database.
  • prdbuser G?a t?? ep????????a t?? ?p????p??
    ???st??.
  • ? prdbuser ??e? pe?????sµ??a p????µ?a st???
    p??a?e? t?? PRDB.
  • p.?. G?a p??a?a usersactionlog, µ??? INSERT ?a?
    ??? SELECT.

9
?a???s?as? S?st?µat??
  • 59 a??e?a ??a t? ??af??? d?ep?f??e?a s?st?µat??
  • S?ed??st??e s?µf??a µe t?? 10 e??et????
    (heuristics) ??a t?? e??s??s? t?? e????st?a? t??
    Jakob Nielsen (2005).
  • ?a??de??µa e??et????
  • ??at?t?ta t?? ?at?stas?? t?? s?st?µat??.
  • ?a?a?s??t?? ?a? µ???µa??st???? s?ed?asµ??.
  • ?p?t??p? sfa?µ?t??.
  • ????e?a st??? ???ste? ??a a?a?????s?, d?????s?
    ?a? a???t?s? ap? ta ????.

10
?sf??e?a S?st?µat??
  • ? ???p???s? t?? s?st?µat?? ????e
  • µe t?? efa?µ??? t?? p??t?se?? t?? OWASP TOP 10.
  • µe t? s????af? µe??d?? s?µf??a µe t??
    ?d?a?te??t?te? t?? ?e?t??????? t??.
  • ?sf??e?a st? s?st?µa µe
  • ??a??ast??? ?p?st????? JavaScript ?a? Session
    Cookies ap? browsers.
  • ???s? µetaß??t?? session ??a ap????e?s? p????µ???
    ???st??.
  • ?p??s?a a?af???? t?? session id ?a? ???s? t??
    µe??d?? session_regenerate_id() ??a ap?f???
    ep???se?? session fixation.
  • ???s? µe??d?? whereUgo() ??a ta?t?p???s?
    p????µ??? ???st??.

11
?sf??e?a S?st?µat?? (s????e?a)
  • ??d???p???s? UTF-8 ??a t? ß?s? ded?µ???? ?a? t??
    ?st?se??de?.
  • ???s? ??d???p???s?? SHA-256 ??a e?a?s??ta
    ded?µ??a.
  • ??e???? ?a? ?????s? ded?µ???? p??? ap????e?t???
    st? DB
  • µe µe??d??? addslashes(), htmlentities(),
    trim().
  • µe custom µe??d??? variablesSet(),
    variablesFilled(), variablesCheckRange(),
    variablesValidate().
  • ??st???? ??e???? st?? pe??pt?se?? ???s??
    µetaß??t?? GET.
  • ??e???? ?t? s???e???µ??e? ?e?t?????e?
    ep?t??p??ta? ap? t? control panel t?? s??ed????
    (µ?s? t?? loadconfoptionsinc.php).

12
?sf??e?a S?st?µat?? (s????e?a)
  • ?sf??e?a µe??d?? d?a?e???s?? ded?µ???? f??µ?? µe
  • e??????? ?t? ? e????e?a ep?t??peta? st? s???d???.
  • e??????? p????µ??? ???st?.
  • e??????? ?t? ? f??µa ?p?ß?????e µe t? µ???d?
    POST.
  • e??????? ?t? t? ???f? ped?? "csrf" p??
    ?p?ß???eta? ap? t?? f??µe? ?p???e? ?a? ??e?
    s???e???µ??? µ??ad??? t?µ?.
  • ?sf??e?a ??s?? ?ed?µ???? µe
  • pe?????sµ??a p????µ?a ???s?? st??? p??a?e? t??
    DB.
  • ???s? t?? silencer _at_ se µe??d??? ?p??
    _at_mysql_connect().
  • µ???d?? dbErrorHandler() ?a? save_to_usersactionlo
    g().
  • ???e?? sessioninitinc.php.
Write a Comment
User Comments (0)
About PowerShow.com