Read without ads and support Scribd by becoming a Scribd Premium Reader.

See Premium Plans

Language:

Download

Go BackAdd Note

Link

Embed

Save for later

OWASP TOP 10

ﻩدﺁﯼﺮﻳﺬﭘ

ﺐﻴﺳﻢﻬﻣﯽﺘﻴﻨﻣامﺮﻧبو

ﺖﺤﺗ

ﯼﺎهراﺰﻓا

ﻦﻴﻤﺟﺮﺘﻣ

يﻮﺳﻮﻣ

اﺮﺘﻴﻣ

com.gmail@mousavi.mitra

ﺎﺘﻴﻫﺎﻧآ يﺮﻫﺎﻃ

com.gmail@taheri.ana

سﺎﭙﺳ

ﺎﺑزا

يدﻻﻮﻓ

،

CISSP

ﮓﻧﺮﻬﺑ

2007 UPDATE

This document is licensed under the Creative Commons Attribution-ShareAlike 2.5license

ﺐﻟﺎﻄﻣ

ﺖﺳﺮﻬﻓ

ﺐﻟﺎﻄﻣ

ﺖﺳﺮﻬﻓ

..................................................................................................................................................................2

ﻪﻣﺪﻘﻣ

.................................................................................................................................................................................3

ﻪﺻﻼﺧ

...............................................................................................................................................................................5

ﻲﺳﺎﻨﺷ

شور

.....................................................................................................................................................................6

ياﺮﺟا ﺘﻳﺎﺳ

ﻦﻴﺑ

ﺖﭙﻳﺮﻜﺳاﻲ

- Cross Site Scripting (Xss)

..............................................................................10

ﻲﻘﻳرﺰﺗ

يﺎﻫ

ﻒﻌﺿ

- Injection Flows

...............................................................................................................14

بﺮﺨﻣ

ﻞﻳﺎﻓ

ياﺮﺟا

- Malicious File Execution

.............................................................................................18

عﺎﺟراﻦﻣاﺎﻧﻪﺑ

ﻢﻴﻘﺘﺴﻣ

ﻲﺷ

–

- Insecure Direct Object Reference

.................................................................22

ﻲﺘﻳﺎﺳ

ﻦﻴﺑ

ﺖﺳاﻮﺧرد

ﻞﻌﺟ

- Cross Site Request Forgery (CSRF)

............................................................26

ﺖﺳردﺎﻧ

يﺎﻄﺧ

ﺖﻳﺮﻳﺪﻣ

و

تﺎﻋﻼﻃا

ﺖﺸﻧ

- Information Leakage and Improper Error Handling

......30

ﺺﻗﺎﻧ

ﺖﺴﺸﻧ

ﺖﻳﺮﻳﺪﻣ

و

ﺖﻳﻮﻫ

زاﺮﺣا

- Broken Authentication and Session Management

.................32

يرﺎﮕﻧﺰﻣر

هﺪﺸﻧ

ﺖﻈﻓﺎﺤﻣ

هرﺎﺒﻧا

– Insecure Cryptographic Storage

.............................................................37

ﻃﺎﺒﺗراتﺎ ﻦﻣاﺎﻧ

–

– Insecure Communication

..................................................................................................40

ﻪﺑ

ﻲﺳﺮﺘﺳد

ندﺮﻛ

دوﺪﺤﻣ

رد

ﻲﻫﺎﺗﻮﻛ

URL

– Failure to Restrict URL Access

........................................43

ﻲﻳﺎﻬﻧ

ﺪﺼﻘﻣ

......................................................................................................................................................................46

ﻊﺑﺎﻨﻣ

.................................................................................................................................................................................49

ﻪﻣﺪﻘﻣ

ﻪﺑ

OWASP Top 10

ﺪﻳﺪﻣآ

شﻮﺧ

ﻪﺨﺴﻧ

ﻦﻳا

ﻲﻠﻛ

رﻮﻃ

ﻪﺑ،هﺪﺷ

ﻲﺴﻳﻮﻧزﺎﺑ

ﻦﻳﺮﺗ

ﻢﻬﻣيﺎﻫ

يﺮﻳﺬﭘ

ﺐﻴﺳآ راﺰﻓا

مﺮﻧﺖـﺤﺗ

يﺎﻫ

ر

بواﺖﺳﺮﻬﻓ

هدﺮﻛ

ﺖﻇﺎﻔﺣ

ﻲﮕﻧﻮﮕﭼ

هرﺎﺑرد

وزاﻲﻌﺑﺎﻨﻣ

و

ﺪﻨﻛ

ﻲﻣ

ﺚﺤﺑ

ﺎﻫ

نآ

ﺪﻫد

ﻲﻣ

ﻪﺋارا

ﺮﺘﺸﻴﺑ

تﺎﻋﻼﻃا

ياﺮﺑ

ار

فﺪﻫ

ﻪﻴﻟوا

فﺪﻫ

OWASP Top 10

ﻴﭘ

شزﻮﻣآ ﺎ ﺪﻣيﺎﻫﺞﻳار

ﻪـﻣﺎﻧﺮﺑ

ﻪـﺑ

بو

ﺖـﺤﺗ

يﺎـﻫراﺰﻓا

مﺮـﻧ

ﻲـﺘﻴﻨﻣا

يﺎـﻫ

يﺮﻳﺬﭘ

ﺐﻴﺳآ

ﻦﻳﺮﺗﻲﻣ

ﺎﻫ

نﺎﻣزﺎﺳ

و

نارﺎﻤﻌﻣ

،نﺎﺣاﺮﻃ

،نﺎﺴﻳﻮﻧﺪﺷﺎﺑ

Top 10

ار

ﻲﺳﺎﺳا

يﺎﻬﺷور

ياﺮﺑ ﻣ ﺤ ﺎ ﻞﺑﺎﻘﻣ

رد

ﺖﻈﻓﺎﻫ

يﺮﻳﺬﭘ

ﺐﻴﺳآ

ﻦﻳاﻪﺋارا

ﺪﻫد

ﻲﻣ

ﻲﻋوﺮﺷﻦﻣا

ﻲﺴﻳﻮﻧ

ﻪﻣﺎﻧﺮﺑ

ياﺮﺑ

ﺪﺘﻔﻴﺑ

قﺎﻔﺗا

هرﺎﺒﻜﻳ

ﻪﻛ

ﺖﺴﻴﻧ

يداﺪﻳور

ﺖﻴﻨﻣا

ﺎﻓﺮﺻﺖﺳا

ﻲﻓﺎﻛﺎﻧ

ﺎﻫﺪﻛ

ندﺮﻛ

ﻦﻣا

رﺎﺒﻜﻳ

Top 10

و

ﺪـﻨﻛ

ﻲـﻣ

اﺪـﻴﭘ

ﺮﻴﻴﻐﺗ

لﺎﺳ

ﺮﻫ

راﺰﻓا

مﺮﻧ

،ﺎﻫﺪﻛ

ﺮﻴﻴﻐﺗ

نوﺪﺑ ﻫيﺎ اﻮﺗ

ﻲﻣ

بو

ﺖﺤﺗ ﻧ ﺷﺎﺑ

ﺮﻳﺬﭘ

ﺐﻴﺳآ

ﺪﻨ ﻨ ﺪ

دﺮﻴﮕﺑ

راﺮﻗ

ﺮﻈﻧ

ﺪﻣ

ﻪﻣﺎﻧﺮﺑ

تﺎﻴﺣ

ﻪﺧﺮﭼ

ﻞﺣاﺮﻣ

ﻲﻣﺎﻤﺗ

رد

ﺪﻳﺎﺑ

ﻦﻣا

ﻲﺴﻳﻮﻧ

ﻪﻣﺎﻧﺮﺑ

راﺰﻓا

مﺮﻧيﺎـﻫﺖـﺤﺗ

ورد

ﺎـﻬﻨﺗ

ﻦـﻣا

بترﻮـﺻ

مﺰﻴﻧﺎﻜﻣ

زا

يﺮﻴﮔرﺎﻜﺑ

SDLC

ﻦﻣا

و

ﻪﻌﺳﻮﺗ

،ﻲﺣاﺮﻃ

زا

ﻢﻋا

ﻞﺣاﺮﻣ

ﻲﻣﺎﻤﺗ

رد

و

...

ددﺮﮔ

ﻲﻣ

ﻞﺻﺎﺣ

ﻲـﺘﻴﻨﻣا

ﺪﻣﺎﻴﭘ

ﺪﺼﻴﺳ

ﻞﻗاﺪﺣ

راﺰﻓا

مﺮﻧيﺎﻫ ﻫﺪﻴﻣ

راﺮﻗ

ﺮﻴﺛﺎﺗ

ﺖﺤﺗ

ار

بو

ﺖﺤﺗ

ﻨ رد

ﻞﻴﺼﻔﺗ

ﻪﺑ

ﻪﻛ

ﺪ

OWASP GUIDE

ﺖﺳا

هﺪﺷ

هرﺎﺷا

نآ

ﻪﺑونا

نﺪﻧاﻮﺧ

ار

نﺎﺴﻳﻮﻧ

ﻪﻣﺎﻧﺮﺑ

ﻪﺑبو

ﺖﺤﺗ

يﺎﻫراﺰﻓا

مﺮﻧﻪﻴﺻﻮﺗﻢﻴﻨﻛ

ﻲﻣ

ﻧ

ﻦﻳﺮﺘﻬﺑ

و

ﻦﻴﻟوا

ﺪﻨﺘﺴﻣ

ﻦﻳاﻲﺷزﻮﻣآ

ﻪﻧﻮﻤ ﺖﺳاﻪﻧ

ﻂﻘﻓدراﺪﻧﺎﺘﺳا

ﻚﻳ

ناﻮﻨﻋ

ﻪﺑ

ار

ﺪﻨﺘﺴﻣ

ﻦﻳا

ﺎﻔﻄﻟﻚﻳنوﺪـﺑ

دراﺪﻧﺎﺘﺳا

ﺎﻳ

ﺖﺳﺎﻴﺳ

ﻪﻴﻟوا

ﺖﺒﺤﺻﺎﻣ

ﺎﺑﺪﻴﻨﻜﻧ

لﻮﺒﻗ

ﻲﻤﺳر

رﻮﻃ

ﻪﺑ

يدراﺪﻧﺎﺘﺳا

ﺎﻳ

ﺖﺳﺎﻴﺳ

ﻪﺑ

ﺮﮔااﺮﺑ

،ﺪـﻳراد

جﺎـﻴﺘﺣا

ﻦـﻣا

ﻲﺴـﻳﻮﻧ

ﻪﻣﺎﻧﺮﺑ

ي

OWASP

ﻳﺎﻫ

هژوﺮﭘ ﻣ

رد

ﻲ درﻮ راﺪﻧﺎﺘﺳادﺖﺳد

رد

ار

ﻦﻣا

ﻲﺴﻳﻮﻧ

ﻪﻣﺎﻧﺮﺑ

يﺎﻬﺘﺳﺎﻴﺳ

و

ﺎﻫماﺪﻗادراد

ﻲﻧادرﺪﻗ

زا

MITRE

رد

ﺎـﻫ

يﺮﻳﺬـﭘ

ﺐﻴﺳآ

سﺮﺘﺳد

ﻞﺑﺎﻗ

و

نﺎﮕﻳار

ﻪﺋارا

ياﺮﺑ

CVE

ﻢﻴـﻨﻛ

ﻲـﻣ

ﺮﻜﺸـﺗ

هژوﺮﭘ

10OWASP TOP

ﻂﺳﻮﺗ

Aspect Security

ﻤﺣ

و

يﺮﺒﻫر

ﻲﻣ

ﺖﻳﺎ دﻮﺷ

هژوﺮﭘ

ﺮﻳﺪﻣ

Andrew van der Stock

)

دﺎﻴﻨﺑ

ﻲﻳاﺮﺟا

ﺮﻳﺪﻣ

OWASP

(

نﺎﮔﺪﻨﺴﻳﻮﻧ

ﺮﻳﺎﺳ

Jeff Wiliams

)

دﺎﻴﻨﺑ

ﺲﻴﺋر

OWASP

(

و

Dave Wichers

)

ﺲﻧاﺮﻔﻨﻛ

ﺲﻴﺋر

OWASP

(

زا

ﻢﻴﻨﻛ

ﻲﻣ

ﺮﻜﺸﺗ

ﻦﻴﻨﭽﻤﻫ

و

٢

Searching...

Result 00 of 00

00 results for result for

OWASP Top 10 2007 Persian

Download or Print

Add To Collection

2.0K

Reads

Readcasts

Embed Views

Published by

owasp-iran

TIP Press Ctrl-F⌘F to search anywhere in the document.

Read without ads and support Scribd by becoming a Scribd Premium Reader.

See Premium Plans

Info and Rating

Category:	Uncategorized.
Rating:
Upload Date:	09/24/2009
Copyright:	Attribution Non-commercial
Tags:	No tags

Flag for inappropriate content

Download and print this document

Read offline in your PDF viewer
Edit this document in Adobe Acrobat, Notepad
Keep a copy in case this version is deleted from Scribd
Read and print without ads
Email the file

Choose a format to download in

Download

Read without ads and support Scribd by becoming a Scribd Premium Reader.

See Premium Plans

Notes

OWASP Top 10 2007 Persian

Info and Rating

Download and print this document

Choose a format to download in

Choose a format to download in

Download and print this document

Choose a format to download in

Other login options

Why Sign Up?

Login Successful

Sign Up Successful