Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
6Activity
0 of .
Results for:
No results containing your search query
P. 1
OWASP Top 10 2007 Persian

OWASP Top 10 2007 Persian

Ratings: (0)|Views: 861 |Likes:
Published by owasp-iran

More info:

Published by: owasp-iran on Sep 24, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

02/15/2012

pdf

text

original

 
 
OWASP TOP 10
ﻩدﺁﯼﺮﻳﺬﭘ
 
ﺐﻴﺳﻢﻬﻣﯽﺘﻴﻨﻣامﺮﻧبو
 
ﺖﺤﺗ
 
ﯼﺎهراﺰﻓا
 
ﻦﻴﻤﺟﺮﺘﻣ
: 
يﻮﺳﻮﻣ
 
اﺮﺘﻴﻣ
ﺎﺘﻴﻫﺎﻧآ يﺮﻫﺎﻃ
 
سﺎﭙﺳ
 
ﺎﺑزا
 :
يدﻻﻮﻓ
،
CISSP
ﮓﻧﺮﻬﺑ
 
2007 UPDATE
 
© 2002-2007 OWASP Foundation 
This document is licensed under the Creative Commons Attribution-ShareAlike 2.5license
 
 
 
ﺐﻟﺎﻄﻣ
 
ﺖﺳﺮﻬﻓ
 
ﺐﻟﺎﻄﻣ
 
ﺖﺳﺮﻬﻓ
..................................................................................................................................................................2 
ﻪﻣﺪﻘﻣ
.................................................................................................................................................................................3 
ﻪﺻﻼﺧ
...............................................................................................................................................................................5 
ﻲﺳﺎﻨﺷ
 
شور
.....................................................................................................................................................................6 
ياﺮﺟا ﺘﻳﺎﺳ
 
ﻦﻴﺑ
 
ﺖﭙﻳﺮﻜﺳاﻲ 
-
A
1
- Cross Site Scripting (Xss)
 
..............................................................................10 
ﻲﻘﻳرﺰﺗ
 
يﺎﻫ
 
ﻒﻌﺿ
-
A
2
- Injection Flows
...............................................................................................................14 
بﺮﺨﻣ
 
ﻞﻳﺎﻓ
 
ياﺮﺟا
-
A
3
- Malicious File Execution
.............................................................................................18 
عﺎﺟراﻦﻣاﺎﻧﻪﺑ
 
ﻢﻴﻘﺘﺴﻣ
 
ﻲﺷ
 
 – 
A
4
- Insecure Direct Object Reference
.................................................................22 
ﻲﺘﻳﺎﺳ
 
ﻦﻴﺑ
 
ﺖﺳاﻮﺧرد
 
ﻞﻌﺟ
-
A
5
- Cross Site Request Forgery (CSRF)
............................................................26 
ﺖﺳردﺎﻧ
 
يﺎﻄﺧ
 
ﺖﻳﺮﻳﺪﻣ
 
و
 
تﺎﻋﻼﻃا
 
ﺖﺸﻧ
-
A
6
- Information Leakage and Improper Error Handling
......30 
ﺺﻗﺎﻧ
 
ﺖﺴﺸﻧ
 
ﺖﻳﺮﻳﺪﻣ
 
و
 
ﺖﻳﻮﻫ
 
زاﺮﺣا
-
A
7
- Broken Authentication and Session Management
.................32 
يرﺎﮕﻧﺰﻣر
 
هﺪﺸﻧ
 
ﺖﻈﻓﺎﺤﻣ
 
هرﺎﺒﻧا
-
A
8
– Insecure Cryptographic Storage
.............................................................37 
 ﻃﺎﺒﺗراتﺎ ﻦﻣاﺎﻧ
 – 
A
9
– Insecure Communication
..................................................................................................40 
ﻪﺑ
 
ﻲﺳﺮﺘﺳد
 
ندﺮﻛ 
 
دوﺪﺤﻣ
 
رد
 
ﻲﻫﺎﺗﻮﻛ 
URL
-
A
10
– Failure to Restrict URL Access
........................................43 
ﻲﻳﺎﻬﻧ
 
ﺪﺼﻘﻣ
......................................................................................................................................................................46 
ﻊﺑﺎﻨﻣ
.................................................................................................................................................................................49 
 
 
ﻪﻣﺪﻘﻣ
 
ﻪﺑ
OWASP Top 10
ﺪﻳﺪﻣآ 
 
شﻮﺧ
 !
ﻪﺨﺴﻧ
 
ﻦﻳا
 
ﻲﻠﻛ 
 
رﻮﻃ
 
ﻪﺑ،هﺪﺷ
 
ﻲﺴﻳﻮﻧزﺎﺑ
 
ﻦﻳﺮﺗ
 
ﻢﻬﻣيﺎﻫ
 
يﺮﻳﺬﭘ
 
ﺐﻴﺳآ راﺰﻓا
 
مﺮﻧﺖـﺤﺗ
 
يﺎﻫ
 
ر
 
بواﺖﺳﺮﻬﻓ
 
هدﺮﻛ 
 
ﺖﻇﺎﻔﺣ
 
ﻲﮕﻧﻮﮕﭼ
 
هرﺎﺑرد
 
وزاﻲﻌﺑﺎﻨﻣ
 
و
 
ﺪﻨﻛ 
 
ﻲﻣ
 
ﺚﺤﺑ
 
ﺎﻫ
 
نآ 
 
ﺪﻫد
 
ﻲﻣ
 
ﻪﺋارا
 
ﺮﺘﺸﻴﺑ
 
تﺎﻋﻼﻃا
 
ياﺮﺑ
 
ار
. 
فﺪﻫ
 
ﻪﻴﻟوا
 
فﺪﻫ
OWASP Top 10
 ﻴﭘ
 
شزﻮﻣآ ﺎ ﺪﻣيﺎﻫﺞﻳار
 
ﻪـﻣﺎﻧﺮﺑ
 
ﻪـﺑ
 
بو
 
ﺖـﺤﺗ
 
يﺎـﻫراﺰﻓا
 
مﺮـﻧ
 
ﻲـﺘﻴﻨﻣا
 
يﺎـﻫ
 
يﺮﻳﺬﭘ
 
ﺐﻴﺳآ 
 
ﻦﻳﺮﺗﻲﻣ
 
ﺎﻫ
 
نﺎﻣزﺎﺳ
 
و
 
نارﺎﻤﻌﻣ
 
،نﺎﺣاﺮﻃ
 
،نﺎﺴﻳﻮﻧﺪﺷﺎﺑ
 .
Top 10
ار
 
ﻲﺳﺎﺳا
 
يﺎﻬﺷور
 
ياﺮﺑ ﻣ ﺤ ﺎ ﻞﺑﺎﻘﻣ
 
رد
 
ﺖﻈﻓﺎﻫ
 
يﺮﻳﺬﭘ
 
ﺐﻴﺳآ 
 
ﻦﻳاﻪﺋارا
 
ﺪﻫد
 
ﻲﻣ
-
ﻲﻋوﺮﺷﻦﻣا
 
ﻲﺴﻳﻮﻧ
 
ﻪﻣﺎﻧﺮﺑ
 
ياﺮﺑ
. 
ﺪﺘﻔﻴﺑ
 
قﺎﻔﺗا
 
هرﺎﺒﻜﻳ
 
ﻪﻛ 
 
ﺖﺴﻴﻧ
 
يداﺪﻳور
 
ﺖﻴﻨﻣا
.
ﺎﻓﺮﺻﺖﺳا
 
ﻲﻓﺎﻛﺎﻧ
 
ﺎﻫﺪﻛ 
 
ندﺮﻛ 
 
ﻦﻣا
 
رﺎﺒﻜﻳ
 .
Top 10
و
 
ﺪـﻨﻛ 
 
ﻲـﻣ
 
اﺪـﻴﭘ
 
ﺮﻴﻴﻐﺗ
 
لﺎﺳ
 
ﺮﻫ
 
راﺰﻓا
 
مﺮﻧ
 
،ﺎﻫﺪﻛ 
 
ﺮﻴﻴﻐﺗ
 
نوﺪﺑ ﻫيﺎ اﻮﺗ
 
ﻲﻣ
 
بو
 
ﺖﺤﺗ ﻧ ﺷﺎﺑ
 
ﺮﻳﺬﭘ
 
ﺐﻴﺳآ 
 
ﺪﻨ  ﻨ ﺪ 
. 
دﺮﻴﮕﺑ
 
راﺮﻗ
 
ﺮﻈﻧ
 
ﺪﻣ
 
ﻪﻣﺎﻧﺮﺑ
 
تﺎﻴﺣ
 
ﻪﺧﺮﭼ
 
ﻞﺣاﺮﻣ
 
ﻲﻣﺎﻤﺗ
 
رد
 
ﺪﻳﺎﺑ
 
ﻦﻣا
 
ﻲﺴﻳﻮﻧ
 
ﻪﻣﺎﻧﺮﺑ
.
راﺰﻓا
 
مﺮﻧيﺎـﻫﺖـﺤﺗ
 
ورد
 
ﺎـﻬﻨﺗ
 
ﻦـﻣا
 
بترﻮـﺻ
 
مﺰﻴﻧﺎﻜﻣ
 
زا
 
يﺮﻴﮔرﺎﻜﺑ
SDLC
ﻦﻣا
 
و
 
ﻪﻌﺳﻮﺗ
 
،ﻲﺣاﺮﻃ
 
زا
 
ﻢﻋا
 
ﻞﺣاﺮﻣ
 
ﻲﻣﺎﻤﺗ
 
رد
 
و
...
ددﺮﮔ 
 
ﻲﻣ
 
ﻞﺻﺎﺣ
.
ﻲـﺘﻴﻨﻣا
 
ﺪﻣﺎﻴﭘ
 
ﺪﺼﻴﺳ
 
ﻞﻗاﺪﺣ
 
راﺰﻓا
 
مﺮﻧيﺎﻫ ﻫﺪﻴﻣ
 
راﺮﻗ
 
ﺮﻴﺛﺎﺗ
 
ﺖﺤﺗ
 
ار
 
بو
 
ﺖﺤﺗ
 
 ﻨ رد
 
ﻞﻴﺼﻔﺗ
 
ﻪﺑ
 
ﻪﻛ 
 
ﺪ 
ﺖﺳا
 
هﺪﺷ
 
هرﺎﺷا
 
نآ 
 
ﻪﺑونا
 
نﺪﻧاﻮﺧ
 
ار
 
نﺎﺴﻳﻮﻧ
 
ﻪﻣﺎﻧﺮﺑ
 
ﻪﺑبو
 
ﺖﺤﺗ
 
يﺎﻫراﺰﻓا
 
مﺮﻧﻪﻴﺻﻮﺗﻢﻴﻨﻛ 
 
ﻲﻣ
. 
 ﻧ
 
ﻦﻳﺮﺘﻬﺑ
 
و
 
ﻦﻴﻟوا
 
ﺪﻨﺘﺴﻣ
 
ﻦﻳاﻲﺷزﻮﻣآ 
 
ﻪﻧﻮﻤ ﺖﺳاﻪﻧ
 
ﻂﻘﻓدراﺪﻧﺎﺘﺳا
 
ﻚﻳ
.
ناﻮﻨﻋ
 
ﻪﺑ
 
ار
 
ﺪﻨﺘﺴﻣ
 
ﻦﻳا
 
ﺎﻔﻄﻟﻚﻳنوﺪـﺑ
 
دراﺪﻧﺎﺘﺳا
 
ﺎﻳ
 
ﺖﺳﺎﻴﺳ
ﻪﻴﻟوا
 
ﺖﺒﺤﺻﺎﻣ
ﺎﺑﺪﻴﻨﻜﻧ
 
لﻮﺒﻗ
 
ﻲﻤﺳر
 
رﻮﻃ
 
ﻪﺑ
 .
يدراﺪﻧﺎﺘﺳا
 
ﺎﻳ
 
ﺖﺳﺎﻴﺳ
 
ﻪﺑ
 
ﺮﮔااﺮﺑ
 
،ﺪـﻳراد
 
جﺎـﻴﺘﺣا
 
ﻦـﻣا
 
ﻲﺴـﻳﻮﻧ
 
ﻪﻣﺎﻧﺮﺑ
 
ي
OWASP
 ﻳﺎﻫ
 
هژوﺮﭘ ﻣ
 
رد
 
ﻲ درﻮ راﺪﻧﺎﺘﺳادﺖﺳد
 
رد
 
ار
 
ﻦﻣا
 
ﻲﺴﻳﻮﻧ
 
ﻪﻣﺎﻧﺮﺑ
 
يﺎﻬﺘﺳﺎﻴﺳ
 
و
 
ﺎﻫماﺪﻗادراد
 . 
ﻲﻧادرﺪﻗ
 
زا
MITRE
رد
 
ﺎـﻫ
 
يﺮﻳﺬـﭘ
 
ﺐﻴﺳآ 
 
سﺮﺘﺳد
 
ﻞﺑﺎﻗ
 
و
 
نﺎﮕﻳار
 
ﻪﺋارا
 
ياﺮﺑ
 
CVE
ﻢﻴـﻨﻛ 
 
ﻲـﻣ
 
ﺮﻜﺸـﺗ
 . 
هژوﺮﭘ
10OWASP TOP
ﻂﺳﻮﺗ
 ﻤﺣ
 
و
 
يﺮﺒﻫر
 
ﻲﻣ
 
ﺖﻳﺎ دﻮﺷ
. 
هژوﺮﭘ
 
ﺮﻳﺪﻣ
:
Andrew van der Stock 
)
دﺎﻴﻨﺑ
 
ﻲﻳاﺮﺟا
 
ﺮﻳﺪﻣ
OWASP
( 
نﺎﮔﺪﻨﺴﻳﻮﻧ
 
ﺮﻳﺎﺳ
:
Jeff Wiliams
)
دﺎﻴﻨﺑ
 
ﺲﻴﺋر
OWASP
(
و
 
Dave Wichers
)
ﺲﻧاﺮﻔﻨﻛ 
 
ﺲﻴﺋر
OWASP
( 
زا
 
ﻢﻴﻨﻛ 
 
ﻲﻣ
 
ﺮﻜﺸﺗ
 
ﻦﻴﻨﭽﻤﻫ
 
و
: 
٢

Activity (6)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
NiMa Bagheriasl liked this
Ali Kangarlou liked this
Elahe Vahidian liked this
albaloo18i liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->