+) http://root.vn/threads/code-padding-oracle-attack.5129/ +) https://www.youtube.com/watch?v=eDvUtF_tG5w +) http://root.vn/threads/tong-quan-ve-xss-va-phuong-phap-kiem-tra-loi.2831/ +) http://back-track-linux.blogspot.com/2012/11/backtrack-penetration-testing-tu torial.html +) http://www.turkhackteam.net/ +) http://www.ehacking.

net/search/label/Pen-Testing +) Dich :

GIAI ON 1 : TRC KHI BT U PHT TRIN Trc khi pht trin ng dng bt u : Kim tra m bo rng c mt SDLC y m an ninh l vn c Kim tra m bo rng cc chnh sch v tiu chun ph hp c a ra cho nhm pht tri Xy dng cc s liu v tiu chun o lng GIAI ON 1A : CHNH SCH V TIU CHUN NH GI m bo rng c nhng chnh sch ph hp , tiu chun, v cc ti liu ti ch. Ti liu l v v n cho i ch trng, chnh sch m h c th lm theo s pht trin . Ngi ta ch- c th lm iu ng , nu h bit nhng g ng l . Nu ng dng s c pht trin trong Java , iu quan trng l c mt tiu chun m ha an t s dng mt m , iu quan trng l c mt tiu chun m ha. Khng c chnh sch hoc cc ti m nhm pht trin s phi i mt . Bng cch ghi cc vn ph bin v c th d on , s m cn phi c thc hin trong qu trnh pht trin . GIAI ON 1B: PHT TRIN o lng v s liu TIU CHUN ( M BO TRUY NGUYN ) Trc khi bt u pht trin , k hoch chng trnh o lng . Bng vic xc nh cc tiu c tm nhn vo khuyt tt trong c qu trnh v sn phm. N l iu cn thit xc nh cc c th c mt cn phi sa i quy trnh nm bt cc d liu . GIAI ON 2 : NH NGHA V TRONG THIT K YU CU NH GI AN NINH : GIAI ON 2A Yu cu bo mt xc nh lm th no mt ng dng lm vic t gc an ninh. iu quan trng yu cu c kim tra. Th nghim trong trng hp ny c ngha l th nghim cc gi nh xem nu c nhng khong trng trong cc yu cu nh ngha . V d, nu c mt yu cu bo mt cho rng ngi s dng phi ng k trc khi h c th nh phn trang trng ca mt trang web , iu ny c ngha l ngi s dng phi ng k vi h t chng thc ? m bo rng cc yu cu nh r rng nht c th . Khi tm kim nhng khong trng yu cu , cn nhc xem xt c ch bo mt nh: Qun l ngi dng ( thit lp li mt khu vv ) xc thc y quyn Bo mt d liu Lim Trch nhim Qun l phin Giao thng vn ti An ninh H thng phn bit Tng Bo mt GIAI ON 2B: THIT K KIN TRC V NH GI Cc ng dng cn phi c mt thit k v kin trc ti liu. Bi ti liu, chng ti c ngh v hin vt tng t khc. N l iu cn thit kim tra cc hin vt m bo rng vic mc ph hp ca an ninh theo quy nh ti cc yu cu . Xc nh l hng bo mt trong giai on thit k khng ch- l mt trong nhng ni chi ph hi mt trong nhng ni hiu qu nht thc hin thay i . V d, nu n c xc nh rng th quyt nh c thc hin nhiu ni , n c th thch hp xem xt mt thnh phn y quy ng dng c trnh xc nhn d liu nhiu ni, n c th thch hp pht trin mt khun ( sa cha xc nhn u vo mt ni, ch khng phi l trong hng trm a im , l r hn Nu im yu c pht hin, h nn c trao cho cc kin trc s h thng cho cch tip cn GIAI ON 2C : CREATE V M HNH NH GI UML Sau khi thit k v kin trc hon ch-nh, xy dng Unified Modeling Language (UML) m hnh m ng dng lm vic . Trong mt s trng hp , nhng c th c sn . S dng cc m hnh mt s hiu bit chnh xc v cch ng dng hot ng . Nu im yu c pht hin, h nn kin trc s cho cch tip cn khc .

GIAI ON 2D : CREATE V M HNH NH GI MI E DA Trang b thit k v kin trc nh gi, v cc m hnh UML gii thch chnh xc lm th n mi e da m hnh tp th dc. Pht trin cc kch bn mi e da thc t. Phn tch thit k cc mi e da c gim nh , chp nhn kinh doanh , hoc giao cho mt bn th ba , chng cc mi e da c xc nh khng c chin lc gim nh , xem xt li thit k v kin tr thit k. GIAI ON 3: TRONG PHT TRIN

V mt l thuyt , pht trin l vic thc hin mt thit k . Tuy nhin , trong th gii th in trong pht trin m . y l nhng quyt nh thng nh hn c hoc l qu chi tit OWASP kim tra Hng dn v3.0 trong trng hp khc, cc vn m khng c chnh sch hoc hng dn tiu chun c cu cc nh pht trin s phi i mt vi nhiu quyt nh . Nu c chnh sch v khng tiu phi i mt vi quyt nh nhiu hn. GIAI ON 3A : M walkthroughs i ng an ninh nn thc hin mt hng m vi cc nh pht trin , v trong mt s trng h ang hng l mt hng cp cao ca m ni cc nh pht trin c th gii thch logic v dng thc hin m. N cho php nhm nghin cu xem xt m c c mt s hiu bit chung ca m cc nh pht trin gii thch l do ti sao nhng iu no c pht trin cch h Mc ch khng phi l thc hin mt xt m , nhng hiu mt mc cao dng chy, b ang to nn cc ng dng. GIAI ON 3B : M GIA c trang b vi mt s hiu bit tt v cch thc m c cu trc v l do ti sao nhng by gi th nghim c th kim tra m thc t cho li an ninh. Tnh nh m xc nhn m chng li mt tp hp cc danh sch kim tra , bao gm: yu cu kinh doanh sn sng , bo mt , v tnh ton vn . Hng dn OWASP Top 10 hoc danh mc kim tra (ty thuc vo su ca tng quan) cho tip Cc vn c th lin quan n ngn ng hoc khung trong s dng , chng hn nh giy Scar bo mt M ha danh sch kim tra cho ASP.NET . Bt k yu cu c th ngnh cng nghip , chng hn nh o lut Sarbanes- Oxley 404, COPPA , HIPAA , Visa Merchant hng dn , hoc ch qun l khc . V li nhun trn ngun lc u t (ch yu l thi gian), tnh nh m sn xut tr li cht phng php nh gi bo mt khc , v da trn t nht l cc k nng ca ngi xem , trong n, v cn c xem xt mt cch cn thn trong ch th nghim y quang ph. bit thm chi tit v bn danh sch OWASP , vui lng tham kho OWASP Hng dn bo mt cho phin bn mi nht ca cc OWASP Top 10 . GIAI ON 4 : TRONG TRIN KHAI GIAI ON 4A : P DNG Kim tra thm nhp Sau khi kim tra cc yu cu, phn tch thit k, thc hin v xem xt m, n c th c gi b bt . Hy vng rng, y l trng hp , nhng s thm nhp th nghim cc ng dng sau khi kim tra m bo rng khng c g c b qua .

GIAI ON 4B: CU HNH QUN L KIM TRA Cc th nghim xm nhp ng dng nn bao gm vic kim tra nh th no c s h tng c ng dng c th c an ton , mt kha cnh nh ca cu hnh vn c th c mt ci t mc khai thc . GIAI ON 5: BO TR V HOT NG GIAI ON 5A : HNH GIA QUN L HOT NG Cn phi c mt qu trnh ti ch m chi tit nh th no cc mt hot ng ca c hai ng d qun l. GIAI ON 5B : tin hnh kim tra sc khe nh k Kim tra sc khe hng thng hoc hng qu phi c thc hin trn c hai ng dng v c s ri ro an ninh c gii thiu v mc bo mt vn cn nguyn vn . GIAI ON 5C : BO M I XC MINH Sau mi ln thay i c ph duyt v th nghim trong mi trng bo m cht lng v t iu quan trng l , nh l mt phn ca qu trnh qun l thay i , s thay i s c ki

b nh hng bi s thay i. Mt in hnh SDLC kim tra quy trnh lm vic Hnh di y cho thy mt in hnh SDLC kim tra quy trnh lm vic .(46) web :

4 WEB P DNG Kim tra thm nhp Chng ny m t cc phng php th nghim OWASP Web Application thm nhp v gii thch lm d b tn thng . 4.1 GII THIU V MC TIU Web ng dng th nghim thm nhp l g? Mt th nghim xm nhp l mt phng php nh gi s an ton ca h thng my tnh hoc mn ng dng th nghim thm nhp ch- tp trung vo vic nh gi s an ton ca mt ng dng web Qu trnh ny lin quan n vic phn tch hot ng ca cc ng dng cho bt k im yu , l vn bo mt c tm thy s c trnh by cho ch s hu h thng cng vi mt nh gi Mt l hng l g? Mt l hng l mt l hng hoc yu km trong mt h thng thit k , thc hin, hoc hot khai thc vi phm chnh sch bo mt ca h thng. Mt mi e da l mt cuc tn cng tim n th gy hi ti sn thuc s hu ca mt ng dng ( ti nguyn c gi tr, chng hn nh d liu trong m ) . Mt th nghim l mt hnh ng c xu hng cho thy mt l hng trong ng dng. Phng php th nghim OWASP l nhng g ? Th nghim thm nhp s khng bao gi l mt khoa hc chnh xc ni mt danh sch y ca xc nh. Trn thc t, th nghim thm nhp ch- l mt k thut thch hp kim tra s an mt s trng hp . Mc ch l thu thp tt c cc k thut xt nghim c th, gii thch Phng php OWASP Web ng dng th nghim thm nhp c da trn cch tip cn hp en. Cc rt t thng tin v cc ng dng c th nghim . Cc m hnh th nghim bao gm: Tester: Ai thc hin cc hot ng th nghim Cng c v phng php lun : Ct li ca d n th nghim Hng dn ny ng dng: hp en kim tra Kim tra c chia thnh 2 giai on: Ch th ng : ch th ng, th c gng hiu c logic ca ng dng, v chi vi ng dng. Cng c c th c s dng thu thp thng tin , v d, mt proxy HTTP quan s yu cu v p ng . Vo cui giai on ny, cc th nghim nn hiu tt c cc im truy cp ng dng ( v d nh tiu , HTTP, thng s, v cc tp tin cookie ) . Phn thu thp thng thc hin mt th nghim ch th ng . V d, cc th nghim c th tm thy nhng iu s https://www.example.com/login/Authentic_Form.html iu ny c th ch- ra mt hnh thc xc thc , trong ng dng yu cu mt tn ngi dng Cc thng s sau hai i din cho cc im truy cp ( cng) cho cc ng dng : http://www.example.com/Appx.jsp?a=1&b=1

trng hp ny, ng dng cho thy hai ca ( tham s a v b) . Tt c cc ca c tm thy tr im th nghim. Mt bng tnh vi cc cy th mc ca ng dng v tt c cc im truy cp c cho giai on th hai . Ch hot ng : trong giai on ny , cc th nghim bt u th nghim bng cch s dng Chng ti chia tp hp cc bi kim tra hot ng trong 9 tiu loi vi tng s 66 iu kh Qun l kim tra cu hnh Business Logic kim tra Kim tra xc thc kim tra y quyn Qun l kim tra phin Data Validation kim tra T chi Dch v kim tra Th nghim dch v Web Th nghim Ajax Sau y l danh sch cc iu khin kim tra trong qu trnh nh gi :

4.2 Thu thp thng tin Giai on u tin trong nh gi an ninh tp trung vo thu thp cng nhiu thng tin cng t Thu thp thng tin l mt bc cn thit ca mt th nghim xm nhp . Nhim v ny c th Bng cch s dng cc cng c cng cng ( cng c tm kim ) , my qut , gi yu cu HTTP th Buc thc hin cc r r- thng tin , v d nh tit l thng bo li hoc tit l cc phin b Nhn, robot , v Crawlers ( OWASP - IG- 001) Giai on ny ca qu trnh thu thp thng tin bao gm duyt v bt ti nguyn lin quan n ang c th nghim . Cng c tm kim Discovery / Trinh st ( OWASP - IG- 002) Cng c tm kim , nh Google, c th c s dng khm ph cc vn lin quan n cu t sn xut bi cc ng dng c tip xc cng khai . Xc nh im vo ng dng ( OWASP - IG- 003) Lit k cc ng dng v b mt tn cng ca n l tin thn quan trng trc bt k cuc tn gip bn xc nh v vch ra mi lnh vc trong phm vi ng dng cn c iu tra mt ln i giai on lp bn c hon thnh. Th nghim ng dng Web vn tay ( OWASP - IG -004 ) ng dng du vn tay l bc u tin ca qu trnh thu thp thng tin ; bit phin bn v lo my ch cho php xt nghim xc nh l hng bit v khai thc thch hp s dng tro ng dng Discovery ( OWASP - IG- 005) Pht hin ng dng l mt hot ng hng n vic xc nh cc ng dng web c lu tr tr my ch. Phn tch ny l quan trng bi v thng khng c mt lin kt trc tip kt ni c phn tch c th hu ch tit l thng tin chi tit nh cc ng dng web c s dng cho

4.2 Thu thp thng tin Giai on u tin trong nh gi an ninh tp trung vo thu thp cng nhiu thng tin cng t Thu thp thng tin l mt bc cn thit ca mt th nghim xm nhp . Nhim v ny c th Bng cch s dng cc cng c cng cng ( cng c tm kim ) , my qut , gi yu cu HTTP th Buc thc hin cc r r- thng tin , v d nh tit l thng bo li hoc tit l cc phin b Nhn, robot , v Crawlers ( OWASP - IG- 001) Giai on ny ca qu trnh thu thp thng tin bao gm duyt v bt ti nguyn lin quan n ang c th nghim . Cng c tm kim Discovery / Trinh st ( OWASP - IG- 002) Cng c tm kim , nh Google, c th c s dng khm ph cc vn lin quan n cu t sn xut bi cc ng dng c tip xc cng khai . Xc nh im vo ng dng ( OWASP - IG- 003) Lit k cc ng dng v b mt tn cng ca n l tin thn quan trng trc bt k cuc tn gip bn xc nh v vch ra mi lnh vc trong phm vi ng dng cn c iu tra mt ln i giai on lp bn c hon thnh. Th nghim ng dng Web vn tay ( OWASP - IG -004 ) ng dng du vn tay l bc u tin ca qu trnh thu thp thng tin ; bit phin bn v lo my ch cho php xt nghim xc nh l hng bit v khai thc thch hp s dng tro ng dng Discovery ( OWASP - IG- 005) Pht hin ng dng l mt hot ng hng n vic xc nh cc ng dng web c lu tr tr my ch. Phn tch ny l quan trng bi v thng khng c mt lin kt trc tip kt ni c phn tch c th hu ch tit l thng tin chi tit nh cc ng dng web c s dng cho old versions of files or artifacts such as undeleted, obsolete scripts, crafted during the test/development phase or as the result of maintenance. Analysis of Error Codes (OWASP-IG-006) During a penetration test, web applications may divulge information that is not intended to be seen by an end user. Information such as error codes can inform the tester about technologies and pro ducts being used by the application. In many cases, error codes can be easily invoked without the need for specialist skills or tools, due to bad exception handling design and coding. Clearly, focusing only on the web application will not be an exhaustive test. It

cannot be as comprehensive as the information possibly gathered by performing a broader infrastructure analysis. 4.2.1 TESTING: SPIDERS, ROBOTS, AND CRAWLERS (OWASP-IG-001)