ASP開(kāi)發(fā)者的20項(xiàng)注意
防火墻會(huì)阻止黑客從你所連接的網(wǎng)絡(luò)直接進(jìn)入你的計(jì)算機(jī)。Windows管理員會(huì)始終保持系統(tǒng)處在最新?tīng)顟B(tài)以避免感染像Nimda和Code Red這樣的蠕蟲(chóng)病毒。同時(shí)也會(huì)使用密碼來(lái)保證安全性。即便如此，我們的系統(tǒng)就真的安全了嗎？然而現(xiàn)在不像幾年前那樣對(duì)數(shù)量的攻擊顯得那么脆弱了。阻斷斷口和安裝補(bǔ)丁對(duì)黑客已經(jīng)失去了作用，因?yàn)樗麄円呀?jīng)找到了新的方法來(lái)破壞這種安全措施。對(duì)于黑客們來(lái)說(shuō)，他們需要首先尋找的機(jī)會(huì)是用戶(hù)提出的web申請(qǐng)。
問(wèn)題是盡管有一支專(zhuān)家隊(duì)伍保護(hù)你的網(wǎng)絡(luò)，但是你仍然得依靠你的網(wǎng)絡(luò)開(kāi)發(fā)者來(lái)保證你所發(fā)出的網(wǎng)絡(luò)申請(qǐng)的安全。難道他們被適當(dāng)?shù)嘏嘤?xùn)以從事最復(fù)雜的黑客工作？他們至少要擅長(zhǎng)于從那些對(duì)SQL語(yǔ)句讀取的時(shí)候插入腳本的欺騙中保護(hù)自己。許多公司已經(jīng)認(rèn)識(shí)到了他們的代碼并不像他們想象的應(yīng)該具備的安全一樣。
Firewalls block hackers from directly connecting to your network shares. Windows administrators keep their systems up-to-date with the latest software patches to thwart worms such as Nimda and Code Red. And user passwords are stronger than ever. But are we secure yet? While the situation is much better than it was just a couple years ago， many companies are still quite vulnerable to a number of attacks. Blocking ports and installing patches has not stopped hackers， it has just forced them to find new ways to break in. And chances are， the first place they are going to look is your Web application.
The problem is that while you may have a team of experts to secure your network， you are still dependent on your developers to secure your Web application. Are they properly trained to take on the most sophisticated hackers in the world? Are they at least good enough to defend themselves from a script kiddie who just read a tutorial on SQL injection? Many companies are now realizing that their code is not as secure as it should be.