{"id":16489,"date":"2020-05-29T20:20:43","date_gmt":"2020-05-29T13:20:43","guid":{"rendered":"https:\/\/acaltc.com\/?p=16489"},"modified":"2020-05-29T20:20:43","modified_gmt":"2020-05-29T13:20:43","slug":"cac-buoc-kiem-thu-web-application","status":"publish","type":"post","link":"https:\/\/acaltc.com\/en\/cac-buoc-kiem-thu-web-application\/","title":{"rendered":"C\u00e1c b\u01b0\u1edbc ki\u1ec3m th\u1eed Web Application"},"content":{"rendered":"

Trong th\u1eddi \u0111\u1ea1i c\u00f4ng ngh\u1ec7 s\u1ed1, th\u01b0\u01a1ng m\u1ea1i \u0111i\u1ec7n t\u1eed ng\u00e0y c\u00e0ng ph\u00e1t tri\u1ec3n d\u1eabn \u0111\u1ebfn c\u00e1c Web Application ( \u1ee9ng d\u1ee5ng Web) c\u00e0ng ng\u00e0y c\u00e0ng tr\u1edf n\u00ean ph\u1ed5 bi\u1ebfn nh\u1eb1m \u0111\u00e1p \u1ee9ng nhu c\u1ea7u c\u1ee7a ng\u01b0\u1eddi s\u1eed d\u1ee5ng. V\u1eady \u0111\u1ec3 c\u00e1c \u1ee9ng d\u1ee5ng Web \u0111\u01b0\u1ee3c ng\u01b0\u1eddi s\u1eed d\u1ee5ng tin d\u00f9ng v\u00e0 \u0111\u00e1nh gi\u00e1 cao th\u00ec ph\u1ea3i qua vi\u1ec7c ki\u1ec3m th\u1eed<\/strong>. Sau \u0111\u00e2y s\u1ebd gi\u1edbi thi\u1ec7u c\u00e1c b\u01b0\u1edbc ki\u1ec3m th\u1eed \u1ee9ng d\u1ee5ng Web<\/em><\/p>\n

1. Ki\u1ec3m th\u1eed Web Application<\/span><\/h2>\n
\u00a0V\u1ec1 m\u1eb7t b\u1ea3n ch\u1ea5t, c\u00e1c \u1ee9ng d\u1ee5ng web c\u0169ng l\u00e0 ph\u1ea7n m\u1ec1m, n\u00ean c\u00e1c lo\u1ea1i ki\u1ec3m th\u1eed \u00e1p d\u1ee5ng cho ph\u1ea7n m\u1ec1m c\u0169ng \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng khi ki\u1ec3m th\u1eed \u1ee9ng d\u1ee5ng web.<\/p>\n
Ki\u1ec3m th\u1eed \u1ee9ng d\u1ee5ng Web<\/i><\/b>\u00a0 l\u00e0 m\u1ed9t ph\u01b0\u01a1ng ph\u00e1p \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh, ph\u00e2n t\u00edch v\u00e0 b\u00e1o c\u00e1o nh\u1eefng l\u1ed7 h\u1ed5ng \u0111\u00e3 t\u1ed3n t\u1ea1i tr\u00ean \u1ee9ng d\u1ee5ng Web. Ch\u1eb3ng h\u1ea1n c\u00e1c l\u1ed7 h\u1ed5ng nh\u01b0 l\u1ed7i tr\u00e0n b\u1ed9 \u0111\u1ec7m, l\u1ed7i \u0111\u1ea7u v\u00e0o, x\u00e1c th\u1ef1c Bypass, SQL Injection, CSRF, XSS. Qu\u00e1 tr\u00ecnh v\u00e0 quy tr\u00ecnh ki\u1ec3m th\u1eed cho m\u1ed9t \u1ee9ng d\u1ee5ng Web s\u1ebd \u0111\u01b0\u1ee3c l\u1eb7p \u0111i l\u1eb7p l\u1ea1i th\u01b0\u1eddng xuy\u00ean nh\u1eb1m \u0111\u1ea3m b\u1ea3o ng\u0103n ch\u1eb7n m\u1ecdi l\u1ed7 h\u1ed5ng v\u00e0 nh\u1eefng nguy c\u01a1 t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 x\u1ea3y ra.<\/p>\n
2. C\u00e1c b\u01b0\u1edbc ki\u1ec3m th\u1eed Web Application<\/span><\/h2>\n
Ki\u1ec3m th\u1eed ch\u1ee9c n\u0103ng<\/span><\/em><\/h3>\n
Ki\u1ec3m th\u1eed ch\u1ee9c n\u0103ng \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 ki\u1ec3m tra xem s\u1ea3n ph\u1ea9m c\u1ee7a b\u1ea1n c\u00f3 \u0111\u00fang nh\u01b0 nh\u1eefng g\u00ec b\u1ea1n mu\u1ed1n \u1edf trong \u0111\u1eb7c t\u1ea3 y\u00eau c\u1ea7u kh\u00f4ng, xem c\u00e1c y\u00eau c\u1ea7u v\u1ec1 t\u00ednh n\u0103ng c\u00f3 \u0111\u00fang nh\u01b0 nh\u1eefng g\u00ec b\u1ea1n \u0111\u00e3 ch\u1ec9 ra trong c\u00e1c t\u00e0i li\u1ec7u ph\u00e1t tri\u1ec3n. C\u00e1c ho\u1ea1t \u0111\u1ed9ng ki\u1ec3m th\u1eed bao g\u1ed3m:\u00a0Test all links:<\/em>\u00a0Ki\u1ec3m tra t\u1ea5t c\u1ea3 c\u00e1c link trong trang web c\u00f3 \u0111ang l\u00e0m vi\u1ec7c ch\u00ednh x\u00e1c kh\u00f4ng v\u00e0 \u0111\u1ea3m b\u1ea3o r\u1eb1ng kh\u00f4ng c\u00f3 link n\u00e0o b\u1ecb h\u1ecfng. Ngo\u00e0i ra c\u00f2n c\u00f3 k\u1ebft n\u1ed1i c\u01a1 s\u1edf d\u1eef li\u1ec7u, ki\u1ec3m tra cookies v\u00e0 x\u00e1c minh HTML\/CSS.<\/p>\n
Ki\u1ec3m th\u1eed kh\u1ea3 n\u0103ng t\u01b0\u01a1ng th\u00edch<\/em><\/span><\/h3>\n
\n
T\u01b0\u01a1ng th\u00edch v\u1edbi tr\u00ecnh duy\u1ec7t (tr\u00ean m\u00e1y t\u00ednh v\u00e0 \u0111i\u1ec7n tho\u1ea1i di \u0111\u1ed9ng): Ki\u1ec3m tra tr\u00ean c\u1ea3 c\u00e1c phi\u00ean b\u1ea3n kh\u00e1c nhau c\u1ee7a tr\u00ecnh duy\u1ec7t.<\/li>\n
Ki\u1ec3m tra tr\u00ean c\u1ea3 tr\u00ecnh duy\u1ec7t c\u1ee7a thi\u1ebft b\u1ecb \u0111i\u1ec7n tho\u1ea1i th\u00f4ng minh.<\/li>\n
T\u01b0\u01a1ng th\u00edch v\u1edbi h\u1ec7 \u0111i\u1ec1u h\u00e0nh<\/li>\n
T\u01b0\u01a1ng th\u00edch v\u1edbi c\u00e1c thi\u1ebft b\u1ecb ngo\u1ea1i vi (m\u00e1y in\u2026)<\/li>\n<\/ul>\n
Ki\u1ec3m th\u1eed t\u00ednh kh\u1ea3 d\u1ee5ng<\/span><\/em><\/h3>\n
T\u00ednh kh\u1ea3 d\u1ee5ng c\u1ee7a trang web \u0111\u01b0\u1ee3c \u0111\u1ecbnh ngh\u0129a l\u00e0 trang web d\u1ec5 s\u1eed d\u1ee5ng, c\u00f3 h\u01b0\u1edbng d\u1eabn s\u1eed d\u1ee5ng r\u00f5 r\u00e0ng, r\u00e0nh m\u1ea1ch, m\u1ed7i trang \u0111\u1ec1u c\u00f3 menu ch\u00ednh v\u00e0 menu n\u00e0y ph\u1ea3i nh\u1ea5t qu\u00e1n. Ki\u1ec3m th\u1eed t\u00ednh kh\u1ea3 d\u1ee5ng, tester c\u00f2n c\u1ea7n th\u1ef1c hi\u1ec7n ki\u1ec3m th\u1eed c\u00e1c \u0111i\u1ec1u khi\u1ec3n chuy\u1ec3n h\u01b0\u1edbng (nh\u01b0 button, text box, text link, bread crum\u2026), n\u1ed9i dung c\u1ee7a trang web ph\u1ea3i d\u1ec5 hi\u1ec3u v\u00e0 th\u00e2n thi\u1ec7n v\u1edbi ng\u01b0\u1eddi s\u1eed d\u1ee5ng.<\/p>\n
Ki\u1ec3m th\u1eed giao di\u1ec7n<\/span><\/em><\/h3>\n
\n
Giao di\u1ec7n Web server v\u00e0 server \u1ee9ng d\u1ee5ng<\/li>\n
Giao di\u1ec7n server \u1ee9ng d\u1ee5ng v\u00e0 giao di\u1ec7n server d\u1eef li\u1ec7u<\/li>\n<\/ul>\n
Ki\u1ec3m th\u1eed hi\u1ec7u n\u0103ng<\/em><\/span><\/h3>\n
\n
Ki\u1ec3m th\u1eed t\u1ea3i: ki\u1ec3m th\u1eed hi\u1ec7u n\u0103ng c\u1ee7a \u1ee9ng d\u1ee5ng v\u1edbi c\u00e1c t\u1ed1c \u0111\u1ed9 k\u1ebft n\u1ed1i m\u1ea1ng kh\u00e1c nhau. Ki\u1ec3m th\u1eed khi c\u00f3 nhi\u1ec1u ng\u01b0\u1eddi d\u00f9ng c\u00f9ng truy c\u1eadp ho\u1eb7c c\u00f9ng y\u00eau c\u1ea7u m\u1ed9t trang xem h\u1ec7 th\u1ed1ng c\u00f3 th\u1ec3 duy tr\u00ec ho\u1ea1t \u0111\u1ed9ng \u0111\u01b0\u1ee3c kh\u00f4ng? Ho\u1eb7c ki\u1ec3m th\u1eed khi ng\u01b0\u1eddi d\u00f9ng t\u1ea3i l\u00ean ho\u1eb7c t\u1ea3i xu\u1ed1ng m\u1ed9t s\u1ed1 l\u01b0\u1ee3ng d\u1eef li\u1ec7u \u0111\u1eb7c bi\u1ec7t l\u1edbn\u2026<\/li>\n
Ki\u1ec3m th\u1eed \u00e1p l\u1ef1c: t\u1ee9c l\u00e0 vi\u1ec7c \u0111\u1ea9y h\u1ec7 th\u1ed1ng ra ngo\u00e0i gi\u1edbi h\u1ea1n c\u1ee7a n\u00f3, th\u1eed l\u00e0m gi\u00e1n \u0111o\u1ea1n trang web b\u1eb1ng c\u00e1ch t\u0103ng l\u01b0\u1ee3ng t\u1ea3i cao h\u01a1n v\u00e0 ki\u1ec3m tra xem h\u1ec7 th\u1ed1ng ph\u1ea3n \u1ee9ng nh\u01b0 th\u1ebf n\u00e0o v\u00e0 ph\u1ee5c h\u1ed3i nh\u01b0 th\u1ebf n\u00e0o.<\/li>\n<\/ul>\n
Ki\u1ec3m th\u1eed b\u1ea3o m\u1eadt<\/strong><\/span><\/em><\/h3>\n
Ki\u1ec3m th\u1eed b\u1ea3o m\u1eadt cho \u1ee9ng d\u1ee5ng web c\u1ee7a b\u1ea1n r\u1ea5t quan tr\u1ecdng n\u1ebfu d\u1eef li\u1ec7u b\u1ecb r\u00f2 r\u1ec9 ho\u1eb7c s\u1eeda \u0111\u1ed5i s\u1ebd \u0111\u1ebfn l\u1ea1i h\u1eadu qu\u1ea3 v\u00f4 c\u00f9ng nghi\u00eam tr\u1ecdng . V\u00ec th\u1ebf, \u0111\u1ed1i v\u1edbi c\u00e1c \u1ee9ng d\u1ee5ng th\u01b0\u01a1ng m\u1ea1i \u0111i\u1ec7n t\u1eed, li\u00ean quan \u0111\u1ebfn c\u00e1c giao d\u1ecbch ng\u00e2n h\u00e0ng, ki\u1ec3m th\u1eed b\u1ea3o m\u1eadt l\u1ea1i c\u00e0ng quan tr\u1ecdng. Ki\u1ec3m th\u1eed n\u00e0y ph\u1ea3i \u0111\u1ea3m b\u1ea3o r\u1eb1ng c\u00e1c c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c v\u00e0 \u1ee7y quy\u1ec1n \u0111\u1ea7y \u0111\u1ee7 \u0111\u00e3 \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng.<\/p>\n
M\u1ed9t s\u1ed1 test case b\u1ea3o m\u1eadt nh\u01b0 sau:<\/p>\n
\n
G\u00f5 tr\u1ef1c ti\u1ebfp url v\u00e0o thanh \u0111\u1ecba ch\u1ec9 c\u1ee7a tr\u00ecnh duy\u1ec7t m\u00e0 kh\u00f4ng qua \u0111\u0103ng nh\u1eadp. C\u00e1c trang n\u1ed9i b\u1ed9 ph\u1ea3i kh\u00f4ng \u0111\u01b0\u1ee3c m\u1edf.<\/li>\n
Sau khi \u0111\u0103ng nh\u1eadp v\u00e0 m\u1edf c\u00e1c trang n\u1ed9i b\u1ed9, thay \u0111\u1ed5i url tr\u1ef1c ti\u1ebfp b\u1eb1ng c\u00e1ch \u0111\u1ed5i tham s\u1ed1 ID c\u1ee7a trang t\u1edbi trang thu\u1ed9c quy\u1ec1n ng\u01b0\u1eddi d\u00f9ng \u0111\u00e3 \u0111\u0103ng nh\u1eadp kh\u00e1c. Truy c\u1eadp ph\u1ea3i b\u1ecb t\u1eeb ch\u1ed1i b\u1edfi ng\u01b0\u1eddi d\u00f9ng n\u00e0y kh\u00f4ng th\u1ec3 xem trang th\u1ed1ng k\u00ea c\u1ee7a ng\u01b0\u1eddi d\u00f9ng kh\u00e1c.<\/li>\n
Th\u1eed c\u00e1c gi\u00e1 tr\u1ecb \u0111\u1ea7u v\u00e0o kh\u00f4ng h\u1ee3p l\u1ec7 trong c\u00e1c tr\u01b0\u1eddng username, password. H\u1ec7 th\u1ed1ng ph\u1ea3i b\u00e1o l\u1ed7i.<\/li>\n
C\u00e1c th\u01b0 m\u1ee5c web, c\u00e1c t\u1ec7p tin kh\u00f4ng \u0111\u01b0\u1ee3c truy nh\u1eadp tr\u1ef1c ti\u1ebfp m\u00e0 kh\u00f4ng c\u00f3 t\u00f9y ch\u1ecdn \u201cDownload\u201d.<\/li>\n
Ki\u1ec3m tra CAPTCHA cho c\u00e1c \u0111\u0103ng nh\u1eadp t\u1ef1 \u0111\u1ed9ng<\/li>\n
T\u1ea5t c\u1ea3 c\u00e1c phi\u00ean giao d\u1ecbch, c\u00e1c th\u00f4ng b\u00e1o l\u1ed7i, c\u00e1c h\u00e0nh vi c\u1ed1 g\u1eafng x\u00e2m ph\u1ea1m an ninh ph\u1ea3i ghi trong log v\u00e0 l\u01b0u t\u1ea1i web server.<\/li>\n<\/ul>\n
See more<\/span><\/h2>\n
\n
Tester- Ngh\u1ec1 Hot cho sinh vi\u00ean c\u00f4ng ngh\u1ec7 th\u00f4ng tin<\/a><\/p>\n
<\/p>\n
\n\n
\n\n\t\t\n
\n\t\t\t <\/ul>\n <\/div>","protected":false},"excerpt":{"rendered":"
Trong th\u1eddi \u0111\u1ea1i c\u00f4ng ngh\u1ec7 s\u1ed1, th\u01b0\u01a1ng m\u1ea1i \u0111i\u1ec7n t\u1eed ng\u00e0y c\u00e0ng ph\u00e1t tri\u1ec3n d\u1eabn \u0111\u1ebfn c\u00e1c Web Application ( \u1ee9ng d\u1ee5ng Web) c\u00e0ng ng\u00e0y c\u00e0ng tr\u1edf n\u00ean ph\u1ed5 bi\u1ebfn nh\u1eb1m \u0111\u00e1p \u1ee9ng nhu c\u1ea7u c\u1ee7a ng\u01b0\u1eddi s\u1eed d\u1ee5ng. V\u1eady \u0111\u1ec3 c\u00e1c \u1ee9ng d\u1ee5ng Web \u0111\u01b0\u1ee3c ng\u01b0\u1eddi s\u1eed d\u1ee5ng tin d\u00f9ng v\u00e0 \u0111\u00e1nh gi\u00e1 cao […]<\/p>","protected":false},"author":25,"featured_media":15489,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48,64,68],"tags":[445,446],"class_list":["post-16489","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dao-tao","category-sinh-vien","category-tin-tuc","tag-kiem-thu-phan-mem","tag-kiem-thu-web-applicaiton"],"_links":{"self":[{"href":"https:\/\/acaltc.com\/en\/wp-json\/wp\/v2\/posts\/16489"}],"collection":[{"href":"https:\/\/acaltc.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/acaltc.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/acaltc.com\/en\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/acaltc.com\/en\/wp-json\/wp\/v2\/comments?post=16489"}],"version-history":[{"count":0,"href":"https:\/\/acaltc.com\/en\/wp-json\/wp\/v2\/posts\/16489\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/acaltc.com\/en\/wp-json\/wp\/v2\/media\/15489"}],"wp:attachment":[{"href":"https:\/\/acaltc.com\/en\/wp-json\/wp\/v2\/media?parent=16489"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/acaltc.com\/en\/wp-json\/wp\/v2\/categories?post=16489"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/acaltc.com\/en\/wp-json\/wp\/v2\/tags?post=16489"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}