{"id":287,"date":"2020-04-26T16:01:18","date_gmt":"2020-04-26T16:01:18","guid":{"rendered":"https:\/\/hackemall.live\/?p=287"},"modified":"2020-12-06T09:36:01","modified_gmt":"2020-12-06T09:36:01","slug":"web-application-security-roadmap","status":"publish","type":"post","link":"https:\/\/hackemall.live\/index.php\/2020\/04\/26\/web-application-security-roadmap\/","title":{"rendered":"Web Application Security Roadmap"},"content":{"rendered":"\n

Hi guys,

Nh\u01b0 c\u00e1c th\u00f4ng b\u00e1o \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u0103ng tr\u00ean fanpage c\u1ee7a hackemall<\/a>, trong chu\u1ed7i c\u00e1c topic c\u1ee7a HackerDEX<\/a>, h\u00f4m nay m\u00ecnh xin \u0111\u01b0\u1ee3c chia s\u1ebb con \u0111\u01b0\u1eddng m\u00ecnh \u0111\u00e3 \u0111i c\u0169ng nh\u01b0 kinh nghi\u1ec7m c\u1ee7a m\u00ecnh v\u1ec1 m\u1ed9t m\u1ea3ng m\u00e0 \u0111a s\u1ed1 c\u00e1c script kiddies \/ hacker \/ gosu … \u0111\u1ec1u \u0111\u00e3 t\u1eebng tr\u1ea3i qua: Web Application Security (WebSec). Hi v\u1ecdng roadmap n\u00e0y s\u1ebd gi\u00fap \u00edt cho c\u00e1c b\u1ea1n \u0111\u00e3 v\u00e0 \u0111ang m\u1edbi b\u1eaft \u0111\u1ea7u hay \u0111ang g\u1eb7p kh\u00f3 kh\u0103n, stuck, betak \u0111\u1ed1i v\u1edbi m\u1ea3ng web, gi\u00fap cho c\u00e1c b\u1ea1n ti\u1ebft ki\u1ec7m v\u1ec1 th\u1eddi gian, c\u00f3 m\u1ed9t c\u00e1i nh\u00ecn t\u1ed5ng quan, c\u1ee5 th\u1ec3 v\u1ec1 m\u1ea3ng n\u00e0y. Okay let’s go.<\/p>\n\n\n\n

Trong article n\u00e0y, m\u00ecnh s\u1ebd h\u1ec7 th\u1ed1ng n\u1ed9i dung theo 3 levels t\u1eeb d\u1ec5 cho t\u1edbi kh\u00f3 \u0111\u1ed1i v\u1edbi m\u1ea3ng web.<\/p>\n\n\n\n


WebSec Kid (Beginner Level):
<\/strong>
<\/h2>\n\n\n\n
\"\"<\/figure>\n\n\n\n

M\u00ecnh ti\u1ebfp x\u00fac v\u1edbi web security c\u0169ng nh\u01b0 c\u00e1c cu\u1ed9c thi Capture The Flag (CTF) ngay t\u1eeb tr\u01b0\u1edbc nh\u1eefng ng\u00e0y \u0111\u1ea7u nh\u1eadp h\u1ecdc c\u1ee7a \u0111\u1eddi sinh vi\u00ean (2014), chinh chi\u1ebfn, v\u1ee1 m\u1ed3m c\u0169ng nhi\u1ec1u :D, c\u0169ng \u0111\u1ea1t \u0111\u01b0\u1ee3c m\u1ed9t v\u00e0i th\u00e0nh t\u1ef1u \u0111\u1ed1i v\u1edbi c\u00e1c gi\u1ea3i CTF trong n\u01b0\u1edbc l\u1eabn n\u01b0\u1edbc ngo\u00e0i. L\u00fac \u0111\u1ea7u m\u00ecnh ch\u01a1i t\u1ea5t c\u1ea3 c\u00e1c m\u1ea3ng, sau n\u00e0y m\u00ecnh \u0111i s\u00e2u v\u00e0 s\u00e2u h\u01a1n v\u00e0o m\u1ea3ng web. M\u00ecnh s\u1ebd h\u1ec7 th\u1ed1ng l\u1ea1i nh\u1eefng g\u00ec m\u00ecnh \u0111\u00e3 h\u1ecdc, luy\u1ec7n khi ch\u00e2n \u01b0\u1edbt ch\u00e2n r\u00e1o b\u01b0\u1edbc v\u00e0o th\u1ebf gi\u1edbi World Wide Web.

\u0110\u1ed1i v\u1edbi t\u1ea5t c\u1ea3 nh\u1eefng b\u1ea1n \u0111\u00e3 t\u1eebng ti\u1ebfp x\u00fac v\u1edbi WebSec khi ch\u01a1i CTF ho\u1eb7c v\u1ecdc v\u1ea1ch m\u1ed9t trang web n\u00e0o \u0111\u00f3, c\u1ea3m gi\u00e1c s\u1ebd r\u1ea5t d\u1ec5 ch\u1ecbu, b\u1ea1n c\u1ea3m th\u1ea5y r\u1eb1ng b\u1ea1n c\u00f3 th\u1ec3 m\u00f2 t\u1edbi m\u1ecdi th\u1ee9, m\u1ecdi ng\u00f3c ng\u00e1ch c\u1ee7a trang web \u0111\u00f3. Ch\u00ednh v\u00ec th\u1ebf, \u0111\u00e2y l\u00e0 m\u1ea3ng d\u1ec5 ch\u01a1i nh\u1ea5t v\u00e0 ai c\u0169ng \u0111\u1ec1u c\u00f3 th\u1ec3 tr\u1edf th\u00e0nh :hackerman:

Tuy nhi\u00ean kh\u00f4ng c\u00f3 g\u00ec l\u00e0 d\u1ec5 d\u00e0ng, m\u1ea3ng web tuy d\u1ec5 ti\u1ebfp c\u1eadn nh\u01b0ng theo tr\u1ea3i nghi\u1ec7m c\u1ee7a m\u00ecnh t\u1eeb tr\u01b0\u1edbc \u0111\u1ebfn nay, \u0111a s\u1ed1 nh\u1eefng b\u1ea1n \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 “\u0111am m\u00ea” hack web \u0111\u1ec1u s\u1ebd d\u1eebng l\u1ea1i \u1edf m\u1ed9t m\u1ee9c n\u00e0o \u0111\u00f3 v\u00e0 kh\u00f4ng \u0111i xa, \u0111i s\u00e2u h\u01a1n tr\u00ean con \u0111\u01b0\u1eddng n\u00e0y. Ki\u1ebfn tr\u00fac c\u1ee7a m\u1ea3ng n\u00e0y n\u00f3 nh\u01b0 m\u1ed9t c\u00e1i ph\u1ec5u ng\u01b0\u1ee3c \"\", c\u00e0ng \u0111i s\u00e2u c\u00e0ng kh\u00f3 v\u00e0 r\u1ea5t r\u1ea5t \u0111a d\u1ea1ng, v\u00ec th\u1ebf nhi\u1ec1u ng\u01b0\u1eddi s\u1ebd b\u1ecf cu\u1ed9c khi b\u1ecb stuck, betak gaming, m\u1ea5t ph\u01b0\u01a1ng h\u01b0\u1edbng. Tuy nhi\u00ean:<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

H\u1ecdc g\u00ec?:<\/strong><\/h2>\n\n\n\n

Nhi\u1ec1u b\u1ea1n c\u0169ng \u0111\u00e3 t\u1eebng h\u1ecfi m\u00ecnh h\u1ecdc web l\u00e0 h\u1ecdc g\u00ec?, ti\u1ebfp c\u1eadn ban \u0111\u1ea7u v\u1edbi websec nh\u01b0 th\u1ebf n\u00e0o?, em l\u00e0 newbie em mu\u1ed1n h\u1ecdc HTTP Desync Attacks, Web Cache Poisoning … anh ch\u1ec9 em \u0111\u01b0\u1ee3c kh\u00f4ng?. \"\"
M\u00ecnh s\u1ebd h\u1ec7 th\u1ed1ng l\u1ea1i roadmap nh\u01b0 sau:<\/p>\n\n\n\n

1. H\u1ecdc l\u1eadp tr\u00ecnh:<\/strong> Nghe c\u00f3 v\u1ebb thi\u00ean h\u01a1n v\u1ec1 Software Engineer, nh\u01b0ng kh\u00f4ng, \u0111\u1ec3 b\u1eaft \u0111\u1ea7u tr\u00ean con \u0111\u01b0\u1eddng n\u00e0y th\u00ec \u0111i\u1ec1u \u0111\u1ea7u ti\u00ean v\u00e0 ti\u00ean quy\u1ebft l\u00e0 b\u1ea1n ph\u1ea3i bi\u1ebft l\u1eadp tr\u00ecnh. Kh\u00f4ng m\u1ed9t hacker th\u1ef1c th\u1ee5 n\u00e0o m\u00e0 kh\u00f4ng bi\u1ebft l\u1eadp tr\u00ecnh, \u00edt nh\u1ea5t l\u00e0 t\u1eeb ph\u1ea3i m\u1ee9c \u0111\u1ed9 medium tr\u1edf l\u00ean. B\u1ea1n kh\u00f4ng c\u1ea7n ph\u1ea3i bi\u1ebft t\u1ea5t c\u1ea3 c\u00e1c ng\u00f4n ng\u1eef m\u1ed9t c\u00e1ch chuy\u00ean s\u00e2u nh\u01b0 c\u00e1c Software Engineer th\u1ef1c th\u1ee5 nh\u01b0ng v\u1ec1 c\u01a1 b\u1ea3n, b\u1ea1n ph\u1ea3i c\u00f3 ki\u1ebfn th\u1ee9c n\u1ec1n t\u1ea3ng v\u1ec1 kh\u00e1 nhi\u1ec1u c\u00e1c ng\u00f4n ng\u1eef (v\u00ec th\u1ebf gi\u1edbi web r\u1ea5t r\u1ed9ng l\u1edbn v\u00e0 \u0111a d\u1ea1ng). Do \u0111\u00f3 khi \u0111\u00e3 c\u00f3 ki\u1ebfn th\u1ee9c n\u1ec1n t\u1ea3ng v\u1ec1 l\u1eadp tr\u00ecnh, b\u1ea1n s\u1ebd \u0111i r\u1ea5t nhanh v\u00e0 r\u1ea5t xa. Hi\u1ec7n t\u1ea1i th\u1ebf gi\u1edbi web \u0111\u01b0\u1ee3c x\u00e2y d\u1ef1ng tr\u00ean r\u1ea5t nhi\u1ec1u n\u1ec1n t\u1ea3ng, ng\u00f4n ng\u1eef r\u1ea5t \u0111a d\u1ea1ng, b\u1ea1n bi\u1ebft \u0111\u01b0\u1ee3c c\u00e0ng nhi\u1ec1u ng\u00f4n ng\u1eef l\u1eadp tr\u00ecnh th\u00ec \u0111i\u1ec1u \u0111\u00f3 l\u1ea1i c\u00e0ng c\u00f3 l\u1ee3i cho b\u1ea1n v\u1ec1 sau n\u00e0y, kh\u00f4ng b\u1ed5 ngang th\u00ec c\u0169ng b\u1ed5 d\u1ecdc (m\u00ecnh \u0111\u1ea3m b\u1ea3o, n\u1ebfu th\u1ea5t nghi\u1ec7p th\u00ec \u0111i dev web d\u1ea1o c\u0169ng \u0111\u01b0\u1ee3c kh\u00f4ng sao \"\" ).

M\u00ecnh list m\u1ed9t s\u1ed1 ng\u00f4n ng\u1eef l\u1eadp tr\u00ecnh th\u00f4ng d\u1ee5ng c\u0169ng nh\u01b0 \u0111ang l\u00e0 x\u01b0\u01a1ng s\u1ed1ng c\u1ee7a c\u00e1c \u1ee9ng d\u1ee5ng web ng\u00e0y nay, b\u1ea1n c\u00f3 th\u1ec3 t\u00ecm hi\u1ec3u v\u00e0 h\u1ecdc n\u00f3 m\u1ed9t c\u00e1ch chi ti\u1ebft: PHP, Java, JavaScript (v\u00e0 c\u00e1c h\u1ecd c\u1ee7a n\u00f3: NodeJS, ReactJS, AngularJS …), C\/C++, C# (for .NET application), Golang, LUA, Ruby. B\u1ea1n ph\u1ea3i c\u00f3 kh\u1ea3 n\u0103ng l\u1eadp tr\u00ecnh, \u0111\u1ecdc hi\u1ec3u, debug … t\u1eeb m\u1ee9c \u0111\u1ed9 medium tr\u1edf l\u00ean c\u1ee7a c\u00e1c ng\u00f4n ng\u1eef m\u00e0 m\u00ecnh v\u1eeba li\u1ec7t k\u00ea b\u00ean tr\u00ean, b\u1ea1n \u0111\u00e3 ho\u00e0n th\u00e0nh \u0111\u01b0\u1ee3c b\u01b0\u1edbc \u0111\u1ea7u khi \u0111\u1eb7t ch\u00e2n v\u00e0o WebSec. V\u00e0 cu\u1ed1i c\u00f9ng, b\u1ea1n n\u00ean th\u00f4ng th\u1ea1o m\u1ed9t ng\u00f4n ng\u1eef \u0111\u1ec3 th\u1ef1c hi\u1ec7n vi\u1ebft c\u00e1c exploit script m\u1ed9t c\u00e1ch nhanh v\u00e0 ch\u00ednh x\u00e1c nh\u1ea5t. M\u00ecnh khuy\u1ebfn kh\u00edch b\u1ea1n n\u00ean h\u1ecdc Python theo m\u1ed9t c\u00e1ch nghi\u00eam t\u00fac nh\u1ea5t. (Learn Python the Hard Way)
<\/p>\n\n\n\n

2. H\u1ecdc Unix \/ Linux:<\/strong> M\u1eb7c d\u00f9 m\u00ecnh l\u00e0 m\u1ed9t fanboy c\u1ee7a Windows \"\" nh\u01b0ng m\u00ecnh \u0111\u1ea3m b\u1ea3o v\u1edbi b\u1ea1n r\u1eb1ng, Linux n\u00f3 s\u1ebd gi\u00fap \u00edt cho b\u1ea1n r\u1ea5t nhi\u1ec1u khi b\u1ea1n theo \u0111u\u1ed5i security n\u00f3i chung v\u00e0 WebSec n\u00f3i ri\u00eang. B\u1ea1n qu\u00e1 m\u1ec7t m\u1ecfi v\u1edbi vi\u1ec7c copy \/ paste \/ edit 1 GB, 10 GB, 100 GB … data tr\u00ean windows, Linux n\u00f3 s\u1ebd x\u1eed l\u00fd c\u00e1c v\u1ea5n \u0111\u1ec1 \u0111\u00f3 v\u1edbi ch\u1ec9 1 d\u00f2ng bash script. H\u00e3y h\u1ecdc Linux ngay t\u1eeb ban \u0111\u1ea7u.
<\/p>\n\n\n\n

3. H\u1ecdc c\u00e1c lo\u1ea1i l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt c\u1ee7a \u1ee9ng d\u1ee5ng web: <\/strong>

<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt web th\u1eadt s\u1ef1 r\u1ea5t \u0111a d\u1ea1ng v\u00e0 phong ph\u00fa, c\u00e0ng ng\u00e0y c\u00e0ng c\u00f3 qu\u00e1 nhi\u1ec1u l\u1ed7 h\u1ed5ng m\u1edbi, c\u00e1c new hacking vector, trending …
V\u1ec1 c\u01a1 b\u1ea3n, c\u00e1c \u1ee9ng d\u1ee5ng web hi\u1ec7n t\u1ea1i s\u1ebd t\u1ed3n t\u1ea1i c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u01b0\u1ee3c chia th\u00e0nh 2 d\u1ea1ng ch\u00ednh nh\u01b0 sau:
Server-side vulnerability v\u00e0 Client-side vulnerability.

Server-side vulnerability:<\/strong> Nh\u01b0 t\u00ean g\u1ecdi c\u1ee7a n\u00f3, \u0111\u00e2y l\u00e0 c\u00e1c l\u1ed7 h\u1ed5ng \u1ea3nh h\u01b0\u1edfng tr\u1ef1c ti\u1ebfp \u0111\u1ebfn ph\u00eda server v\u00e0 th\u00f4ng th\u01b0\u1eddng c\u00e1c lo\u1ea1i l\u1ed7 h\u1ed5ng \u1edf ph\u1ea7n n\u00e0y lu\u00f4n lu\u00f4n c\u00f3 impact nghi\u00eam tr\u1ecdng \/ cao. B\u1ea1n th\u1eed ngh\u0129 b\u1ea1n c\u1ea7m exploit 1 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt ch\u01b0a \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1 (0-day) Unauthenticated Remote Code Execution (RCE) c\u1ee7a WordPress (kho\u1ea3ng 60% tr\u00ean t\u1ed5ng s\u1ed1 websites tr\u00ean th\u1ebf gi\u1edbi \u0111ang s\u1eed d\u1ee5ng WordPress) phi\u00ean b\u1ea3n m\u1edbi nh\u1ea5t, b\u1ea1n s\u1ebd l\u00e0m g\u00ec \u0111\u1ea7u ti\u00ean?
<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

C\u00e1c lo\u1ea1i l\u1ed7 h\u1ed5ng th\u00f4ng d\u1ee5ng thu\u1ed9c m\u1ee5c n\u00e0y nh\u01b0: RCE, Injection (Command Injection, SQL Injection … ), SSRF, XXE, Insecure Deserialization …

Client-side vulnerability:<\/strong> T\u01b0\u01a1ng t\u1ef1, \u0111\u00e2y l\u00e0 c\u00e1c l\u1ed7 h\u1ed5ng \u1ea3nh h\u01b0\u1edfng tr\u1ef1c ti\u1ebfp \u0111\u1ebfn ph\u00eda client, n\u00f3i \u0111\u01a1n gi\u1ea3n cho d\u1ec5 hi\u1ec3u, b\u1ea1n click v\u00e0o \u0111\u00e2y<\/span><\/b> th\u00ec n\u00f3 \u0111\u00e3 \u1ea3nh h\u01b0\u1edfng tr\u1ef1c ti\u1ebfp t\u1edbi tr\u00ecnh duy\u1ec7t b\u1ea1n \u0111ang \u0111\u1ecdc b\u00e0i vi\u1ebft n\u00e0y. C\u00e1c lo\u1ea1i l\u1ed7 h\u1ed5ng \u1edf ph\u1ea7n s\u1ebd c\u00f3 impact t\u00f9y thu\u1ed9c v\u00e0o vi\u1ec7c b\u1ea1n khai th\u00e1c \u0111\u01b0\u1ee3c \u0111\u1ebfn \u0111\u00e2u v\u00e0 th\u00f4ng tin b\u1ea1n c\u00f3 \u0111\u01b0\u1ee3c sau khi khai th\u00e1c th\u00e0nh c\u00f4ng. V\u00e0 t\u1ea5t nhi\u00ean, m\u1ed9t y\u1ebfu t\u1ed1 t\u1ea1o n\u00ean t\u00ean g\u1ecdi c\u0169ng nh\u01b0 impact c\u1ee7a l\u1ed7 h\u1ed5ng n\u00e0y l\u00e0 s\u1ef1 t\u01b0\u01a1ng t\u00e1c c\u1ee7a ng\u01b0\u1eddi d\u00f9ng (victim), h\u00e3y lu\u00f4n nh\u1edb \u0111i\u1ec1u \u0111\u00f3 \u0111\u1ec3 ph\u00e2n bi\u1ec7t, tr\u00e1nh b\u1ecb nh\u1ea7m l\u1eabn.
C\u00e1c lo\u1ea1i l\u1ed7 h\u1ed5ng th\u00f4ng d\u1ee5ng thu\u1ed9c m\u1ee5c n\u00e0y nh\u01b0: XSS (Cross-site scripting), CSRF (Cross Site Request Forgery), XS-Leaks (XS-Search), JSONP Leaks, CORS Misconfigurations …

T\u1eeb nh\u1eefng th\u00f4ng tin m\u00ecnh k\u1ec3 tr\u00ean, b\u1ea1n h\u00e3y t\u00ecm hi\u1ec3u v\u00e0 h\u1ecdc c\u00e1c lo\u1ea1i l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt c\u1ee7a \u1ee9ng d\u1ee5ng web, hi\u1ec7n t\u1ea1i OWASP<\/a> c\u00e1c n\u0103m c\u0169ng \u0111\u01b0a ra s\u1ef1 th\u1ed1ng k\u00ea v\u1ec1 top 10 c\u00e1c lo\u1ea1i l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt theo impact gi\u1ea3m d\u1ea7n. M\u00ecnh ngh\u0129 \u0111\u1eebng n\u00ean coi th\u01b0\u1eddng hay b\u1ecf qua b\u1ea5t k\u1ef3 lo\u1ea1i l\u1ed7 h\u1ed5ng n\u00e0o, m\u1ed7i lo\u1ea1i l\u1ed7 h\u1ed5ng \u0111\u1ec1u c\u00f3 v\u1ebb \u0111\u1eb9p ri\u00eang v\u1ec1 b\u1ea3n ch\u1ea5t c\u0169ng nh\u01b0 c\u00e1ch th\u1ee9c exploit c\u1ee7a n\u00f3.

\u0110i\u1ec1u quan tr\u1ecdng nh\u1ea5t khi b\u1ea1n h\u1ecdc v\u00e0 khai th\u00e1c c\u00e1c lo\u1ea1i l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt c\u1ee7a \u1ee9ng d\u1ee5ng web, m\u00ecnh khuy\u00ean l\u00e0 b\u1ea1n n\u00ean t\u1ea1o ra lo\u1ea1i l\u1ed7 h\u1ed5ng \u0111\u00f3 tr\u01b0\u1edbc (b\u1eb1ng l\u1eadp tr\u00ecnh), sau \u0111\u00f3 ti\u1ebfn h\u00e0nh khai th\u00e1c n\u00f3. \u0110\u00e2y l\u00e0 c\u00e1ch h\u1ecdc m\u00ecnh c\u1ea3m th\u1ea5y hi\u1ec7u qu\u1ea3 nh\u1ea5t t\u1eeb tr\u01b0\u1edbc \u0111\u1ebfn nay.
<\/p>\n\n\n\n

4. H\u1ecdc c\u00e1ch s\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 m\u1ed9t c\u00e1ch \u0111\u00fang \u0111\u1eafn:<\/strong> \u0110\u1eebng tr\u1edf th\u00e0nh script kiddie. C\u00f4ng c\u1ee5 n\u00f3 ch\u1ec9 gi\u00fap \u00edch cho b\u1ea1n khai th\u00e1c th\u00f4ng tin v\u1ec1 \u0111\u1ed1i t\u01b0\u1ee3ng, exploit m\u1ed9t c\u00e1ch nhanh ch\u00f3ng nh\u1ea5t. Khi s\u1eed d\u1ee5ng b\u1ea5t k\u1ef3 c\u00f4ng c\u1ee5 n\u00e0o, b\u1ea1n \u0111\u1ec1u ph\u1ea3i bi\u1ebft \u0111\u01b0\u1ee3c nguy\u00ean l\u00fd ho\u1ea1t \u0111\u1ed9ng c\u1ee7a n\u00f3. M\u1ed9t v\u00e0i c\u00f4ng c\u1ee5 th\u00f4ng d\u1ee5ng d\u00e0nh cho c\u00e1c b\u1ea1n \u1edf level n\u00e0y nh\u01b0: Burp Suite, SQLMap, Python script, c\u00e1c add-ons h\u1ed7 tr\u1ee3 (hackbar, wappalyzer, foxyproxy …).
<\/p>\n\n\n\n

5. C\u00e1c ki\u1ebfn th\u1ee9c n\u1ec1n t\u1ea3ng kh\u00e1c:<\/strong> T\u1ea5t nhi\u00ean khi b\u1ea1n khai th\u00e1c c\u00e1c l\u1ed7 h\u1ed5ng \u1ee9ng d\u1ee5ng web, b\u1ea1n kh\u00f4ng c\u1ea7n ph\u1ea3i return to libc hay leaking a heap address. Tuy nhi\u00ean, ki\u1ebfn th\u1ee9c n\u1ec1n t\u1ea3ng v\u1ec1 t\u1ea5t c\u1ea3 c\u00e1c l\u0129nh v\u1ef1c trong security r\u1ea5t quan tr\u1ecdng v\u00e0 b\u1ea1n ph\u1ea3i hi\u1ec3u \u0111\u01b0\u1ee3c c\u01a1 b\u1ea3n \u0111\u1ed1i v\u1edbi c\u00e1c m\u1ea3ng kh\u00e1c. B\u1ea1n ph\u1ea3i c\u00f3 ki\u1ebfn th\u1ee9c t\u1ed5ng qu\u00e1t v\u1ec1 system, database, network, crypto, RE th\u1eadm ch\u00ed l\u00e0 pwnable \/ exploit, n\u00f3 s\u1ebd gi\u00fap \u00edch cho b\u1ea1n \u00edt nh\u1ea5t l\u00e0 ngay t\u1eeb ban \u0111\u1ea7u v\u00e0 gi\u00fap b\u1ea1n \u0111i \u0111\u01b0\u1ee3c xa h\u01a1n n\u1ebfu mu\u1ed1n theo \u0111u\u1ed5i web hacking. M\u00ecnh v\u00ed d\u1ee5 \u0111\u01a1n gi\u1ea3n: b\u1ea1n \u0111\u01b0\u1ee3c giao 1 task \u0111\u1ec3 nghi\u00ean c\u1ee9u v\u1ec1 m\u1ed9t target s\u1eed d\u1ee5ng webassembly, ngo\u00e0i web ra, b\u1ea1n kh\u00f4ng bi\u1ebft th\u00eam g\u00ec c\u1ea3, d\u1eabn t\u1edbi b\u1ea1n l\u1ea1i ph\u1ea3i h\u1ecdc l\u1ea1i assembly, h\u1ecdc RE blah blah l\u1ea1i t\u1eeb \u0111\u1ea7u. Ch\u00e1n n\u1ea3n, betak, ragequit … <\/p>\n\n\n\n


WebSec Boy (Advanced Level):<\/strong>

<\/h2>\n\n\n\n
\"\"<\/figure><\/div>\n\n\n\n

Sau khi tr\u1ea3i qua beginner level m\u1ed9t c\u00e1ch \u0111\u00fang \u0111\u1eafn v\u00e0 hi\u1ec7u qu\u1ea3 nh\u1ea5t, m\u00ecnh \u0111\u1ea3m b\u1ea3o l\u00e0 b\u1ea1n \u0111\u00e3 kh\u00e1 \u0111\u1ea7y \u0111\u1ee7 l\u00f4ng c\u00e1nh, l\u00fac n\u00e0y b\u1ea1n r\u1ea5t mu\u1ed1n s\u1eed d\u1ee5ng t\u1ea5t c\u1ea3 skills, ki\u1ebfn th\u1ee9c c\u1ee7a b\u1ea1n v\u1eeba h\u1ecdc \u0111\u01b0\u1ee3c \u0111\u1ec3 h\u00e0nh t\u1ea9u giang h\u1ed3 \"\".<\/p>\n\n\n\n

Luy\u1ec7n g\u00ec, luy\u1ec7n \u1edf \u0111\u00e2u v\u00e0 luy\u1ec7n nh\u01b0 th\u1ebf n\u00e0o?:<\/strong><\/h2>\n\n\n\n

Tr\u0103m hay kh\u00f4ng b\u1eb1ng tay quen, khi b\u1ea1n c\u00e0y c\u00e0ng nhi\u1ec1u, h\u1ecdc c\u00e0ng nhi\u1ec1u b\u1ea1n s\u1ebd c\u00e0ng gi\u1ecfi. B\u1ea1n luy\u1ec7n skill nhi\u1ec1u, t\u1eadp debug, t\u1eadp vi\u1ebft exploit … b\u1ea1n s\u1ebd c\u00e0ng th\u00e0nh th\u1ea1o t\u1ea5t c\u1ea3 c\u00e1c k\u1ef9 n\u0103ng, thao t\u00e1c nhanh nh\u1eb9n v\u00e0 kh\u00f4ng b\u1ecb v\u01b0\u1edbng v\u00edu v\u00ec c\u00e1c issues nh\u1ecf nh\u1ecf. \u0110i\u1ec1u n\u00e0y r\u1ea5t c\u00f3 \u00edch, gi\u00fap b\u1ea1n ti\u1ebft ki\u1ec7m \u0111\u01b0\u1ee3c r\u1ea5t nhi\u1ec1u th\u1eddi gian c\u0169ng nh\u01b0 c\u00f4ng s\u1ee9c.
<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

1. CTF WarGame<\/strong>: V\u1ec1 CTF (Capture the Flag) th\u00ec \u0111\u00e3 c\u00f3 r\u1ea5t nhi\u1ec1u b\u00e0i vi\u1ebft n\u00f3i v\u1ec1, m\u00ecnh s\u1ebd kh\u00f4ng \u0111i s\u00e2u v\u00e0o gi\u1ea3i th\u00edch CTF l\u00e0 g\u00ec, b\u1ea1n c\u00f3 th\u1ec3 t\u00ecm hi\u1ec3u n\u00f3 \u1edf nhi\u1ec1u ngu\u1ed3n kh\u00e1c nhau. V\u1ec1 b\u1ea3n ch\u1ea5t, m\u00ecnh c\u1ea3m th\u1ea5y CTF \u0111\u01a1n thu\u1ea7n ch\u1ec9 l\u00e0 ph\u01b0\u01a1ng ph\u00e1p h\u1ecdc v\u00e0 n\u00f3 s\u1ebd gi\u00fap b\u1ea1n luy\u1ec7n t\u1eadp c\u00e1c ki\u1ebfn th\u1ee9c \u0111\u00e3 h\u1ecdc m\u1ed9t c\u00e1ch nhanh nh\u1ea5t. Sau khi c\u00f3 \u0111\u01b0\u1ee3c \u0111\u1ea7y \u0111\u1ee7 c\u00e1c ki\u1ebfn th\u1ee9c n\u1ec1n t\u1ea3ng, m\u00ecnh khuy\u1ebfn kh\u00edch c\u00e1c b\u1ea1n th\u1ef1c h\u00e0nh c\u00e1c skills \u0111\u00e3 h\u1ecdc \u0111\u01b0\u1ee3c tr\u00ean n\u1ec1n t\u1ea3ng c\u00e1c CTF WarGame tr\u01b0\u1edbc. \u0110\u00e2y l\u00e0 c\u00e1c th\u1eed th\u00e1ch \u0111\u00e3 \u0111\u01b0\u1ee3c d\u1ef1ng s\u1eb5n d\u1ef1a tr\u00ean c\u00e1c l\u1ed7 h\u1ed5ng \u1ee9ng d\u1ee5ng web. Hi\u1ec7n nay c\u00f3 r\u1ea5t nhi\u1ec1u WarGame ch\u1ea5t l\u01b0\u1ee3ng, m\u00ecnh khuy\u1ebfn kh\u00edch b\u1ea1n luy\u1ec7n t\u1eadp tr\u00ean c\u00e1c WarGame sau: Root-Me<\/a>, RingZer0CTF<\/a>.
<\/p>\n\n\n\n

2. CTF Competitions:<\/strong> T\u01b0\u01a1ng t\u1ef1 nh\u01b0 WarGame, nh\u01b0ng CTF competition s\u1ebd gi\u1edbi h\u1ea1n trong m\u1ed9t kho\u1ea3ng th\u1eddi gian nh\u1ea5t \u0111\u1ecbnh (24 ti\u1ebfng – 48 ti\u1ebfng) t\u00f9y thu\u1ed9c v\u00e0o \u0111\u1ed9 kh\u00f3 c\u1ee7a cu\u1ed9c thi. H\u00e3y ch\u1ecdn c\u00e1c gi\u1ea3i CTF ch\u1ea5t l\u01b0\u1ee3ng \u0111\u1ec3 luy\u1ec7n t\u1eadp c\u0169ng nh\u01b0 tryhard (rating weight >= 25). M\u00ecnh \u0111\u00e3 t\u1eebng th\u1ee9c 48 ti\u1ebfng li\u00ean t\u1ee5c ch\u1ec9 \u0111\u1ec3 ch\u01a1i CTF. Danh s\u00e1ch c\u00e1c gi\u1ea3i CTF lu\u00f4n \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt t\u1ea1i CTFtime<\/a>.
<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

3. WebSec Laboratory:<\/strong> N\u1ebfu b\u1ea1n kh\u00f4ng th\u00edch ho\u1eb7c kh\u00f4ng h\u1ee9ng th\u00fa v\u1edbi CTF ho\u1eb7c v\u00ec m\u1ed9t l\u00fd do g\u00ec \u0111\u00f3 khi\u1ebfn b\u1ea1n kh\u00f3 ch\u1ecbu khi gi\u1ea3i c\u00e1c th\u1eed th\u00e1ch v\u1ec1 CTF (betak, stuck …), kh\u00f4ng v\u1ea5n \u0111\u1ec1 g\u00ec, b\u1ea1n ho\u00e0n to\u00e0n c\u00f3 th\u1ec3 d\u1ef1ng l\u1ea1i c\u00e1c lab v\u1ec1 c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt web, t\u1ef1 v\u1ecdc v\u1ea1ch, khai th\u00e1c n\u00f3. Thay v\u00ec CTF, t\u00e1c gi\u1ea3 \u0111\u00e3 t\u1ea1o s\u1eb5n challenge cho b\u1ea1n, b\u1ea1n ch\u1ec9 vi\u1ec7c ch\u01a1i th\u00f4i, th\u00ec khi l\u00e0m lab, b\u1ea1n ph\u1ea3i setup l\u1ea1i t\u1ea5t c\u1ea3 m\u1ecdi th\u1ee9, t\u1eeb network, config firewall, vhost, docker, setup env … Khi d\u1ef1ng lab, b\u1ea1n s\u1ebd c\u00f3 th\u00eam kha kh\u00e1 skill v\u1ec1 debug, troubleshooting, network, system, database, \u0111i\u1ec1u n\u00e0y s\u1ebd r\u1ea5t c\u00f3 l\u1ee3i cho b\u1ea1n v\u1ec1 giai \u0111o\u1ea1n sau, khi th\u1ef1c chi\u1ebfn tr\u00ean c\u00e1c production th\u1eadt s\u1ef1. Hi\u1ec7n nay hackemall c\u0169ng \u0111\u00e3 c\u00f3 MAWC lab<\/a> \u0111\u01b0\u1ee3c m\u00f4 ph\u1ecfng d\u01b0\u1edbi c\u00e1c d\u1ea1ng c\u00e1c th\u1eed th\u00e1ch CTF, b\u1ea1n ho\u00e0n to\u00e0n c\u00f3 th\u1ec3 th\u1eed s\u1ee9c.

N\u1ebfu b\u1ea1n v\u1eabn kh\u00f4ng c\u00f3 th\u1eddi gian d\u1ef1ng lab hay b\u1eadn b\u1ecbu v\u00ec c\u00e1c l\u00fd do n\u00e0o \u0111\u00f3, kh\u00f4ng sao m\u00ecnh v\u1eabn c\u00f2n plan cu\u1ed1i c\u00f9ng. H\u00e3y th\u1eed c\u00e1c lab sau: PentesterLab<\/a>, Web Security Academy<\/a>. \u0110\u00e2y l\u00e0 hai anh l\u1edbn hi\u1ec7n nay v\u1ec1 WebSec, m\u00ecnh khuy\u1ebfn kh\u00edch b\u1ea1n n\u00ean th\u1eed n\u00f3.
<\/p>\n\n\n\n

4. Audit \/ Secure Code Review<\/strong>: V\u1ec1 c\u01a1 b\u1ea3n, khi ti\u1ebfp c\u1eadn m\u1ed9t v\u1ea5n \u0111\u1ec1 li\u00ean quan t\u1edbi WebSec, b\u1ea1n s\u1ebd c\u00f3 \u0111\u01b0\u1ee3c c\u00e1c th\u00f4ng tin c\u1ee7a target \u0111\u00f3 \u0111\u01b0\u1ee3c chia th\u00e0nh 3 lo\u1ea1i nh\u01b0 sau: Black box, White box v\u00e0 Gray box \u0111\u00fang nh\u01b0 t\u00ean g\u1ecdi c\u1ee7a n\u00f3 theo ngh\u0129a b\u00f3ng. M\u00ecnh s\u1ebd n\u00f3i v\u1ec1 White box trong context n\u00e0y.

\u0110\u1ed1i v\u1edbi White box, b\u1ea1n s\u1ebd c\u00f3 \u0111\u01b0\u1ee3c t\u1ea5t c\u1ea3 th\u00f4ng tin v\u1ec1 \u0111\u1ed1i t\u01b0\u1ee3ng \u0111\u00f3, source code front-end, back-end. M\u1ecdi th\u1ee9 \u0111\u1ec1u t\u01b0\u1eddng minh v\u00e0 r\u00f5 r\u00e0ng, khi ch\u01a1i CTF c\u0169ng v\u1eady, c\u00e1c b\u00e0i m\u00e0 t\u00e1c gi\u1ea3 cung c\u1ea5p \u0111\u1ea7y \u0111\u1ee7 source code \u0111\u1ec1u l\u00e0 c\u00e1c b\u00e0i kh\u00e1 hay v\u00e0 h\u1ea5p d\u1eabn (theo \u00fd ki\u1ebfn c\u00e1 nh\u00e2n). Khi b\u1ea1n \u0111\u1ecdc source code, debug \u0111\u1ec3 gi\u1ea3i quy\u1ebft c\u00e1c v\u1ea5n \u0111\u1ec1 c\u1ee7a m\u1ed9t th\u1eed th\u00e1ch, k\u1ef9 n\u0103ng v\u1ec1 audit, secure code review c\u1ee7a b\u1ea1n s\u1ebd t\u0103ng l\u00ean r\u1ea5t \u0111\u00e1ng k\u1ec3. Sau n\u00e0y khi ti\u1ebfp c\u00e1c c\u00e1c target th\u1ef1c t\u1ebf, b\u1ea1n s\u1ebd kh\u00f4ng b\u1ecb b\u1ee1 ng\u1ee1 ho\u1eb7c b\u1ecb ng\u1ee3p d\u01b0\u1edbi s\u1ed1 l\u01b0\u1ee3ng d\u00f2ng code ho\u00e0n to\u00e0n l\u00ean \u0111\u1ebfn h\u01a1n 4 tri\u1ec7u d\u00f2ng (Magento Framework).
<\/p>\n\n\n\n

5. Mitigations:<\/strong> Khi b\u1ea1n \u0111\u00e3 c\u00f3 \u0111\u01b0\u1ee3c nhi\u1ec1u ki\u1ebfn th\u1ee9c v\u1ec1 t\u1ea5n c\u00f4ng, l\u00fac n\u00e0y m\u00ecnh khuy\u00ean b\u1ea1n n\u00ean h\u1ecdc c\u00e1c c\u00e1ch ph\u00f2ng th\u1ee7: \u1ee8ng d\u1ee5ng web hi\u1ec7n \u0111ang b\u1ecb l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt SQLi th\u00ec patch l\u00e0m sao?, XSS th\u00ec patch sao?, SSRF th\u00ec patch sao? …

Vi\u1ec7c bi\u1ebft \u0111\u01b0\u1ee3c c\u00e1c bi\u1ec7n ph\u00e1p mitigation v\u1eeba gi\u00fap \u00edch cho b\u1ea1n r\u1ea5t nhi\u1ec1u trong vi\u1ec7c nh\u1eadn bi\u1ebft, ph\u00e1n \u0111o\u00e1n \u1ee9ng d\u1ee5ng web hi\u1ec7n t\u1ea1i s\u1ebd c\u00f3 kh\u1ea3 n\u0103ng t\u1ed3n t\u1ea1i l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt n\u00e0o, c\u0169ng nh\u01b0 c\u00f3 \u00edch r\u1ea5t nhi\u1ec1u khi b\u1ea1n th\u1ef1c hi\u1ec7n audit \/ secure code review.
<\/p>\n\n\n\n

6. Mobile Security:<\/strong> Nghe c\u00f3 v\u1ebb kh\u00e1 l\u1ec7ch pha nh\u01b0ng kh\u00f4ng, b\u1ea1n h\u00e3y h\u1ecdc th\u00eam v\u1ec1 mobile security. V\u1ec1 c\u01a1 b\u1ea3n theo m\u00ecnh th\u1ea5y, khi b\u1ea1n th\u1ef1c hi\u1ec7n v\u1ecdc v\u1ea1ch, debug, exploit c\u00e1c \u1ee9ng d\u1ee5ng v\u1ec1 mobile tr\u00ean iOS v\u00e0 android, th\u1ef1c ra \u1edf ph\u00eda back-end n\u00f3 c\u0169ng s\u1ebd g\u1ecdi t\u1edbi c\u00e1c web API, khi \u0111\u00f3 b\u00e0i to\u00e1n l\u1ea1i quay tr\u1edf v\u1ec1 khai th\u00e1c \u1ee9ng d\u1ee5ng web (t\u1ea5t nhi\u00ean l\u00e0 sau khi b\u1ea1n \u0111\u00e3 v\u01b0\u1ee3t qua \u0111\u01b0\u1ee3c c\u00e1c giai \u0111o\u1ea1n setup, debug, thi\u1ebft l\u1eadp env …). V\u1ec1 mobile security hi\u1ec7n t\u1ea1i \u0111\u00e3 c\u00f3 r\u1ea5t nhi\u1ec1u methodology, paper, roadmap tr\u00ean internet. Hackemall hi\u1ec7n c\u0169ng \u0111\u00e3 c\u00f3 m\u1ed9t series li\u00ean quan \u0111\u1ebfn android mobile security<\/a>, m\u00ecnh khuy\u1ebfn kh\u00edch b\u1ea1n n\u00ean tham kh\u1ea3o n\u1ebfu mu\u1ed1n b\u01b0\u1edbc v\u00e0o ch\u00e2n m\u1ea3ng n\u00e0y.<\/p>\n\n\n\n


WebSec Warrior (Gosu Level):<\/strong>

<\/h2>\n\n\n\n
\"\"<\/figure><\/div>\n\n\n\n

Khi t\u1edbi level n\u00e0y, m\u00ecnh \u0111o\u00e1n ch\u1eafc l\u00e0 b\u1ea1n \u0111\u00e3 \u0111i m\u1ed9t con \u0111\u01b0\u1eddng kh\u00e1 d\u00e0i v\u00e0 \u0111\u1ee7 l\u00e2u, ki\u1ebfn th\u1ee9c c\u0169ng \u0111\u00e3 \u0111\u1ea7y \u0111\u1ee7, k\u1ef9 n\u0103ng ng\u00e0y c\u00e0ng ho\u00e0n thi\u1ec7n. Tuy nhi\u00ean, k\u1ef9 thu\u1eadt, xu h\u01b0\u1edbng c\u1ee7a WebSec r\u1ea5t \u0111a d\u1ea1ng v\u00e0 m\u1edbi m\u1ebb, \u0111\u00f2i h\u1ecfi b\u1ea3n th\u00e2n lu\u00f4n ph\u1ea3i lu\u00f4n trau d\u1ed3i, h\u1ecdc h\u1ecfi th\u00eam.<\/p>\n\n\n\n

1. H\u1ecdc, h\u1ecdc n\u1eefa, h\u1ecdc m\u00e3i:<\/strong> H\u00e3y t\u00ecm hi\u1ec3u r\u00f5 v\u1ec1 c\u00e1c k\u1ef9 thu\u1eadt m\u1edbi, xu h\u01b0\u1edbng hi\u1ec7n t\u1ea1i: HTTP Desync Attacks, Web Cache Poisoning, XS-Leaks … hay c\u00e1c attack \u0111ang l\u00e0 trending ngay t\u1ea1i th\u1eddi \u0111i\u1ec3m m\u00ecnh vi\u1ebft b\u00e0i n\u00e0y: Insecure Deserialization tr\u00ean Java v\u00e0 .NET.

Nhi\u1ec1u b\u1ea1n h\u1ecfi m\u00ecnh l\u00e0 m\u00ecnh h\u1ecdc m\u1ea5y th\u1ee9 m\u1edbi m\u1edbi n\u00e0y \u1edf \u0111\u00e2u, th\u00ec m\u00ecnh tr\u1ea3 l\u1eddi lu\u00f4n l\u00e0 m\u00ecnh h\u1ecdc n\u00f3 t\u1eeb c\u00e1c WebSec warriors kh\u00e1c tr\u00ean \"\". M\u00ecnh hay follow c\u00e1c WebSec warriors kh\u00e1c tr\u00ean \u0111\u00e2y, n\u1ebfu b\u1ea1n th\u1ef1c s\u1ef1 nghi\u00eam t\u00fac tr\u00ean con \u0111\u01b0\u1eddng n\u00e0y, m\u00ecnh khuy\u00ean th\u1eadt h\u00e3y s\u1eed d\u1ee5ng twitter. Dont follow your dream, follow my:\u00a0https:\/\/twitter.com\/ducnt_<\/a>
<\/p>\n\n\n\n

2. Tools:<\/strong> T\u1edbi level n\u00e0y, b\u1ea1n ph\u1ea3i bi\u1ebft c\u00e1ch debug, vi\u1ebft tools, vi\u1ebft plugin, add-ons cho c\u00e1c c\u00f4ng c\u1ee5 (\u0111\u1eebng ch\u1ebf l\u1ea1i b\u00e1nh xe) nh\u01b0: Nmap (LUA NSE script), Burp Suite Plugin (Python \/ Java scripts), SQLMap Tamper Data Script …<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

3. Research<\/strong>: T\u00ecm 0-day, CVE (c\u1ee7a c\u00e1c vendor n\u1ed5i ti\u1ebfng v\u00e0 CVE c\u00f3 gi\u00e1 tr\u1ecb cao, \u0111\u1eebng t\u00ecm c\u00e1c useless CVE ho\u1eb7c CVE c\u1ee7a c\u00e1c unknown vendor \ud83d\ude42 ). D\u1ef1ng l\u1ea1i c\u00e1c 1-day exploit.

H\u00e3y lu\u00f4n coi tr\u1ecdng vi\u1ec7c research \u0111\u1ed1i v\u1edbi WebSec. Th\u00e0nh t\u1ef1u c\u1ee7a Pentest \/ Bug bounty \u0111\u1ec1u l\u00e0 k\u1ebft qu\u1ea3 \u0111\u1ebfn t\u1eeb vi\u1ec7c research.<\/p>\n\n\n\n

4. Bug bounty hunter:<\/strong> H\u00e3y ch\u01a1i bug bounty v\u00e0 ki\u1ebfm ti\u1ec1n t\u1eeb n\u00f3, n\u00f3 s\u1ebd gi\u00fap b\u1ea1n c\u00f3 th\u00eam thu nh\u1eadp c\u0169ng nh\u01b0 r\u00e8n luy\u1ec7n c\u00e1c k\u1ef9 n\u0103ng th\u1ef1c chi\u1ebfn. Hi\u1ec7n nay c\u00f3 r\u1ea5t nhi\u1ec1u s\u00e0n bug bounty, m\u00ecnh khuy\u1ebfn kh\u00edch c\u00e1c b\u1ea1n n\u00ean ch\u01a1i c\u00e1c s\u00e0n qu\u1ed1c t\u1ebf v\u00ec s\u1ef1 chuy\u00ean nghi\u1ec7p nh\u01b0: HackerOne<\/a>, Bugcrowd<\/a>.

\u0110\u1ed1i v\u1edbi c\u00e1c s\u00e0n \u1edf Vi\u1ec7t Nam th\u00ec m\u00ecnh kh\u00f4ng tham gia, tuy nhi\u00ean t\u1ea1i h\u1ed9i th\u1ea3o Hack In The Box 2020 LockDown (HITB) v\u1eeba di\u1ec5n ra, m\u1ed9t s\u00e0n bug bounty \u0111\u01b0\u1ee3c th\u00e0nh l\u1eadp v\u00e0 duy tr\u00ec b\u1edfi c\u00e1c anh trong VNSecurity<\/a> ho\u00e0n to\u00e0n m\u1edbi m\u1ebb v\u00e0 kh\u00e1c bi\u1ec7t v\u1edbi c\u00e1c s\u00e0n kh\u00e1c v\u1eeba \u0111\u01b0\u1ee3c ra m\u1eaft: Bug Rank<\/a>.<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

\u0110\u00e2y l\u00e0 m\u1ed9t open source v\u00e0 non-profit bug bounty platform, ho\u00e0n to\u00e0n h\u01b0\u1edbng \u0111\u1ebfn community. M\u00ecnh khuy\u1ebfn kh\u00edch c\u00e1c b\u1ea1n n\u00ean tham gia, tr\u1ea3i nghi\u1ec7m.<\/p>\n\n\n\n

5. Security Conferences:<\/strong> B\u1ea1n h\u00e3y tham gia ho\u1eb7c submit c\u00e1c paper, research \u0111\u1ed1i v\u1edbi c\u00e1c security conferences trong n\u01b0\u1edbc c\u0169ng nh\u01b0 n\u01b0\u1edbc ngo\u00e0i, b\u1ea1n s\u1ebd c\u00f3 c\u01a1 h\u1ed9i g\u1eb7p g\u1ee1 v\u1edbi nhi\u1ec1u ng\u01b0\u1eddi c\u00f9ng \u0111am m\u00ea s\u1edf th\u00edch. B\u1ea1n s\u1ebd h\u1ecdc h\u1ecfi \u0111\u01b0\u1ee3c kh\u00e1 nhi\u1ec1u \u0111i\u1ec1u th\u00fa v\u1ecb \u0111\u1ebfn t\u1eeb nh\u1eefng ng\u01b0\u1eddi \u0111i tr\u01b0\u1edbc.<\/p>\n\n\n\n

6. \u0110\u1ea1o \u0111\u1ee9c ngh\u1ec1 nghi\u1ec7p (optional):<\/strong> \u0110\u00e2y l\u00e0 ph\u1ea7n cu\u1ed1i v\u00e0 c\u0169ng l\u00e0 v\u00e0i l\u1eddi m\u00ecnh mu\u1ed1n nh\u1eafn nh\u1ee7 t\u1edbi c\u00e1c b\u1ea1n tr\u1ebb hi\u1ec7n t\u1ea1i \u0111ang tr\u00ean con \u0111\u01b0\u1eddng tr\u1edf th\u00e0nh WebSec warrior. Khi b\u1ea1n ph\u00e1t hi\u1ec7n th\u1ea5y l\u1ed7i, cho d\u00f9 \u1edf m\u1ee9c \u0111\u1ed9 critical hay \u1edf m\u1ee9c \u0111\u1ed9 medium, c\u00f3 impact c\u1ee5 th\u1ec3, h\u00e3y report n\u00f3 cho vendor \/ company \/ organization … c\u00f3 li\u00ean quan \u0111\u1ebfn l\u1ed7 h\u1ed5ng \u0111\u00f3. <\/p>\n\n\n\n

select * from credit_cards; drop database customers; || rm -rf \/<\/code> <\/strong><\/pre>\n\n\n\n
kh\u00f4ng \u0111\u01b0\u1ee3c khuy\u1ebfn kh\u00edch. H\u00e3y c\u00e2n nh\u1eafc, b\u1ea1n v\u1eeba c\u00f3 kh\u1ea3 n\u0103ng \u0111\u01b0\u1ee3c bug bounty, HoF c\u1ee7a t\u1ed5 ch\u1ee9c \u0111\u00f3 c\u0169ng nh\u01b0 nh\u1eadn \u0111\u01b0\u1ee3c s\u1ef1 respect c\u1ee7a c\u00e1c WebSec warriors kh\u00e1c khi th\u00f4ng b\u00e1o v\u1ec1 l\u1ed7 h\u1ed5ng \u0111\u00f3. \u0110\u1eebng l\u00e0m \u0111i\u1ec1u d\u1ea1i d\u1ed9t.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
What’s next?<\/strong><\/h2>\n\n\n\n
C\u01a1 h\u1ed9i ngh\u1ec1 nghi\u1ec7p: WebSec warriors ho\u00e0n to\u00e0n c\u00f3 th\u1ec3 tr\u1edf th\u00e0nh: Pentester \/ Red Teamer \/ Bug bounty hunter \/ Researcher<\/span><\/strong> t\u00f9y thu\u1ed9c v\u00e0o s\u1edf th\u00edch c\u1ee7a m\u1ed7i ng\u01b0\u1eddi. Chi ti\u1ebft roadmap c\u1ee7a c\u00e1c l\u0129nh v\u1ef1c tr\u00ean s\u1ebd \u0111\u01b0\u1ee3c ra m\u1eaft v\u00e0o th\u1eddi gian t\u1edbi trong khu\u00f4n kh\u1ed5 c\u00e1c series HackerDEX<\/a>. 

Hi v\u1ecdng qua b\u00e0i vi\u1ebft n\u00e0y, n\u00f3 s\u1ebd gi\u00fap \u00edch c\u0169ng nh\u01b0 v\u1ebd ra \u0111\u01b0\u1ee3c con \u0111\u01b0\u1eddng c\u1ee5 th\u1ec3 cho c\u00e1c b\u1ea1n \u0111ang mu\u1ed1n tr\u1edf th\u00e0nh WebSec warrior. Hi\u1ec7n nay c\u1ed9ng \u0111\u1ed3ng security \u1edf Vi\u1ec7t Nam \u0111ang ph\u00e1t tri\u1ec3n kh\u00e1 m\u1ea1nh m\u1ebd, n\u1ebfu b\u1ea1n \u0111ang l\u00e0 sinh vi\u00ean, b\u1ea1n ho\u00e0n to\u00e0n c\u00f3 th\u1ec3 tham gia group VNSEC Foundation<\/a> tr\u00ean telegram \u0111\u1ec3 t\u00ecm hi\u1ec3u c\u0169ng nh\u01b0 n\u1eafm b\u1eaft c\u00e1c c\u01a1 h\u1ed9i trong l\u0129nh v\u1ef1c security d\u00e0nh cho sinh vi\u00ean.

C\u1ea3m \u01a1n v\u00ec \u0111\u00e3 \u0111\u1ecdc, h\u1eb9n g\u1eb7p l\u1ea1i c\u00e1c b\u1ea1n trong c\u00e1c series ti\u1ebfp theo.

~Cheers,
ducnt<\/a>


<\/p>\n","protected":false},"excerpt":{"rendered":"
Hi guys, Nh\u01b0 c\u00e1c th\u00f4ng b\u00e1o \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u0103ng tr\u00ean fanpage c\u1ee7a hackemall, trong chu\u1ed7i c\u00e1c topic c\u1ee7a HackerDEX, h\u00f4m nay m\u00ecnh xin \u0111\u01b0\u1ee3c chia s\u1ebb con \u0111\u01b0\u1eddng m\u00ecnh \u0111\u00e3 \u0111i c\u0169ng nh\u01b0 kinh nghi\u1ec7m c\u1ee7a m\u00ecnh v\u1ec1 m\u1ed9t m\u1ea3ng m\u00e0 \u0111a s\u1ed1 c\u00e1c script kiddies \/ hacker \/ gosu … \u0111\u1ec1u \u0111\u00e3 t\u1eebng tr\u1ea3i […]<\/p>\n","protected":false},"author":2,"featured_media":363,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,3],"tags":[13,11,14,12],"_links":{"self":[{"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/posts\/287"}],"collection":[{"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/comments?post=287"}],"version-history":[{"count":263,"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/posts\/287\/revisions"}],"predecessor-version":[{"id":929,"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/posts\/287\/revisions\/929"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/media\/363"}],"wp:attachment":[{"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/media?parent=287"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/categories?post=287"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackemall.live\/index.php\/wp-json\/wp\/v2\/tags?post=287"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}