ã•ã‚ˆãªã‚‰CSRF(?) 2017ã¯ã˜ã‚ã« 2017å¹´ã€ã¤ã„ã«OWASP Top 10ãŒæ›´æ–°ã•ã‚Œã¾ã—ãŸã€‚ç†è€…ãŒä¸€ç•ªå°è±¡çš„ã ã£ãŸã®ã¯ã€ŒTop 10ã«CSRFãŒå…¥ã£ã¦ã„ãªã„ã€ã¨ã„ã†ã“ã¨ã§ã™ã€‚ ãªãœCSRFãŒåœå¤–ã«ãªã£ã¦ã—ã¾ã£ãŸã®ã‹ã¯4ページã®ãƒªãƒªãƒ¼ã‚¹ãƒŽãƒ¼ãƒˆã§è»½ã説明ã•ã‚Œã¦ã„ã¾ã™ã€‚「retired, but not forgottenã€ã¤ã¾ã‚Šã€Œå¼•é€€ã—ãŸã...ã§ã‚‚å›ã®äº‹ã¯å¿˜ã‚Œã¦ãªã„よã€ã¨ã„ã†æ„Ÿã˜ã§ã—ょã†ã‹ã€‚全米ãŒCSRFã®ãŸã‚ã«æ³£ããã†ã§ã™ã€‚ ãã‚Œã¯ã•ã¦ãŠãã€å…·ä½“çš„ã«ã¯ã€Œas many frameworks include CSRF defenses, it was found in only 5% of applications.ã€ã¨ã„ã†éƒ¨åˆ†ãŒå¼•é€€ç†ç”±ã ã¨æ€ã‚ã‚Œã¾ã™ã€‚「多ãã®ãƒ•ãƒ¬ãƒ¼ãƒ ワークãŒCSRF対ç–ã‚’å‚™ãˆãŸçµæžœã€5%ã®ã‚¢ãƒ—リケーションã«ã—ã‹CSRFã¯è¦‹ã¤ã‹ã‚‰ãªã‹ã£ãŸã€ã¨ã„ã†ã®ãŒå¼•é€€ã®ç†ç”±ã§ã™ã€‚ ã“ã®ç†ç”±ã‚’èªã‚€ã¨ã€ã€Œã¨ã„ã†ã“
{{#tags}}- {{label}}
{{/tags}}