WeChat small program, the information security session of another Carnival

微信小程序这几天占据了科技新闻不少的版面,相信它是啥,能干啥,各位技术工作者已经耳熟能详了,那么这么一个新鲜事物,对于信息安全领域来说又意味着什么呢?

似乎安全届又可以找到一个小风口,因为一个小程序牵扯到了很多相关的技术领域,而这些领域的结合体似乎又构成了独特的安全漏洞的组合,下面我们来详细的分析一下到底哪些方面是可以利用的。

2017年政法工作如何回应关切?电信诈骗是打击重点

WEB安全,小程序无论包装的多像原生APP,它不过是运行在微信浏览器里的一个小网页,那么所有关于WEB的安全问题在小程序中都会有所体现,比如SQL漏洞,XSS,CSRF等等,只需要稍微熟悉一下小程序前端与微信JSSDK相关的特定API等知识,就可以直接上手去挖掘WEB方面的安全漏洞了。

台湾去年机械设备出口值新台币6,818亿元 改写歷史新高

浏览器安全,小程序构建在微信浏览器上,可以预见,基于WEBKIT的浏览器不会是百分之百安全的,关于浏览器的漏洞挖掘早就是安全研究人员的重点领域了,相信把资源稍微往微信浏览器倾斜一下,发现N个重大的微信浏览器安全漏洞也不是难题。
微信APP安全,还是基于没有百分百安全的逻辑,微信内部与小程序的接口部分也可能存在问题,尤其是跟支付等重要资产相关的部分,必将成为黑客研究的重点,爆出来任何的问题都将是非常严重的。

北京机房搬迁,IT服务外包,整柜租用

总结一下,信息安全届是个善于讲故事的团体,因为其价值也是在各种安全漏洞的利用中得以体现的,那么微信小程序这个事件一定会成为一个不错的谈资,关于其漏洞的挖掘和利用定会引起人们的关注,即使其技术并不新鲜。抓住机会吧,骚年们。。。
微信扫一扫关注该公众号
在事业的初期就做正确的事情,可能会比较困难,甚至会影响发展速度,不过有利于组织的品牌形象,也会给以后省去不少法律方面的风险,早期进行良好的风险控制,有利于长远的业务成长。
WeChat small program these days occupied many scientific news pages, believe it is what you can do, and technical workers have a so so for having heard it many times, new things, for the field of information security, and what it means?
It seems safe again can find a small outlet, because a small program involves a lot of related technology, and the combination of these areas seems to constitute a unique combination of security vulnerabilities, the detailed analysis of what is available.
WEB security, small program for both packaging more like the original APP, it is just a small run on WeChat in the browser, then all about WEB security problems in a small application will be reflected, such as SQL XSS, CSRF and so on, loopholes, slightly familiar with little application related to WeChat JSSDK specific API knowledge need only, you can directly go to the WEB security vulnerabilities mining.
Browser security, small program construction in WeChat browser, can foreknow, WEBKIT browser will not be based on one hundred percent key areas of security, vulnerability mining on the browser is already the security researchers believe, the resources tilt slightly into the WeChat browser, N found a big WeChat browser security vulnerability is not a problem.
The WeChat APP security, or not based on 100% safe logic interface part of WeChat internal and small program may be a problem, especially related to the payment of an important part of the assets, will become the focus of the hacker, burst out any problems will be very serious.
In summary, the information security is a good story because the group is reflected in the value of using a variety of security vulnerabilities in WeChat, then a small program this event will become a good talk about the vulnerability of mining and use will cause the attention of people, even if the technology is not new. Seize the opportunity, Sao year…
Sweep the concern of the public, WeChat

注意早晚锻练时间的安全
信息安全,就是由繁至简。设计过程是繁琐的,使用过程是简易的,由繁琐至简易。

猜您喜欢

2016年信息安全行业的十大收购事件
信息安全意识微视频—移动支付中间人攻击防范
中国企业走向全球,国际化人才要接地气,融中西,海外风险与安全基础知识素养要强化:
关于游戏公司私自为玩家修改数据 使游戏失去平衡性
NASH-GOROD CLASSICALLYALIVE
企业安全歌,唱红中国,唱响全球