{"id":337,"date":"2021-05-28T20:35:09","date_gmt":"2021-05-28T12:35:09","guid":{"rendered":"https:\/\/choson.lifenet.com.tw\/?p=337"},"modified":"2023-03-29T16:52:02","modified_gmt":"2023-03-29T08:52:02","slug":"%e6%bf%ab%e7%94%a8%e6%a1%88%e4%be%8bmisuse-cases","status":"publish","type":"post","link":"https:\/\/choson.lifenet.com.tw\/?p=337","title":{"rendered":"\u6feb\u7528\u6848\u4f8b(misuse cases)"},"content":{"rendered":"\n<p><img decoding=\"async\" src=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210528\/20132160e4i4PZ6zSw.png\" alt=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210528\/20132160e4i4PZ6zSw.png\"><br>-\u7528\u4f8b\u548c\u6feb\u7528\u6848\u4f8b\uff08\u4f86\u6e90\uff1a<a href=\"https:\/\/en.wikipedia.org\/wiki\/Misuse_case\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/en.wikipedia.org\/wiki\/Misuse_case<\/a>)<\/p>\n\n\n\n<p><strong>\u7528\u4f8b\uff08Use Case\uff09<\/strong><br>\u7528\u4f8b\u63cf\u8ff0\u4e86\u4e00\u500b\u6216\u591a\u500b\u5834\u666f\uff0c\u9019\u4e9b\u5834\u666f\u8868\u793a\u53c3\u8207\u8005\uff08\u7528\u6236\uff0c\u4ee3\u7406\uff0c\u7cfb\u7d71\u6216\u5be6\u9ad4\uff09\u5982\u4f55\u8207\u7cfb\u7d71\u4ea4\u4e92\u3002\u7528\u4f8b\u6700\u9069\u5408\u50b3\u9054\u529f\u80fd\u9700\u6c42\u6216\u5f9e\u7528\u6236\u89d2\u5ea6\u51fa\u767c\u3002\u7528\u4f8b\u53ef\u4ee5\u7528\u7d50\u69cb\u6587\u672c\u6216\u5716\u8868\u8868\u793a\u3002\u7528\u4f8b\u7684\u6a19\u984c\u53ef\u4ee5\u4ee5Subject + Verb\u7684\u6a21\u5f0f\u7de8\u5beb\uff0c\u4f8b\u5982\uff0c\u5ba2\u6236\u4e0b\u8a02\u55ae\u3002<\/p>\n\n\n\n<p><strong>\u6feb\u7528\u6848\u4f8b(Misuse Case)<\/strong><br>\u76f8\u53cd\uff0c\u6feb\u7528\u6848\u4f8b\u901a\u5e38\u5f9e\u60e1\u610f\u6216\u7121\u610f\u7684\u7528\u6236\u7684\u89d2\u5ea6\u8a18\u9304\u5c0d\u529f\u80fd\u7684\u5a01\u8105\u3002\u7576\u7528\u6236\u4f7f\u7528\u529f\u80fd\u6642\uff0c\u958b\u767c\u4eba\u54e1\u6703\u69cb\u5efa\u529f\u80fd\u3002\u7528\u4f8b\u6216\u6feb\u7528\u6848\u4f8b\u901a\u5e38\u4e0d\u6703\u8a18\u9304\u958b\u767c\u4eba\u54e1\u7684\u69cb\u5efa\u904e\u7a0b\u6216\u5de5\u4f5c\u3002<br>\u4eba\u975e\u8056\u8ce2\u5b70\u80fd\u3002\u958b\u767c\u4eba\u54e1\u69cb\u5efa\u5e36\u6709\u932f\u8aa4\u7684API\u4e26\u4e0d\u5c11\u898b\u3002\u958b\u767c\u4eba\u54e1\u53ef\u80fd\u6703\u70ba\u4e86\u7cfb\u7d71\u76e3\u8996\u76ee\u7684\u800c\u5275\u5efa\u4e00\u500b\u932f\u8aa4\u7684API\uff0c\u4f46\u6c92\u6709\u4e00\u500b\u6feb\u7528\u6848\u4f8b\uff0c\u9019\u63cf\u8ff0\u4e86\u53c3\u8207\u8005\u8207\u7cfb\u7d71\u9032\u884c\u4ea4\u4e92\u7684\u6b65\u9a5f\uff08\u4e8b\u4ef6\u548c\u97ff\u61c9\uff09\uff0c\u9019\u662f\u6709\u98a8\u96aa\u7684\u3002<\/p>\n\n\n\n<p><strong>SQL\u6ce8\u5165(SQL Injection)<\/strong><br>\u9ed1\u5ba2\u5728\u767b\u9304\u8868\u55ae\u4e2d\u9375\u5165SQL\u8868\u9054\u5f0f\u662f\u4e00\u7a2e\u5178\u578b\u7684\u6feb\u7528\u60c5\u6cc1\u3002<br><img decoding=\"async\" src=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210528\/20132160UKeLwNFDGz.png\" alt=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210528\/20132160UKeLwNFDGz.png\"><br>-SQL\u6ce8\u5165\uff08\u4f86\u6e90\uff1a<a href=\"https:\/\/portswigger.net\/web-security\/sql-injection\" target=\"_blank\" rel=\"noreferrer noopener\">PortSwigger<\/a>\uff09<\/p>\n\n\n\n<p><strong>\u8def\u5f91\/\u76ee\u9304\u904d\u6b77(Path\/Directory Traversal)<\/strong><br>\u8def\u5f91\/\u76ee\u9304\u904d\u6b77\u4f5c\u70ba\u653b\u64ca\u975e\u5e38\u4f9d\u8cf4\u65bc\u76f8\u5c0d\u8def\u5f91\u3002\u9019\u662f\u4e00\u500b\u6f0f\u6d1e\u6216\u6307\u793a\u5668\uff0c\u6703\u5c0e\u81f4\u6feb\u7528\u6848\u4f8b\uff0c\u5373\u7528\u6236\u4f7f\u7528\u76f8\u5c0d\u8def\u5f91\u5728\u8cc7\u6e90\u4e4b\u9593\u5c0e\u822a\u3002<br><img decoding=\"async\" src=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210528\/20132160k4W4dmPU2G.png\" alt=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210528\/20132160k4W4dmPU2G.png\"><br>-\u8cc7\u6599\u4f86\u6e90\uff1a<a href=\"https:\/\/medium.com\/@paul_io\/attack-grams-137d99772d07\" target=\"_blank\" rel=\"noreferrer noopener\">Paul Ionescu<\/a><\/p>\n\n\n\n<p><strong>Web\u53c3\u6578\u7be1\u6539\/\u64cd\u7e31(Web Parameter Tampering\/Manipulation)<\/strong><br>\u5141\u8a31\u5ba2\u6236\u901a\u904e\u8f38\u5165URL\u9032\u5165\u7522\u54c1\u5217\u8868\u7684\u7279\u5b9a\u9801\u9762\uff0c\u9019\u662f\u4e00\u500b\u7cdf\u7cd5\u7684\u8a2d\u8a08\u3002\u5982\u679c\u7528\u6236\u8f38\u5165\u4e86\u7121\u6548\u7684\u9801\u78bc\u600e\u9ebc\u8fa6\uff1f\u8aaa-1\u621665535\u3002<br><img decoding=\"async\" src=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210528\/20132160wC0Pa27HGE.png\" alt=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210528\/20132160wC0Pa27HGE.png\"><br>-\u4ec0\u9ebc\u662f\u7db2\u5740\uff1f<\/p>\n\n\n\n<p><strong>\u53c3\u8003<\/strong><br>.&nbsp;<a href=\"https:\/\/hackingstuffsdotcom.wordpress.com\/attacks\/directory-traversal\/\" target=\"_blank\" rel=\"noreferrer noopener\">\u76ee\u9304\u904d\u6b77<\/a><br>.&nbsp;<a href=\"https:\/\/www.slideshare.net\/dganesan11\/remote-file-path-traversal-attacks-for-fun-and-profit\" target=\"_blank\" rel=\"noreferrer noopener\">\u9060\u7a0b\u6587\u4ef6\u8def\u5f91\u904d\u6b77\u653b\u64ca\u5e36\u4f86\u6a02\u8da3\u548c\u6536\u76ca<\/a><br>.&nbsp;<a href=\"https:\/\/medium.com\/@paul_io\/attack-grams-137d99772d07\" target=\"_blank\" rel=\"noreferrer noopener\">\u653b\u64ca\u514b<\/a><br>.&nbsp;<a href=\"https:\/\/www.whitehatsec.com\/blog\/directory-traversal-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\">TRC\u6280\u8853\u8b1b\u5ea7\uff1a\u76ee\u9304\u904d\u6b77\u653b\u64ca\u8207\u9632\u79a6\u2013\u7b2c1\u90e8\u5206<\/a><br>.&nbsp;<a href=\"http:\/\/faculty.cs.niu.edu\/~mcmahon\/CS241\/Notes\/Unix_Reference\/file_structure.html\" target=\"_blank\" rel=\"noreferrer noopener\">Unix\u6587\u4ef6\u7d50\u69cb<\/a><br>.&nbsp;<a href=\"https:\/\/launchschool.com\/books\/http\/read\/what_is_a_url\" target=\"_blank\" rel=\"noreferrer noopener\">\u4ec0\u9ebc\u662f\u7db2\u5740\uff1f<\/a><br>.&nbsp;<a href=\"https:\/\/owasp.org\/www-community\/attacks\/Web_Parameter_Tampering\" target=\"_blank\" rel=\"noreferrer noopener\">Web\u53c3\u6578\u7be1\u6539<\/a><\/p>\n\n\n\n<p>\u8cc7\u6599\u4f86\u6e90\uff1a\u00a0<a rel=\"noreferrer noopener\" href=\"https:\/\/wentzwu.com\/2021\/03\/18\/cissp-practice-questions-20210319\/\" target=\"_blank\">Wentz Wu QOTD-20210319<\/a><\/p>\n\n\n\n<p>PS:\u6b64\u6587\u7ae0\u7d93\u904e\u4f5c\u8005\u540c\u610f\u520a\u767b \u4e26\u4e14\u6388\u6b0a\u53ef\u4ee5\u7ffb\u8b6f\u6210\u4e2d\u6587<\/p>\n","protected":false},"excerpt":{"rendered":"<p>-\u7528\u4f8b\u548c\u6feb\u7528\u6848\u4f8b\uff08\u4f86\u6e90\uff1ahttps:\/\/en.wikipedia.org\/wiki\/Misuse_case)  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-337","post","type-post","status-publish","format-standard","hentry","category-cisspcertified-information-systems-security-professional"],"_links":{"self":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/337","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=337"}],"version-history":[{"count":2,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/337\/revisions"}],"predecessor-version":[{"id":2882,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/337\/revisions\/2882"}],"wp:attachment":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}