{"id":626,"date":"2021-07-16T11:42:53","date_gmt":"2021-07-16T03:42:53","guid":{"rendered":"https:\/\/choson.lifenet.com.tw\/?p=626"},"modified":"2023-03-29T16:26:31","modified_gmt":"2023-03-29T08:26:31","slug":"%e8%bb%9f%e9%ab%94%e4%bf%9d%e8%ad%89%e6%88%90%e7%86%9f%e5%ba%a6%e6%a8%a1%e5%9e%8b%ef%bc%88samm%ef%bc%89-%e5%ae%89%e5%85%a8%e5%86%a0%e8%bb%8dsecurity-champion","status":"publish","type":"post","link":"https:\/\/choson.lifenet.com.tw\/?p=626","title":{"rendered":"\u8edf\u9ad4\u4fdd\u8b49\u6210\u719f\u5ea6\u6a21\u578b\uff08SAMM\uff09-\u5b89\u5168\u51a0\u8ecd(Security Champion)"},"content":{"rendered":"\n<p><img decoding=\"async\" src=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210716\/20132160mSQuc8iswi.png\" alt=\"https:\/\/ithelp.ithome.com.tw\/upload\/images\/20210716\/20132160mSQuc8iswi.png\"><br>-SAMM \u6982\u8ff0\uff08\u4f86\u6e90\uff1a<a href=\"https:\/\/owaspsamm.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">https : \/\/owaspsamm.org<\/a>\uff09<br>\u8edf\u9ad4\u4fdd\u969c\u6210\u719f\u5ea6\u6a21\u578b\uff08SAMM\uff09\u662f\u4e00\u500b OWASP \u5c08\u6848\uff0c\u4e00\u500b\u898f\u7bc4\u6a21\u578b\u548c\u4e00\u500b\u958b\u653e\u6846\u67b6\uff0c\u4f7f\u7528\u7c21\u55ae\u3001\u5b9a\u7fa9\u5b8c\u6574\u4e14\u53ef\u8861\u91cf\u3002SAMM 2.0 \u5305\u542b\u4e94\u500b\u696d\u52d9\u529f\u80fd\uff08\u6cbb\u7406\u3001\u8a2d\u8a08\u3001\u5be6\u65bd\u3001\u9a57\u8b49\u548c\u64cd\u4f5c\uff09\uff0c\u5b83\u5011\u4e3b\u8981\u9075\u5faa\u908f\u8f2f\u9806\u5e8f\u6216\u6620\u5c04\u5230\u901a\u7528\u8edf\u9ad4\u958b\u767c\u751f\u547d\u9031\u671f\u3002\u6bcf\u500b\u696d\u52d9\u529f\u80fd\u90fd\u6709\u901a\u904e\u5169\u500b\u6d41\u9023\u63a5\u7684\u4e09\u500b\u5b89\u5168\u5be6\u8e10\uff0c\u5c07\u5b83\u5011\u7d44\u7e54\u6210\u4e00\u500b\u5c64\u6b21\u7d50\u69cb\u4ee5\u9032\u884c\u6027\u80fd\u6e2c\u91cf\u3002\u63db\u53e5\u8a71\u8aaa\uff0c\u6bcf\u500b\u5b89\u5168\u5be6\u8e10\u7684\u6d3b\u52d5\u5c6c\u65bc\u6d41 A \u6216\u6d41 B\u3002\u5b89\u5168\u5be6\u8e10\u7684\u6210\u719f\u5ea6\u7d1a\u5225\uff0c\u4f5c\u70ba\u8edf\u9ad4\u4fdd\u8b49\u76ee\u6a19\uff0c\u53ef\u4ee5\u5206\u70ba\u4e09\u500b\u7d1a\u5225\u3002<\/p>\n\n\n\n<p><strong>[Stream B] \u78ba\u5b9a\u6559\u80b2\u548c\u6307\u5c0e\u7684\u5b89\u5168\u64c1\u8b77\u8005\uff0c\u6210\u719f\u5ea6\u7d1a\u5225 1<\/strong><br>\u201c\u78ba\u5b9a\u5b89\u5168\u51a0\u8ecd\u201d\u662f\u5b89\u5168\u5be6\u8e10\u3001\u6559\u80b2\u548c\u6307\u5c0e\u7684 Stream B \u6d3b\u52d5\uff0c\u8655\u65bc\u6210\u719f\u5ea6\u7d1a\u5225 1\u3002\u5b83\u5e36\u4f86\u4e86\u5b89\u5168\u5728\u958b\u767c\u7d44\u7e54\u4e2d\u7684\u57fa\u672c\u5d4c\u5165\u7684\u597d\u8655\u3002\u4ee5\u4e0b\u6458\u81ea<a href=\"https:\/\/github.com\/OWASP\/samm\/raw\/master\/Supporting%20Resources\/v2.0\/OWASP-SAMM-v2.0.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">OWASP SAMM v2.0<\/a>&nbsp;\u2013 \u6838\u5fc3\u6a21\u578b\u6587\u6a94\uff1a<br>. \u5be6\u65bd\u4e00\u500b\u8a08\u5283\uff0c\u5176\u4e2d\u6bcf\u500b\u8edf\u9ad4\u958b\u767c\u5718\u968a\u90fd\u6709\u4e00\u540d\u6210\u54e1\u88ab\u8996\u70ba\u201c\u5b89\u5168\u51a0\u8ecd\u201d\uff0c\u4ed6\u662f\u8cc7\u8a0a\u5b89\u5168\u548c\u958b\u767c\u4eba\u54e1\u4e4b\u9593\u7684\u806f\u7d61\u4eba\u3002<br>. \u6839\u64da\u5718\u968a\u7684\u898f\u6a21\u548c\u7d50\u69cb\uff0c\u201c\u5b89\u5168\u51a0\u8ecd\u201d\u53ef\u80fd\u662f\u8edf\u9ad4\u958b\u767c\u4eba\u54e1\u3001\u6e2c\u8a66\u4eba\u54e1\u6216\u7522\u54c1\u7d93\u7406\u3002<br>. \u201c\u5b89\u5168\u51a0\u8ecd\u201d\u6bcf\u5468\u6709\u56fa\u5b9a\u7684\u5c0f\u6642\u6578\u7528\u65bc\u8cc7\u8a0a\u5b89\u5168\u76f8\u95dc\u6d3b\u52d5\u3002\u4ed6\u5011\u5b9a\u671f\u53c3\u52a0\u7c21\u5831\u6703\uff0c\u4ee5\u63d0\u9ad8\u5c0d\u4e0d\u540c\u5b89\u5168\u5b78\u79d1\u7684\u8a8d\u8b58\u548c\u5c08\u696d\u77e5\u8b58\u3002<br>. \u201c\u5b89\u5168\u51a0\u8ecd\u201d\u63a5\u53d7\u4e86\u984d\u5916\u7684\u57f9\u8a13\uff0c\u4ee5\u5e6b\u52a9\u57f9\u990a\u9019\u4e9b\u8edf\u9ad4\u5b89\u5168\u4e3b\u984c\u5c08\u5bb6\u7684\u89d2\u8272\u3002\u51fa\u65bc\u6587\u5316\u539f\u56e0\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u81ea\u5b9a\u7fa9\u5275\u5efa\u548c\u652f\u6301\u201c\u5b89\u5168\u51a0\u8ecd\u201d\u7684\u65b9\u5f0f\u3002<br>. \u8a72\u8077\u4f4d\u7684\u76ee\u6a19\u662f\u63d0\u9ad8\u61c9\u7528\u7a0b\u5e8f\u5b89\u5168\u548c\u5408\u898f\u6027\u7684\u6709\u6548\u6027\u548c\u6548\u7387\uff0c\u4e26\u52a0\u5f37\u5404\u500b\u5718\u968a\u8207\u8cc7\u8a0a\u5b89\u5168\u4e4b\u9593\u7684\u95dc\u4fc2\u3002\u70ba\u5be6\u73fe\u9019\u4e9b\u76ee\u6a19\uff0c\u201c\u5b89\u5168\u51a0\u8ecd\u201d\u5354\u52a9\u7814\u7a76\u3001\u9a57\u8b49\u548c\u78ba\u5b9a\u8207\u5b89\u5168\u548c\u5408\u898f\u6027\u76f8\u95dc\u7684\u8edf\u9ad4\u7f3a\u9677\u7684\u512a\u5148\u7d1a\u3002\u4ed6\u5011\u53c3\u8207\u6240\u6709\u98a8\u96aa\u8a55\u4f30\u3001\u5a01\u8105\u8a55\u4f30\u548c\u67b6\u69cb\u5be9\u67e5\uff0c\u901a\u904e\u4f7f\u61c9\u7528\u7a0b\u5e8f\u67b6\u69cb\u66f4\u5177\u5f48\u6027\u4e26\u6e1b\u5c11\u653b\u64ca\u5a01\u8105\u9762\u4f86\u5e6b\u52a9\u78ba\u5b9a\u4fee\u5fa9\u5b89\u5168\u7f3a\u9677\u7684\u6a5f\u6703\u3002<br>. \u9664\u4e86\u5354\u52a9\u8cc7\u8a0a\u5b89\u5168\u4e4b\u5916\uff0c\u201c\u5b89\u5168\u51a0\u8ecd\u201d\u9084\u70ba\u5c08\u6848\u5718\u968a\u5b9a\u671f\u5be9\u67e5\u6240\u6709\u8207\u5b89\u5168\u76f8\u95dc\u7684\u554f\u984c\uff0c\u4ee5\u4fbf\u6bcf\u500b\u4eba\u90fd\u4e86\u89e3\u554f\u984c\u4ee5\u53ca\u4efb\u4f55\u7576\u524d\u548c\u672a\u4f86\u7684\u88dc\u6551\u5de5\u4f5c\u3002\u901a\u904e\u8b93\u6574\u500b\u958b\u767c\u5718\u968a\u53c3\u8207\u9032\u4f86\uff0c\u9019\u4e9b\u8a55\u8ad6\u88ab\u7528\u4f86\u5e6b\u52a9\u96c6\u601d\u5ee3\u76ca\u89e3\u6c7a\u66f4\u8907\u96dc\u7684\u554f\u984c\u3002<br>\u8a55\u4f30\u554f\u984c<br>\u60a8\u662f\u5426\u70ba\u6bcf\u500b\u958b\u767c\u5718\u968a\u78ba\u5b9a\u4e86\u4e00\u540d\u5b89\u5168\u51a0\u8ecd\uff1f<br>\u2013 \u5426<br>\u2013 \u662f\uff0c\u5c0d\u65bc\u67d0\u4e9b\u5718\u968a<br>\u2013 \u662f\uff0c\u5c0d\u65bc\u81f3\u5c11\u4e00\u534a\u7684\u5718\u968a<br>\u2013 \u662f\uff0c\u5c0d\u65bc\u5927\u591a\u6578\u6216\u6240\u6709\u5718\u968a<\/p>\n\n\n\n<p><strong>\u8cea\u91cf\u6a19\u6e96<\/strong><br>\u2013 \u5b89\u5168\u51a0\u8ecd\u63a5\u53d7\u9069\u7576\u7684\u57f9\u8a13<br>\u2013 \u61c9\u7528\u7a0b\u5e8f\u5b89\u5168\u548c\u958b\u767c\u5718\u968a\u6703\u5b9a\u671f\u6536\u5230\u5b89\u5168\u51a0\u8ecd\u7684\u7c21\u5831\u5b89\u5168\u8a08\u5283\u548c\u4fee\u5fa9\u7684\u7e3d\u9ad4\u72c0\u614b<br>\u2014\u2014\u5b89\u5168\u51a0\u8ecd\u5728\u6dfb\u52a0\u5230\u61c9\u7528\u7a0b\u5e8f\u7a4d\u58d3\u4e4b\u524d\u5be9\u67e5\u5916\u90e8\u6e2c\u8a66\u7684\u7d50\u679c<\/p>\n\n\n\n<p><strong>[Stream A] \u5b9a\u5236\u5b89\u5168\u57f9\u8a13\u3001\u6559\u80b2\u548c\u6307\u5c0e@\u6210\u719f\u5ea6\u7d1a\u5225 2<\/strong><br>\u5b89\u5168\u51a0\u8ecd\u5c31 SDLC \u5404\u500b\u968e\u6bb5\u7684\u5b89\u5168\u4e3b\u984c\u9032\u884c\u57f9\u8a13\u3002\u4ed6\u5011\u63a5\u53d7\u8207\u958b\u767c\u4eba\u54e1\u548c\u6e2c\u8a66\u4eba\u54e1\u76f8\u540c\u7684\u57f9\u8a13\uff0c\u4f46\u4e5f\u4e86\u89e3\u5a01\u8105\u5efa\u6a21\u548c\u5b89\u5168\u8a2d\u8a08\uff0c\u4ee5\u53ca\u53ef\u4ee5\u96c6\u6210\u5230\u69cb\u5efa\u74b0\u5883\u4e2d\u7684\u5b89\u5168\u5de5\u5177\u548c\u6280\u8853\u3002<\/p>\n\n\n\n<p><strong>[Stream B] \u5efa\u7acb\u5b89\u5168\u793e\u5340\uff0c\u6559\u80b2\u548c\u6307\u5c0e@\u6210\u719f\u5ea6\u7d1a\u5225 3<\/strong><br>\u570d\u7e5e\u89d2\u8272\u548c\u8077\u8cac\u5f62\u6210\u793e\u5340\uff0c\u4e26\u4f7f\u4f86\u81ea\u4e0d\u540c\u5718\u968a\u548c\u696d\u52d9\u90e8\u9580\u7684\u958b\u767c\u4eba\u54e1\u548c\u5de5\u7a0b\u5e2b\u80fd\u5920\u81ea\u7531\u4ea4\u6d41\u4e26\u5f9e\u5f7c\u6b64\u7684\u5c08\u696d\u77e5\u8b58\u4e2d\u53d7\u76ca\u3002\u9f13\u52f5\u53c3\u8207\uff0c\u5efa\u7acb\u4e00\u500b\u8a08\u5283\u4f86\u63d0\u5347\u90a3\u4e9b\u5e6b\u52a9\u6700\u591a\u7684\u4eba\u6210\u70ba\u601d\u60f3\u9818\u8896\uff0c\u4e26\u8b93\u7ba1\u7406\u5c64\u8a8d\u53ef\u4ed6\u5011\u3002\u9664\u4e86\u63d0\u9ad8\u61c9\u7528\u7a0b\u5e8f\u5b89\u5168\u6027\u4e4b\u5916\uff0c\u8a72\u5e73\u53f0\u9084\u53ef\u4ee5\u6839\u64da\u4ed6\u5011\u7684\u5c08\u696d\u77e5\u8b58\u548c\u5e6b\u52a9\u4ed6\u4eba\u7684\u610f\u9858\u5e6b\u52a9\u78ba\u5b9a\u5b89\u5168\u8edf\u9ad4\u5353\u8d8a\u4e2d\u5fc3\u7684\u672a\u4f86\u6210\u54e1\u6216\u201c\u5b89\u5168\u51a0\u8ecd\u201d\u3002<\/p>\n\n\n\n<p><strong>[Stream B] \u6a19\u6e96\u5316\u548c\u64f4\u5c55\u5a01\u8105\u5efa\u6a21\uff0c\u5a01\u8105\u8a55\u4f30@\u6210\u719f\u5ea6\u7d1a\u5225 2<\/strong><br>\u57f9\u8a13\u60a8\u7684\u67b6\u69cb\u5e2b\u3001\u5b89\u5168\u64c1\u8b77\u8005\u548c\u5176\u4ed6\u5229\u76ca\u76f8\u95dc\u8005\u5982\u4f55\u9032\u884c\u5be6\u969b\u5a01\u8105\u5efa\u6a21\u3002\u5a01\u8105\u5efa\u6a21\u9700\u8981\u7406\u89e3\u3001\u6e05\u6670\u7684\u5287\u672c\u548c\u6a21\u677f\u3001\u7279\u5b9a\u65bc\u7d44\u7e54\u7684\u793a\u4f8b\u548c\u7d93\u9a57\uff0c\u9019\u4e9b\u90fd\u5f88\u96e3\u5be6\u73fe\u81ea\u52d5\u5316\u3002<\/p>\n\n\n\n<p><strong>[Stream B] \u5efa\u7acb\u6ef2\u900f\u6e2c\u8a66\u6d41\u7a0b\uff0cSecurity Testing @ Maturity Level 2<\/strong><br>\u6ef2\u900f\u6e2c\u8a66\u6848\u4f8b\u5305\u62ec\u7528\u65bc\u6aa2\u67e5\u696d\u52d9\u908f\u8f2f\u5065\u5168\u6027\u7684\u7279\u5b9a\u65bc\u61c9\u7528\u7a0b\u5e8f\u7684\u6e2c\u8a66\uff0c\u4ee5\u53ca\u7528\u65bc\u6aa2\u67e5\u8a2d\u8a08\u548c\u5be6\u73fe\u7684\u5e38\u898b\u6f0f\u6d1e\u6e2c\u8a66\u3002\u4e00\u65e6\u6307\u5b9a\uff0c\u7cbe\u901a\u5b89\u5168\u7684\u8cea\u91cf\u4fdd\u8b49\u6216\u958b\u767c\u4eba\u54e1\u5c31\u53ef\u4ee5\u57f7\u884c\u5b89\u5168\u6e2c\u8a66\u7528\u4f8b\u3002\u4e2d\u592e\u8edf\u9ad4\u5b89\u5168\u7d44\u76e3\u63a7\u5c08\u6848\u5718\u968a\u5b89\u5168\u6e2c\u8a66\u7528\u4f8b\u7684\u9996\u6b21\u57f7\u884c\uff0c\u4ee5\u5354\u52a9\u548c\u6307\u5c0e\u5718\u968a\u5b89\u5168\u51a0\u8ecd\u3002<\/p>\n\n\n\n<p><strong>[Stream B] \u5efa\u7acb\u6301\u7e8c\u7684\u3001\u53ef\u64f4\u5c55\u7684\u5b89\u5168\u9a57\u8b49\uff0c\u5b89\u5168\u6e2c\u8a66@\u6210\u719f\u5ea6\u7d1a\u5225 3<\/strong><br>\u5b89\u5168\u51a0\u8ecd\u548c\u4e2d\u592e\u5b89\u5168\u8edf\u9ad4\u5c0f\u7d44\u5728\u958b\u767c\u904e\u7a0b\u4e2d\u4e0d\u65b7\u5be9\u67e5\u81ea\u52d5\u548c\u624b\u52d5\u5b89\u5168\u6e2c\u8a66\u7684\u7d50\u679c\uff0c\u5c07\u9019\u4e9b\u7d50\u679c\u4f5c\u70ba\u958b\u767c\u5718\u968a\u5b89\u5168\u610f\u8b58\u57f9\u8a13\u7684\u4e00\u90e8\u5206\u3002\u6574\u5408\u6574\u9ad4\u5287\u672c\u4e2d\u7684\u7d93\u9a57\u6559\u8a13\uff0c\u4ee5\u6539\u9032\u4f5c\u70ba\u7d44\u7e54\u767c\u5c55\u4e00\u90e8\u5206\u7684\u5b89\u5168\u6e2c\u8a66\u3002\u5982\u679c\u6709\u672a\u89e3\u6c7a\u7684\u767c\u73fe\u4ecd\u7136\u662f\u767c\u5e03\u7684\u53ef\u63a5\u53d7\u98a8\u96aa\uff0c\u5229\u76ca\u76f8\u95dc\u8005\u548c\u958b\u767c\u7d93\u7406\u61c9\u5171\u540c\u88fd\u5b9a\u89e3\u6c7a\u9019\u4e9b\u554f\u984c\u7684\u5177\u9ad4\u6642\u9593\u8868\u3002<\/p>\n\n\n\n<p><strong>\u53c3\u8003<\/strong><br>.\u00a0<a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/OWASP\/samm\/raw\/master\/Supporting%20Resources\/v2.0\/OWASP-SAMM-v2.0.pdf\" target=\"_blank\">OWASP SAMM 2.0<\/a><br>\u8cc7\u6599\u4f86\u6e90\uff1a\u00a0<a rel=\"noreferrer noopener\" href=\"https:\/\/wentzwu.com\/2021\/07\/14\/cissp-practice-questions-20210714\/\" target=\"_blank\">Wentz Wu QOTD-202107014<\/a><\/p>\n\n\n\n<p>PS:\u6b64\u6587\u7ae0\u7d93\u904e\u4f5c\u8005\u540c\u610f\u520a\u767b \u4e26\u4e14\u6388\u6b0a\u53ef\u4ee5\u7ffb\u8b6f\u6210\u4e2d\u6587<br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>-SAMM \u6982\u8ff0\uff08\u4f86\u6e90\uff1ahttps : \/\/owaspsamm.org\uff09\u8edf\u9ad4\u4fdd\u969c\u6210\u719f\u5ea6\u6a21\u578b\uff08SAMM\uff09\u662f\u4e00\u500b  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":true,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-626","post","type-post","status-publish","format-standard","hentry","category-cisspcertified-information-systems-security-professional"],"_links":{"self":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/626","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=626"}],"version-history":[{"count":2,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/626\/revisions"}],"predecessor-version":[{"id":2840,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/626\/revisions\/2840"}],"wp:attachment":[{"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=626"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/choson.lifenet.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}