You cannot see this page without javascript.

메뉴 건너뛰기

WHKorea

주요정보통신기반시설 기술적 취약점 분석 평가 상세 가이드

 

다운로드 (한국인터넷진흥원)_주요정보통신기반시설_기술적_취약점_분석_평가_상세_가이드_(2017).pdf

 

기술적 취약점 분석ㆍ평가 방법 상세가이드

 

Ⅰ. 개요 ······················································ 1
1. 개요 ·························································· 3
2. 목적 및 구성 ············································ 3
Ⅱ. 보안가이드라인 ····································· 5

 

UNIX 서버
기본/선택
1. 계정 관리 ····································· 11/ 93
2. 파일 및 디렉토리 관리 ················· 24/114
3. 서비스 관리 ································· 45/122
4. 패치 관리 ···································· 88
5. 로그 관리 ····································· 92/145
부록 ··············································· 149

 

윈도우즈 서버
기본/선택
1. 계정 관리 ··································· 165/246
2. 서비스 관리 ······························· 175/266
3. 패치 관리 ··································· 225/287
4. 로그 관리 ··································· 227/290
5. 보안 관리 ··································· 229/293
6. DB 관리 ············································ 311

 

보안장비
기본/선택
1. 계정 관리 ··································· 319/340
2. 접근 관리 ·································· 325
3. 패치 관리 ·································· 328
4. 로그 관리 ·········································· 341
5. 기능 관리 ··································· 330/348

 

네트워크 장비
기본/선택
1. 계정 관리 ··································· 355/386
2. 접근 관리 ··································· 362/390
3. 패치 관리 ·································· 367
4. 로그 관리 ·········································· 396
5. 기능 관리 ··································· 369/405


제어시스템
기본/선택
1. 계정 관리 ·································· 431
2. 패치 관리 ·································· 437
3. 접근 통제 ·································· 439
4. 보안 관리 ··································· 450/465


PC
기본/선택
1. 계정 관리 ··································· 481/520
2. 서비스 관리 ······························· 487/522
3. 패치 관리 ·································· 498
4. 보안 관리 ··································· 506/529


DBMS
기본/선택
1. 계정 관리 ··································· 541/573
2. 접근 관리 ··································· 553/578
3. 옵션 관리 ··································· 561/587
4. 패치 관리 ··································· 565/595
5. 로그 관리 ·········································· 597

 

웹(WEB)
1. 버퍼 오버플로우 ······························· 603
2. 포맷스트링 ········································ 605
3. LDAP 인젝션 ··································· 607
4. 운영체제 명령 실행 ·························· 609
5. SQL 인젝션 ······································ 611
6. SSI 인젝션 ······································· 620
7. XPath 인젝션 ··································· 622
8. 디렉터리 인덱싱 ······························· 624
9. 정보 누출 ········································· 629
10. 악성 콘텐츠 ···································· 632
11. 크로스사이트 스크립트 ··················· 633
12. 약한 문자열 강도 ··························· 638
13. 불충분한 인증 ································· 640
14. 취약한 패스워드 복구 ····················· 642
15. 크로스사이트 리퀘스트 변조(CSRF) 644
16. 세션 예측 ······································· 646
17. 불충분한 인가 ································· 648
18. 불충분한 세션 만료 ························ 650
19. 세션 고정 ······································· 653
20. 자동화 공격 ···································· 654
21. 프로세스 검증 누락 ························ 656
22. 파일 업로드 ···································· 659
23. 파일 다운로드 ································· 667
24. 관리자 페이지 노출 ························ 672
25. 경로 추적 ······································· 675
26. 위치 공개 ······································· 677
27. 데이터 평문 전송 ··························· 679
28. 쿠키 변조 ······································· 681

위로