Razlike

Slijede razlike između dviju inačica stranice.

--- racfor_wiki:javascript:potencijalne_prijetnje_ranjivosti_u_javascript_ekosustavu [2023/01/13 11:33]
tl51986 [Vulnerabilnost Dependency Confusion]
+++ racfor_wiki:javascript:potencijalne_prijetnje_ranjivosti_u_javascript_ekosustavu [2024/12/05 12:24] (trenutno)
@@ Redak 2: / Redak 2: @@
 ===== Sažetak =====
+U Javascript-u postoji veliki broj potencijalnih napada, u seminaru je obrađena potencijalna prijetnja od "malicious lifecycle script" napada i vulnerabilnosti Dependency Confusion. Kako bih se obranili od navedenih napada potrebno je koristiti poznate pakete s provjerenim komentarima korisnika, dobro proučiti ovisnosti i koristiti "lockfile" te isključiti pokretanje skripti prilikom instalacije.
-Ključne riječi: SSL; TSL; komunikacija; sigurnost; napad
@@ Redak 86: / Redak 85: @@
 [1] [[https://medium.com/@kyle_martin/understanding-and-protecting-against-malicious-npm-package-lifecycle-scripts-8b6129619d7c| Kyle Martin: EUnderstanding and protecting against malicious npm package lifecycle scripts]]
-[2] [[https://medium.com/@kyle_martin/understanding-and-protecting-against-malicious-npm-package-lifecycle-scripts-8b6129619d7c| Kyle Martin: EUnderstanding and protecting against malicious npm package lifecycle scripts]]
+[2] [[https://incolumitas.com/2016/06/08/typosquatting-package-managers/| Nikolai Tschacher: Typosquatting programming language package managers]]
 [3] [[https://itnext.io/fixing-security-vulnerabilities-in-npm-dependencies-in-less-than-3-mins-a53af735261d| Vivek Nayyar: Fixing security vulnerabilities in npm dependencies ]]
+[4] [[https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610| Alex Birsan: Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies]]

racfor_wiki/javascript/potencijalne_prijetnje_ranjivosti_u_javascript_ekosustavu.1673609588.txt.gz · Zadnja izmjena: 2024/12/05 12:23 (vanjsko uređivanje)