資訊安全 on PolloChang 工作筆記 http://pollochang.work/tags/%E8%B3%87%E8%A8%8A%E5%AE%89%E5%85%A8/ Recent content in 資訊安全 on PolloChang 工作筆記 Hugo -- gohugo.io zh-TW © 2026 PolloChang Thu, 17 Jul 2025 22:56:24 +0800 2024 CWE Top 25 http://pollochang.work/worknot/2024cwetop25/ Thu, 17 Jul 2025 22:56:24 +0800 http://pollochang.work/worknot/2024cwetop25/ <ol> <li><strong>Improper Neutralization of Input During Web Page Generation (&lsquo;Cross-site Scripting&rsquo;)</strong> 不正確的網頁生成輸入中和(「跨網站指令碼」)</li> <li><strong>Out-of-bounds Write</strong> 越界寫入</li> <li><strong>Improper Neutralization of Special Elements used in an SQL Command (&lsquo;SQL Injection&rsquo;)</strong> 不正確的 SQL 命令特殊元素中和(「SQL 注入」)</li> <li><strong>Cross-Site Request Forgery (CSRF)</strong> 跨網站請求偽造 (CSRF)</li> <li><strong>Improper Limitation of a Pathname to a Restricted Directory (&lsquo;Path Traversal&rsquo;)</strong> 不正確的限制路徑名稱到受限制目錄(「路徑遍歷」)</li> <li><strong>Out-of-bounds Read</strong> 越界讀取</li> <li><strong>Improper Neutralization of Special Elements used in an OS Command (&lsquo;OS Command Injection&rsquo;)</strong> 不正確的作業系統命令特殊元素中和(「作業系統命令注入」)</li> <li><strong>Use After Free</strong> 釋放後使用</li> <li><strong>Missing Authorization</strong> 缺少授權</li> <li><strong>Unrestricted Upload of File with Dangerous Type</strong> 危險類型檔案的無限制上傳</li> <li><strong>Improper Control of Generation of Code (&lsquo;Code Injection&rsquo;)</strong> 不正確的程式碼生成控制(「程式碼注入」)</li> <li><strong>Improper Input Validation</strong> 不正確的輸入驗證</li> <li><strong>Improper Neutralization of Special Elements used in a Command (&lsquo;Command Injection&rsquo;)</strong> 不正確的命令特殊元素中和(「命令注入」)</li> <li><strong>Improper Authentication</strong> 不正確的身份驗證</li> <li><strong>Improper Privilege Management</strong> 不正確的權限管理</li> <li><strong>Deserialization of Untrusted Data</strong> 不可信資料的反序列化</li> <li><strong>Exposure of Sensitive Information to an Unauthorized Actor</strong> 敏感資訊洩露給未經授權的行為者</li> <li><strong>Incorrect Authorization</strong> 不正確的授權</li> <li><strong>Server-Side Request Forgery (SSRF)</strong> 伺服器端請求偽造 (SSRF)</li> <li><strong>Improper Restriction of Operations within the Bounds of a Memory Buffer</strong> 不正確的記憶體緩衝區操作限制</li> <li><strong>NULL Pointer Dereference</strong> NULL 指標解引用</li> <li><strong>Use of Hard-coded Credentials</strong> 使用硬編碼憑證</li> <li><strong>Integer Overflow or Wraparound</strong> 整數溢位或迴繞</li> <li><strong>Uncontrolled Resource Consumption</strong> 不受控制的資源消耗</li> <li><strong>Missing Authentication for Critical Function</strong> 關鍵功能缺少身份驗證</li> </ol> <h2 class="relative group">參考資料 <div id="參考資料" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#%e5%8f%83%e8%80%83%e8%b3%87%e6%96%99" aria-label="定位點">#</a> </span> </h2> <ul> <li><a href="https://cwe.mitre.org/top25/archive/2024/2024_cwe_top25.html" target="_blank" rel="noreferrer">2024 CWE Top 25 Most Dangerous Software Weaknesses</a></li> </ul> GDPR-通用資料保護條例 http://pollochang.work/worknot/gdpr/ Thu, 17 Jul 2025 22:25:06 +0800 http://pollochang.work/worknot/gdpr/ <h2 class="relative group">簡述 <div id="簡述" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#%e7%b0%a1%e8%bf%b0" aria-label="定位點">#</a> </span> </h2> <p><strong>《通用資料保護條例》(GDPR) 簡述</strong></p> <p>《通用資料保護條例》(General Data Protection Regulation, GDPR) 是歐盟於 2016 年 4 月 27 日通過的法規,旨在<strong>保護自然人在個人資料處理方面的權利和自由,並確保此類資料在歐盟境內的自由流動</strong>。它取代了先前的 95/46/EC 指令,並旨在解決資料保護在歐盟內部實施碎片化、法律不確定性以及公眾對線上活動資料保護風險的普遍擔憂。</p>