٢ SQL Server ﻣﺎﯾ ﺮوﺳﺎﻓﺖ ﺑﺎ ﻫﻤ ﺎری Sybase ﭘﺎﯾ ﺎه داده اﻧﺤﺼﺎری ﺧﻮد را اراﺋﻪ داده اﺳﺖ

داﻧﺸ ﺎه ﺷﻬﯿﺪ ﺑﻬﺸﺘ داﻧﺸ ﺪه ﻣﻬﻨﺪﺳ ﺑﺮق و ﮐﺎﻣﭙﯿﻮﺗﺮ ﭘﺮوژهی ﮐﺎرﺷﻨﺎﺳ ﻣﻬﻨﺪﺳ ﮐﺎﻣﭙﯿﻮﺗﺮ ﮔﺮاﯾﺶ ﻧﺮم اﻓﺰار ﻣﻮﺿﻮع ﭘﺮوژه: ﭼﻬﺎرﭼﻮب ﺗﻮﺳﻌﻪ وب اﻣﻦ اﺳﺘﺎد راﻫﻨﻤﺎ: ﺟﻨﺎب آﻗﺎی دﮐﺘﺮ ذاﮐﺮاﻟﺤﺴﯿﻨ ﮔﺮدآوردﻧﺪه: ﻋﺒﺎس ﻧﺎدری اﻓﻮﺷﺘﻪ abbas.naderi@owasp.org ﺑﻬﺎر ١٣٩١ ﭼ ﯿﺪه: وب ﺑﻪ ﻋﻨﻮان ﻣﻬﻤﺘﺮﯾﻦ ﺑﺴﺘﺮ اراﺋﻪ ﻧﺮماﻓﺰار و ﺳﺮوﯾﺲ، ﺗﺎ ﺟﺎﯾﯽ ﺟﻠﻮ رﻓﺘﻪ ﮐﻪ اﻣﺮوزه ﻣﺤﯿﻂﻫﺎی ﻪﻣﺎﻧﺮﺑﺳﺎزی و ﺣﺘ ﺳﯿﺴﺘﻢﻫﺎی ﻋﺎﻣﻞ ﺗﺤﺖ وب ﻗﺮار ﮔﺮﻓﺘﻪاﻧﺪ.وب ﯾ ﺑﺴﺘﺮ و ﭘﺮوﺗﮑﻞ ﺑﺴﯿﺎر ﺳﺎده اﺳﺖ ﮐﻪ ﺑﺎ اﻫﺪاف دﯾ ﺮی ﻃﺮاﺣ ﺷﺪه ﺑﻮده و ﺑﻪ ﺻﻮرت اﻧﻔﺠﺎری ﮔﺴﺘﺮش ﯾﺎﻓﺘﻪ اﺳﺖ، ﺑﻪ ﻫﻤﯿﻦ دﻟﯿﻞ ﺗﻮﻟﯿﺪ ﻧﺮم- اﻓﺰارﻫﺎی ﻣﺒﺘﻨ ﺑﺮ وب ﻧﯿﺎزﻣﻨﺪ ﭼﻬﺎرﭼﻮبﻫﺎی ﮔﺴﺘﺮده و ﻗﺪرﺗﻤﻨﺪی ﻫﺴﺘﻨﺪ. اﯾﻦ ﭼﻬﺎرﭼﻮبﻫﺎی ﻣﻌﻤﻮﻻ در اﻧﺠﻤﻦﻫﺎی ﻣﺘﻦﺑﺎز ﺷ ﻞ ﮔﺮﻓﺘﻪاﻧﺪ و ﻧﻘﺎط ﺿﻌﻒ اﻣﻨﯿﺘ دارﻧﺪ. در اﯾﻦ ﺳﻨﺪ ﭼﻬﺎرﭼﻮب ﺗﻮﺳﻌﻪ وب اﻣﻦ، ﺑﺎ اﺗﮑﺎ ﺑﻪ دو ﭼﻬﺎرﭼﻮب ﺗﻮﻟﯿﺪ ﺷﺪه ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ اﻣﻨﯿﺖ وب ﻣﻄﺮح ﺷﺪهاﻧﺪ. اﺑﺘﺪا ﻣﻔﺎﻫﯿﻢ و ﺳﺎﺧﺘﺎر وب ﺑﻪ ﺗﻔﺼﯿﻞ ﺑﺤﺚ ﺷﺪه ﺗﺎ ﺧﻮاﻧﻨﺪه ﺑﺘﻮاﻧﺪ ﻧﯿﺎز و ﭘﺎﺳ را ﺑﻪ ﺧﻮﺑﯽ درک ﮐﻨﺪ. ﺳﭙﺲ ﻣﺨﺎﻃﺮات ﻣﻮﺟﻮد در اﻣﻨﯿﺖ وب ﻣﻄﺮح و ﺑﺮرﺳ ﺷﺪهاﻧﺪ و در ﺑﺨﺶ اﻧﺘﻬﺎﯾﯽ راﻫ ﺎرﻫﺎی ﻣﻘﺎﺑﻠﻪ ﺑﺎ اﯾﻦ ﻣﺨﺎﻃﺮات اراﺋﻪ ﺷﺪهاﻧﺪ. ﻣﻔﺎﻫﯿﻤ ﻣﺎﻧﻨﺪ ﻣﻌﻤﺎری وب، ﭘﺮوﺗﮑﻞﻫﺎی ﻣﺠﻮد در وب، ﺗﮑﻨﻮﻟﻮژیﻫﺎی ﻣﻮرد اﺳﺘﻔﺎده در وب، ﮐﺎوﺷ ﺮﻫﺎی وب، اﻣﻨﯿﺖ ﻋﻤﻮﻣ وب، اﻣﻨﯿﺖ ﻧﺮماﻓﺰار، MVC، ﭼﻬﺎرﭼﻮبﻫﺎی ﺗﻮﺳﻌﻪ وب و ﻧﯿﺎزﻣﻨﺪیﻫﺎی آﻧﺎن، ﻣﻌﻀﻼت ﻣﺨﺘﻠﻒ وب، ﺗﻌﺎرﯾﻒ اﻣﻨﯿﺖ اﻃﻼﻋﺎت، راﻫ ﺎرﻫﺎی ﺗﻔﺼﯿﻠ و ﻓﻨ ﻣﻘﺎﺑﻠﻪ ﺑﺎ ﻣﻌﻀﻼت اﻣﻨﯿﺘ و دﯾﺪﮔﺎه درﺳﺖ ﺑﻪ اﻣﻨﯿﺖ وب، ﺑﺮﺧ از ﻣﻄﺎﻟﺐ ﭘﻮﺷﺶ داده ﺷﺪه در اﯾﻦ ﺳﻨﺪ ﻣ ﺪﻨﺷﺎﺑ. ﮐﻠﻤﺎت ﮐﻠﯿﺪی: وب، اﻣﻨﯿﺖ، اﻣﻨﯿﺖ ﻧﺮماﻓﺰار، ﭼﻬﺎرﭼﻮب، ﻧﻔﻮذﮔﺮی، ﺗﻮﺳﻌﻪ ﻧﺮماﻓﺰار، ﻣﻬﻨﺪﺳ ﻧﺮماﻓﺰار ﺐﻟﺎﻄﻣ ﺖﺳﺮﻬﻓ 1 ﻪﻣﺪﻘﻣ .............................................................................١ 2 ﻓﺮﻌﻣ ......................................................................٣ 2.1 اﻣﻨﯿﺖ ﻧﺮم اﻓﺰار ............................................................... ٣ 2.2 وب و HTTP: ................................................................ ٥ 2.3 ﻣﻌﻤﺎری وب: .................................................................. ٩ 2.4 ﺗﮑﻨﻮﻟﻮژﯾﺎﻬی ﻣﻮرد اﺳﺘﻔﺎده در وب: ....................................١٠ HTTP 2.4.1 .......................................................................١١ HTML 2.4.2 .....................................................................١٣ CSS 2.4.3 .........................................................................١٥ Javascript 2.4.4 .................................................................١٦ AJAX 2.4.5 ......................................................................١٨ Web Server 2.4.6 ..............................................................٢٠ Apache 2.4.6.1 ........................................................................٢٢ Internet Information Services (IIS) 2.4.6.2 ..............................٢٣ ٢٬٤٬٦٬٣ nginx ...........................................................................٢٤ Server Side Scripts 2.4.7 ...................................................٢٥ PHP 2.4.7.1 .............................................................................٢٧ ASP 2.4.7.2 .............................................................................٢٩ Java (JSP) 2.4.7.3 ....................................................................٣٠ ColdFusion 2.4.7.4 ..................................................................٣٠ Perl 2.4.7.5 ..............................................................................٣١ Ruby 2.4.7.6 ............................................................................٣٢ Python 2.4.7.7 .........................................................................٣٢ 2.4.7.8 دﯾ ﺮ زﺑﺎﻧﻬﺎ ......................................................................٣٤ Database Server 2.4.8 .......................................................٣٤ Oracle 2.4.8.1 ..........................................................................٣٦ SQL Server 2.4.8.2 ..................................................................٣٦ PostgreSQL 2.4.8.3 .................................................................٣٧ MySQL 2.4.8.4 .......................................................................٣٧ SQLite 2.4.8.5 .........................................................................٣٨ HTML 5 2.4.9 ..................................................................٤٠ 2.4.10 ﮐﺎوﺷ ﺮ وب .................................................................٤٢ 2.4.10.1 ﺎﻣﯾ ﺮوﺳﺎﻓﺖ اﯾﺖﻧﺮﺘﻨ اﮐﺴﭙﻠﻮرر ............................................٤٤ Mozilla Firefox 2.4.10.2 ............................................................٤٦ Opera 2.4.10.3 ...........................................................................٤٧ Google Chrome 2.4.10.4 ...........................................................٤٨ Apple Safari 2.4.10.5 ................................................................٤٨ Mobile Browsers 2.4.10.6 .........................................................٥٠ 2.4.10.7 ﻏﯿﺮه ............................................................................٥١ 2.5 اﻟ ﻮﻫﺎی ﻪﻌﺳﻮﺗ ﻧﺮﻣﺎﻓﺰار وب .............................................٥٣ MVC 2.5.1........................................................................٥٣ Component Based MVC 2.5.2 ..........................................٥٥ 2.6 ﭼﻬﺎرﭼﻮﺑﻬﺎی ﻪﻌﺳﻮﺗ وب ..................................................٥٦ ٢٬۶٬١ اﻧﻮاع ﭼﻬﺎرﭼﻮب ﻪﺑ ﮑﻔﺗﯿ ﻧﻮع زﺑﺎن .................................٥٧ 2.6.1.1 ﭼﻬﺎرﭼﻮﺑﻬﺎی ﻣﻮﺟﻮد ﺮﺑ روی زﺑﺎﻧﻬﺎی ﻏﯿﺮ وﺑﯽ ........................٥٨ 2.6.1.2 ﭼﻬﺎرﭼﻮﺑﻬﺎی ﻣﻮﺟﻮد ﺮﺑ روی زﺑﺎﻧﻬﺎی وﺑﯽ ..............................٥٨ 2.6.2 وﯾﮔﮋﯿﺎﻬی ﻣﺸﺘﺮک ﭼﻬﺎرﭼﻮﺑﻬﺎی ﻪﻌﺳﻮﺗ وب ........................٥٨ 2.6.2.1 دﺳﺘﺮﺳ ﻪﺑ داده ..............................................................٥٩ 2.6.2.1.1دﺳﺘﺮﺳ ﻪﺑ داده ﻘﺘﺴﻣﯿﻢ (Native) ..................................٥٩ أ)اﺗﺼﺎل ﻪﺑ ﺎﭘﯾ ﺎه .....................................................................٦٠ ب)اﻧﺘﺨﺎب ﻊﺒﻨﻣ داده ﻪﻃﻮﺑﺮﻣ ....................................................٦١ ت)ارﺳﺎل دﺳﺘﻮرات ..................................................................٦١ ث)ﻗﻄ ارﺗﺒﺎط ........................................................................٦٥ ج)ﺗﮑﺮار ﻞﮐ ﻓﺮآﯾﺪﻨ ...................................................................٦٥ 2.6.2.1.2دﺳﺘﺮﺳ ﻪﺑ داده اﻧﺘﺰاﻋ (Abstraction Layer) ..................٦٧ 2.6.2.1.3ﺖﺷﺎﮕﻧ رواﺑﻂ اﺷﯿﺎء (ORM) ...........................................٦٩ ٢٬٦٬٢٬١٬٤ﮑﻔﺗﯿ داده از دﺳﺘﻮر در ﺎﭘﯾ ﺎه داده ..................................٧٠ 2.6.2.2 ﺪﻣﯾﺮﯾﺖ ﮐﺎرﺑﺮان ...............................................................٧١ 2.6.2.3 ﺪﻣﯾﺮﯾﺖ ﺖﺴﺸﻧ ................................................................٧١ 2.6.2.4 ﮐﻨﺘﺮل دﺳﺘﺮﺳ ...............................................................٧٣ 2.6.2.4.1ﻟﯿﺖﺴ ﮐﻨﺘﺮل دﺳﺘﺮﺳ (ACL) ........................................٧٤ 2.6.2.4.2ﮐﻨﺘﺮل دﺳﺘﺮﺳ ﺶﻘﻧ ﻣﺤﻮر ............................................٧٤ SEO 2.6.2.5 .............................................................................٧٦ ٢٬٦٬٢٬٦ وب ﺳﺮوﯾﺲ ....................................................................٧٨ ٢٬٦٬٢٬٧ AJAX ..........................................................................٧٩ ٢٬٦٬٢٬٨ ﺪﻣﯾﺮﯾﺖ ﺶﮐ ...................................................................٨٠ ٢٬٦٬٢٬٩ ﺪﻣﯾﺮﯾﺖ ﺎﻄﺧ ...................................................................٨١ ٢٬٦٬٢٬١٠ ﺪﻣﯾﺮﯾﺖ زﻣﺎن...................................................................٨٢ ٢٬٦٬٢٬١١ اﻟ ﻮی ﻪﻌﺳﻮﺗ ...................................................................٨٣ ٢٬٦٬٢٬١٢ ﺐﻟﺎﻗ ﺪﻨﺑی ......................................................................٨٣ ٢٬٦٬٢٬١٣ ﺪﻣﯾﺮﯾﺖ زﺑﺎن ...................................................................٨٤ ٢٬٦٬٢٬١٤ اﻓﺰوﻧﺎﻬﻬ..........................................................................٨٥ ٢٬٦٬٢٬١٥ ﺪﻣﯾﺮﯾﺖ داﻧﻠﻮد .................................................................٨٦ ٢٬٦٬٢٬١٦ ﻪﻌﺳﻮﺗ ﻨﺘﺒﻣ ﺮﺑ ﺖﺴﺗ ........................................................٨٧ ٢٬۶٬٣ ﭼﻬﺎرﭼﻮﺑﻬﺎی ﺗﺠﺎری ﭘﺮﮐﺎرﺑﺮد...........................................٨٩ ASP.NET 2.6.3.1 ....................................................................٨٩ Microsoft .NET Framework 2.6.3.1.1 .....................٩٠ DotNetNuke 2.6.3.1.2 .............................................٩١ C++ 2.6.3.2 .............................................................................٩١ CppCMS 2.6.3.2.1 ..................................................٩١ Wt 2.6.3.2.2 ............................................................٩٢ ٢٬۶٬٣٬٣ ﺟﺎوا ...............................................................................٩٢ Spring 2.6.3.3.1 .......................................................٩٢ Apache Struts 2.6.3.3.2 ...........................................٩٣ Apache Wicket 2.6.3.3.3 .........................................٩٣ Google Web Toolkit 2.6.3.3.4 .................................٩٣ Perl 2.6.3.4 ..............................................................................٩٤ Catalyst 2.6.3.4.1 ....................................................٩٤ ٢٬۶٬٣٬۴٬٢ Dancer ......................................................٩٤ ٢٬۶٬٣٬۵ PHP .............................................................................٩٥ ٢٬۶٬٣٬۵٬١ CakePHP ..................................................٩٥ ٢٬۶٬٣٬۵٬٢ CodeIgniter ..............................................٩٥ Symfony 2.6.3.5.3 ...................................................٩٥ ٢٬۶٬٣٬۵٬۴ Yii ............................................................٩٦ Zend Framework 2.6.3.5.5 ......................................٩٦ jFramework 2.6.3.5.6 ..............................................٩٧ Python 2.6.3.6 .........................................................................٩٧ ٢٬۶٬٣٬۶٬١ django ......................................................٩٧ Pyjamas 2.6.3.6.2 ....................................................٩٨ ٢٬۶٬٣٬٧ Ruby ............................................................................٩٨

Load more