4. 網站程式資安的重要性
Heartland
◦ Date: March, 2008
◦ Impact: 134 million credit cards exposed through SQL injection to install spyware on
Heartland's data systems.
Sony
◦ Date: April 20, 2011
◦ Impact: 77 million PlayStation Network accounts hacked; Sony is said to have lost
millions while the site was down for a month.
ESTsoft
◦ Date: July-August, 2011
◦ Impact: The personal information of 35 million South Koreans was exposed after
hackers breached the security of a popular software provider.
AOL
◦ Date: August 6, 2006
◦ Impact: Data on more than 20 million web inquiries, from more than 650,000 users,
including shopping and banking data were posted publicly on a web site.
3
46. 白箱檢測-修補建議
Information Leak of System Data
◦ 避免將除錯資訊直接輸出到畫面或stdout,可採將
除錯資訊輸出到日誌檔, 且日誌檔的存取受到嚴格
的管控
◦ 不要呼叫e.printStackTrace方法改用
org.apache.commons.logging統一輸出錯誤訊息可通
過白箱檢測
45