【從評估檢測必要性到事後風險評估的流程全解密】樂天市場揭露產品資安檢測方法
支付動態 · 2024-07-12
制度化檢測需求及流程細節,注重開發與資安團隊間的溝通
特色1 樂天產品檢查以請求為單位,而非以URL或IP為單位。例如,這個簡單的登入頁面就有高達8個請求,需要各自做一輪資安檢查。攝影/郭又華
特色2 提交檢查需求時,開發團隊需要給資安團隊詳細的產品資訊,包括HTTP請求方法HTTP Method、目標URL,以及各種其他細項參數。攝影/郭又華
特色3 進行資安檢測時,樂天資安工程師會拿到一份詳細的檢查表,以Web產品來說,會有超過100個項目。工程師測試完,還須在檢查表上逐一標註完成。攝影/郭又華
特色4 開發團隊評估漏洞無法在產品上線前修補時,便須由開發和資安團隊主管共同決定是否承擔此風險,並擬定長短期應對計畫。CVSS分數越高,所需簽核主管等級越高。攝影/郭又華
Popular articles
Spanish regulator warns of identity theft via online gambling platforms
Regulation
Elevate Your Casino’s Success with Opexa Game Aggregators
HUIDU Focus
Denise Coates’ charity may have saved Bet365 more in tax than it has given to good causes
Sports Betting
In a rare video message, Light & Wonder CEO says slot issue was ‘an isolated incident’
Regulation
ESPN Bet collects $3M handle in New York mobile debut
Sports Betting
FDJ says it doesn’t foresee French gambling tax hike, as stock price hit
Sports Betting
Hotel-casino court rulings reveal flaws in AI price-fixing allegations
Regulation
Indiana online casino bill stalls in House committee
Regulation
French Gambling Giant FDJ Completes €2.5bn Kindred Group Purchase
Regulation
GeoComply report: Betting while at NFL games soaring so far this season
Sports Betting
German gambling regulator wins case against lottery operator
Regulation
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
The GAT Events 2025 Circuit Kicks Off in Cartagena de Indias
HUIDU Focus
PrizePicks announces two executive staff appointments
Sports Betting
Industry sources: Time to pump the brakes a little on an Alberta online market rollout
Sports Betting
