{"id":316283,"date":"2025-04-24T15:01:00","date_gmt":"2025-04-24T07:01:00","guid":{"rendered":"https:\/\/pingtungtimes.com.tw\/?p=316283"},"modified":"2025-04-24T15:01:00","modified_gmt":"2025-04-24T07:01:00","slug":"hclsoftware-%e6%8e%a8%e5%87%ba-hcl-appscan-api-%e5%ae%89%e5%85%a8%e8%a7%a3%e6%b1%ba%e6%96%b9%e6%a1%88","status":"publish","type":"post","link":"https:\/\/pingtungtimes.com.tw\/?p=316283","title":{"rendered":"HCLSoftware \u63a8\u51fa HCL AppScan API \u5b89\u5168\u89e3\u6c7a\u65b9\u6848"},"content":{"rendered":"
\n

\u4e00\u7a2e\u5168\u9762\u7684 API \u5b89\u5168\u89e3\u6c7a\u65b9\u6848\uff0c\u65e8\u5728\u5e6b\u52a9\u7d44\u7e54\u6709\u6548\u7ba1\u7406 API \u8cc7\u7522\uff0c\u540c\u6642\u964d\u4f4e\u98a8\u96aa\u3002 <\/i><\/p>\n

\u5370\u5ea6\u8afe\u4f0a\u9054<\/span>2025\u5e744\u670824\u65e5<\/span> \/\u7f8e\u901a\u793e\/ — \u5168\u7403\u9818\u5148\u7684\u4f01\u696d\u8edf\u4ef6\u89e3\u6c7a\u65b9\u6848\u4f9b\u61c9\u5546 HCLSoftware \u4eca\u5929\u5ba3\u4f48\u8207 Salt Security \u651c\u624b\u63a8\u51fa HCL AppScan API Security\u3002\u6b64\u5168\u9762\u7684 API \u5b89\u5168\u6027\u8a08\u5283\uff0c\u8b93\u7d44\u7e54\u6709\u6548\u7ba1\u7406\u6240\u6709 API \u8cc7\u7522\uff0c\u4e26\u78ba\u4fdd\u8cc7\u7522\u80fd\u6301\u7e8c\u63d0\u4f9b\u5546\u696d\u50f9\u503c\uff0c\u4e0d\u6703\u5f15\u5165\u66f4\u9ad8\u5c64\u7d1a\u7684\u98a8\u96aa\u3002<\/p>\n

HCL AppScan API Security \u65e8\u5728\u901a\u904e\u7d93\u5c08\u5bb6\u8a13\u7df4\u7684\u4eba\u5de5\u667a\u80fd\u63a2\u7d22\u5e73\u53f0\uff0c\u6e1b\u5c11\u5b89\u5168\u6027\u76f2\u9ede\uff1a\u5e73\u53f0\u53ef\u67e5\u627e\u548c\u6e05\u67e5\u6240\u6709 API \u8cc7\u7522\uff0c\u78ba\u4fdd\u5728\u904b\u884c\u548c\u958b\u767c\u4e2d\u7684\u4f01\u696d API \u6a19\u6e96\uff0c\u4e26\u8207\u52d5\u614b\u5206\u6790\u7121\u7e2b\u6574\u5408\uff0c\u4ee5\u7cbe\u78ba\u627e\u51fa\u548c\u4fee\u5fa9\u6f0f\u6d1e\u3002\u00a0<\/p>\n

\u61c9\u7528\u7a0b\u5f0f\u7de8\u7a0b\u4ecb\u9762 (API) \u6b63\u5728\u8fc5\u901f\u6539\u8b8a\u6578\u78bc\u74b0\u5883\uff0cAPI \u73fe\u5728\u4f54\u6240\u6709\u7db2\u9801\u6d41\u91cf\u7684 50% \u4ee5\u4e0a\u3002API \u53ef\u4ee5\u4fc3\u9032\u61c9\u7528\u7a0b\u5f0f\u4e4b\u9593\u7684\u9806\u66a2\u901a\u8a0a\uff0c\u73fe\u5728\u5df2\u4f9d\u8cf4\u65bc\u63a8\u52d5\u96f2\u7aef\u670d\u52d9\u3001\u6d41\u52d5\u61c9\u7528\u7a0b\u5f0f\u548c\u7269\u806f\u7db2 (IoT) \u88dd\u7f6e\u3002\u4f46\u6240\u6709\u9019\u4e9b\u6d41\u91cf\u540c\u6642\u4e5f\u8b93 API \u6210\u70ba\u53ef\u80fd\u88ab\u60e1\u610f\u653b\u64ca\u8005\u5229\u7528\u7684\u4e3b\u8981\u653b\u64ca\u5a92\u4ecb\uff0c\u7d44\u7e54\u73fe\u5728\u9762\u81e8\u5168\u65b0\u7684\u5b89\u5168\u6311\u6230\u3002<\/p>\n

HCLSoftware \u57f7\u884c\u526f\u4e3b\u5e2d Rajesh Iyer<\/span> \u8868\u793a\uff1a\u300c\u5c0d API \u7684\u4f9d\u8cf4\u65e5\u76ca\u589e\u52a0\uff0c\u4ee4\u5f37\u5927\u7684 API \u5b89\u5168\u6027\u6210\u70ba\u8463\u4e8b\u6703\u5c64\u7d1a\u7684\u95dc\u6ce8\uff0c\u6240\u6709\u5ba2\u6236\u90fd\u5e0c\u671b\u6539\u5584\u5176\u5b89\u5168\u72c0\u614b\u4e26\u4fdd\u8b77\u5176\u6578\u78bc\u751f\u614b\u7cfb\u7d71\u3002<\/p>\n

2023 \u5e74\uff0c\u7121\u8ad6\u662f API \u653b\u64ca\u7684\u7e3d\u6578\uff0c\u9084\u662f\u8207 API \u6f0f\u6d1e\u76f8\u95dc\u7684\u8cc7\u6599\u5916\u6d29\u6bd4\u4f8b\uff0c\u90fd\u6bd4\u524d\u5e7e\u5e74\u5927\u5e45\u589e\u52a0\uff0c\u800c\u4e14\u8da8\u52e2\u65b9\u8208\u672a\u827e\u3002\u5728 Salt Security \u6700\u8fd1\u767c\u8868\u7684 2024 \u5e74 API \u5b89\u5168\u72c0\u614b\u5831\u544a\u4e2d\uff0c37% \u7684\u53d7\u8a2a\u6a5f\u69cb\u8868\u793a\u66fe\u767c\u751f API \u76f8\u95dc\u7684\u5b89\u5168\u4e8b\u6545\uff0c\u662f\u524d\u4e00\u5e74\u7684\u5169\u500d\u3002\u50c5\u5728 2024 \u5e74\u7684\u524d\u516d\u500b\u6708\uff0c\u5404\u9593\u65b0\u805e\u6a5f\u69cb\u5c31\u5831\u5c0e\u4e86\u591a\u500b\u884c\u696d\u7684\u5927\u898f\u6a21 API \u76f8\u95dc\u653b\u64ca\uff0c\u5305\u62ec\u793e\u4ea4\u5a92\u9ad4\u548c\u6a94\u6848\u5206\u4eab\u5e73\u53f0\u3001\u79d1\u6280\u516c\u53f8\u548c\u96fb\u5b50\u5546\u52d9\u7db2\u7ad9\u7b49\u7b49\uff0c\u5c0e\u81f4\u6578\u767e\u842c\u4f7f\u7528\u8005\u7684\u8cc7\u6599\u5916\u6d29\u3002<\/p>\n

API \u5df2\u7d93\u7121\u8655\u4e0d\u5728\uff0c\u8a31\u591a\u516c\u53f8\u751a\u81f3\u4e0d\u77e5\u9053\u81ea\u5df1\u6b63\u5728\u4f7f\u7528\u591a\u5c11 API\u3002\u4e2d\u578b\u548c\u5927\u578b\u7d44\u7e54\u7684\u6578\u76ee\uff0c\u53ef\u8f15\u6613\u9054\u5230\u6578\u767e\u500b\u4e4b\u591a\u3002API \u73fe\u5728\u5728\u6bcf\u500b\u884c\u696d\u4e2d\u90fd\u626e\u6f14\u4e86\u591a\u500b\u89d2\u8272\uff0c\u6700\u986f\u7136\u5728\u529f\u80fd\u65b9\u9762\uff0c\u4f8b\u5982\u7db2\u4e0a\u8cfc\u7269\u3001\u5a92\u9ad4\u4ea4\u4ed8\u3001\u4ed8\u6b3e\u9598\u9053\u3001\u5de5\u4f5c\u6d41\u7a0b\u81ea\u52d5\u5316\u3001\u5fae\u670d\u52d9\u3001\u8edf\u4ef6\u958b\u767c\u7b49\u529f\u80fd\uff0c \u6b64\u985e\u4f8b\u5b50\u4e0d\u52dd\u679a\u8209\u3002\u9019\u8868\u793a\u4fdd\u8b77 API \u5b89\u5168\u7684\u7b2c\u4e00\u6b65\uff0c\u5c31\u662f\u6536\u96c6\u5b8c\u6574\u4e14\u7cbe\u78ba\u7684\u4f7f\u7528\u6e05\u55ae\u3002<\/p>\n

HCL AppScan \u6280\u8853\u7e3d\u76e3 Colin Bell<\/span> \u8868\u793a\uff1a\u300cHCL AppScan API Security \u7684\u4e3b\u8981\u529f\u80fd\u4e4b\u4e00\u662f\u6301\u7e8c\u767c\u73fe\u548c\u8a18\u9304\u7d44\u7e54\u7684\u6574\u500b API \u5eab\u5b58\uff0c\u4f7f\u5b89\u5168\u5718\u968a\u80fd\u5920\u6df1\u5165\u4e86\u89e3\u5176\u6574\u9ad4\u5b89\u5168\u72c0\u614b\u3002\u300d<\/p>\n

API \u653b\u64ca\u7684\u4e0a\u5347\u8da8\u52e2\u4fc3\u4f7f\u958b\u653e\u5f0f Web \u61c9\u7528\u7a0b\u5f0f\u5b89\u5168\u9805\u76ee (Open Web Application Security Project; OWASP) \u5275\u9020\u4e86 OWASP API \u5b89\u5168\u5341\u5927\u6392\u884c\u699c\uff1a\u4e00\u4efd\u7279\u5225\u8207 API \u76f8\u95dc\u7684\u6700\u91cd\u8981\u5b89\u5168\u98a8\u96aa\u6e05\u55ae\uff0c\u65e8\u5728\u5e6b\u52a9\u7d44\u7e54\u4e86\u89e3\u4e26\u6e1b\u8f15\u8207 API \u5f31\u9ede\u76f8\u95dc\u7684\u98a8\u96aa\uff0c\u5176\u4e2d\u5305\u62ec\u7d44\u7e54\u5728\u4fdd\u8b77 API \u6642\u61c9\u5c08\u6ce8\u7684\u95dc\u9375\u9818\u57df\uff0c\u4f8b\u5982\u7834\u58de\u7684\u7269\u4ef6\u5c64\u7d1a\u6388\u6b0a (Broken Object Level Authorization; BOLA)\u3001\u904e\u5ea6\u8cc7\u6599\u66dd\u5149\uff0c\u4ee5\u53ca\u5b89\u5168\u6027\u932f\u8aa4\u8a2d\u5b9a\u7b49\u3002\u6839\u64da Salt Security \u7684 2024 \u5e74 API \u5b89\u5168\u72c0\u614b\u5831\u544a\uff0c80% \u7684\u653b\u64ca\u5617\u8a66\u5229\u7528\u4e00\u500b\u6216\u591a\u500b OWASP API \u524d 10 \u65b9\u6cd5\uff0c\u4f46\u53ea\u6709\u5927\u7d04 58% \u53d7\u8a2a\u8005\u5c07\u5176\u5b89\u5168\u6027\u52aa\u529b\u96c6\u4e2d\u5728\u9019\u500b\u5217\u8868\u4e0a\u3002<\/p>\n

Salt Security \u884c\u653f\u7e3d\u88c1\u66a8\u806f\u5408\u5275\u8fa6\u4eba Michael Nicosia<\/span> \u8868\u793a\uff1a\u300c\u96a8\u8457 API \u5b89\u5168\u4e8b\u6545\u548c\u6cd5\u898f\u76e3\u7763\u7684\u589e\u52a0\uff0c\u6a5f\u69cb\u9700\u8981\u5728\u5176 API \u751f\u614b\u7cfb\u7d71\u4e2d\u8b93\u5408\u898f\u6027\u6301\u7e8c\u4e0b\u53bb\u3002\u900f\u904e\u7d50\u5408 HCL AppScan \u5f37\u5927\u7684\u6383\u63cf\u529f\u80fd\u8207 Salt Security \u7684\u5373\u6642\u7ba1\u7406\u548c\u653b\u64ca\u9762\u7684\u53ef\u898b\u6027\uff0c\u5305\u62ec\u6211\u5011\u767c\u73fe\u7684\u7121\u6587\u4ef6\u548c\u5f71\u5b50 API\uff0c\u6211\u5011\u63d0\u4f9b\u7d71\u4e00\u7684\u6d1e\u5bdf\u5206\u6790\u548c\u5c0d\u6574\u500b API \u74b0\u5883\u66f4\u6df1\u5165\u7684\u80fd\u898b\u5ea6\u3002\u9019\u4f7f\u6a5f\u69cb\u80fd\u5920\u5728\u6574\u500b API \u751f\u547d\u9031\u671f\u4e2d\u4e3b\u52d5\u8b58\u5225\u98a8\u96aa\u4e26\u7dad\u6301\u9075\u5b88\u57fa\u672c\u6a19\u6e96\uff0c\u4f8b\u5982\u652f\u4ed8\u5361\u7522\u696d\u6578\u64da\u5b89\u5168\u6a19\u6e96 (PCI DSS)\u3001\u901a\u7528\u6578\u64da\u4fdd\u8b77\u689d\u4f8b (GDPR) \u548c\u5065\u5eb7\u4fdd\u96aa\u6d41\u901a\u8207\u8cac\u4efb\u6cd5\u6848 (HIPAA)\u3002\u300d<\/p>\n

HCL AppScan API Security \u53ef\u78ba\u4fdd 100\uff05 \u6db5\u84cb OWASP API \u5b89\u5168\u5341\u5927\u540d\u55ae\uff0c\u4e26\u70ba\u7d44\u7e54\u63d0\u4f9b\u773e\u591a\u529f\u80fd\uff0c\u4ee5\u5be6\u73fe\u66f4\u5f37\u5927\u7684 API \u5b89\u5168\uff0c\u5305\u62ec\uff1a<\/p>\n