https://yubo0826.github.io/categories/%E8%B3%87%E5%AE%89/ Recent content in 資安 on David Bo Blog Hugo zh-tw Tue, 17 Feb 2026 14:09:00 +0000 https://yubo0826.github.io/posts/app-scan%E8%B3%87%E5%AE%89%E9%A2%A8%E9%9A%AA%E8%A7%A3%E6%B1%BA%E7%B4%80%E9%8C%84%E4%B9%8B%E4%BA%8C-cookie%E4%B8%89%E5%A4%A7%E5%AE%89%E5%85%A8%E5%B1%AC%E6%80%A7-httponly-secure-samesite/ Fri, 20 Sep 2024 01:44:00 +0000 https://yubo0826.github.io/posts/app-scan%E8%B3%87%E5%AE%89%E9%A2%A8%E9%9A%AA%E8%A7%A3%E6%B1%BA%E7%B4%80%E9%8C%84%E4%B9%8B%E4%BA%8C-cookie%E4%B8%89%E5%A4%A7%E5%AE%89%E5%85%A8%E5%B1%AC%E6%80%A7-httponly-secure-samesite/ 降低Cookie資安風險有很重要的三個屬性，分別是HttpOnly、Secure以及SameSite，如果沒有設置合適的屬性，則會大大增加Cookie資訊招竊的風險。 https://yubo0826.github.io/posts/app-scan%E8%B3%87%E5%AE%89%E9%A2%A8%E9%9A%AA%E8%A7%A3%E6%B1%BA%E7%B4%80%E9%8C%84%E4%B9%8B%E4%B8%80-%E5%AD%90%E8%B3%87%E6%BA%90%E5%AE%8C%E6%95%B4%E6%80%A7-sri/ Thu, 19 Sep 2024 09:19:00 +0000 https://yubo0826.github.io/posts/app-scan%E8%B3%87%E5%AE%89%E9%A2%A8%E9%9A%AA%E8%A7%A3%E6%B1%BA%E7%B4%80%E9%8C%84%E4%B9%8B%E4%B8%80-%E5%AD%90%E8%B3%87%E6%BA%90%E5%AE%8C%E6%95%B4%E6%80%A7-sri/ 子資源完整性 (Subresource Integrity, SRI)，是一種瀏覽器的安全特性，確保”外部”來源加載的內容在傳輸過程中沒有被竄改。