{"id":21033,"date":"2024-08-07T16:38:36","date_gmt":"2024-08-07T09:38:36","guid":{"rendered":"https:\/\/vnso.vn\/?p=21033"},"modified":"2024-11-07T16:01:38","modified_gmt":"2024-11-07T09:01:38","slug":"ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall","status":"publish","type":"post","link":"https:\/\/vnso.vn\/en\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/","title":{"rendered":"Ng\u0103n Ch\u1eb7n T\u1ea5n C\u00f4ng SQL Injection v\u00e0 XSS v\u1edbi Web Application Firewall"},"content":{"rendered":"<p>V\u1edbi s\u1ef1 gia t\u0103ng c\u1ee7a c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng, vi\u1ec7c b\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng web c\u1ee7a b\u1ea1n kh\u00f4ng ch\u1ec9 l\u00e0 m\u1ed9t l\u1ef1a ch\u1ecdn m\u00e0 l\u00e0 m\u1ed9t nhu c\u1ea7u thi\u1ebft y\u1ebfu. Web Application Firewall ho\u1eb7c c\u00f2n \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 T\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng Web (WAF) ch\u00ednh l\u00e0 gi\u1ea3i ph\u00e1p t\u1ed1i \u01b0u \u0111\u1ec3 b\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng web kh\u1ecfi c\u00e1c m\u1ed1i \u0111e d\u1ecda t\u1eeb m\u1ea1ng. H\u00e3y c\u00f9ng <a href=\"https:\/\/vnso.vn\/en\/\">C\u00f4ng Ngh\u1ec7 VNSO<\/a> t\u00ecm hi\u1ec3u WAF l\u00e0 g\u00ec v\u00e0 c\u00e1ch n\u00f3 b\u1ea3o v\u1ec7 trang web c\u1ee7a b\u1ea1n qua b\u00e0i vi\u1ebft n\u00e0y.<\/p>\n<h2>Web Application Firewall (WAF) l\u00e0 g\u00ec?<\/h2>\n<p>WAF \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 b\u1ea3o v\u1ec7 c\u00e1c \u1ee9ng d\u1ee5ng web b\u1eb1ng c\u00e1ch gi\u00e1m s\u00e1t v\u00e0 l\u1ecdc l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp HTTP\/HTTPS gi\u1eefa \u1ee9ng d\u1ee5ng web v\u00e0 internet. T\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng Web (WAF) ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t l\u00e1 ch\u1eafn b\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng web kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng ph\u1ed5 bi\u1ebfn v\u00e0 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt. WAF b\u1ea3o v\u1ec7 c\u00e1c \u1ee9ng d\u1ee5ng web kh\u1ecfi nhi\u1ec1u lo\u1ea1i t\u1ea5n c\u00f4ng \u1edf t\u1ea7ng \u1ee9ng d\u1ee5ng (layer 7) nh\u01b0 cross-site scripting (XSS), SQL injection v\u00e0 c\u00e1c h\u00ecnh th\u1ee9c t\u1ea5n c\u00f4ng kh\u00e1c.<\/p>\n<h3>C\u00e1c lo\u1ea1i Web Application Firewall<\/h3>\n<ul>\n<li>WAF D\u1ef1a Tr\u00ean M\u1ea1ng (Network-based WAFs): Th\u01b0\u1eddng \u0111\u01b0\u1ee3c tri\u1ec3n khai d\u01b0\u1edbi d\u1ea1ng c\u00e1c thi\u1ebft b\u1ecb ph\u1ea7n c\u1ee9ng. Lo\u1ea1i n\u00e0y gi\u1ea3m thi\u1ec3u \u0111\u1ed9 tr\u1ec5 nh\u01b0ng s\u1ebd c\u00f3 chi ph\u00ed t\u1ed1n k\u00e9m nh\u1ea5t.<\/li>\n<li>WAF D\u1ef1a Tr\u00ean M\u00e1y Ch\u1ee7 (Host-based WAFs): \u0110\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t tr\u1ef1c ti\u1ebfp tr\u00ean c\u00e1c m\u00e1y ch\u1ee7 web d\u01b0\u1edbi d\u1ea1ng gi\u1ea3i ph\u00e1p ph\u1ea7n m\u1ec1m. C\u00f3 chi ph\u00ed th\u1ea5p h\u01a1n Network-based WAFs v\u00e0 cung c\u1ea5p nhi\u1ec1u l\u1ef1a ch\u1ecdn t\u00f9y ch\u1ec9nh c\u1ea5u h\u00ecnh.<\/li>\n<li>WAF D\u1ef1a Tr\u00ean \u0110\u00e1m M\u00e2y (Cloud-based WAFs): \u0110\u01b0\u1ee3c cung c\u1ea5p d\u01b0\u1edbi d\u1ea1ng d\u1ecbch v\u1ee5 c\u1ee7a b\u00ean th\u1ee9 ba, d\u1ec5 tri\u1ec3n khai v\u00e0 m\u1edf r\u1ed9ng.<\/li>\n<\/ul>\n<h2><strong>C\u00e1c<\/strong><strong> L\u1ed7 h\u1ed5ng \u1ee8ng D\u1ee5ng Ph\u1ed5 Bi\u1ebfn:<\/strong><\/h2>\n<p>T\u1ea5n c\u00f4ng \u1ee9ng d\u1ee5ng l\u00e0 nguy\u00ean nh\u00e2n h\u00e0ng \u0111\u1ea7u c\u1ee7a r\u00f2 r\u1ec9\/vi ph\u1ea1m d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m. Ngo\u00e0i vi\u1ec7c WAF ng\u0103n ch\u1eb7n t\u1ea5n c\u00f4ng SQL Injection v\u00e0 XSS, WAF c\u00f3 th\u1ec3 b\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng c\u1ee7a b\u1ea1n kh\u1ecfi nhi\u1ec1u l\u1ed7 h\u1ed5ng \u1ee9ng d\u1ee5ng kh\u00e1c.<\/p>\n<ul>\n<li>T\u1ea5n c\u00f4ng <a href=\"https:\/\/www.f5.com\/glossary\/sql-injection\"><strong>Injection <\/strong><\/a><\/li>\n<li>L\u1ed7i x\u00e1c th\u1ef1c<\/li>\n<li>L\u1ed9 d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m<\/li>\n<li>XML External Entities (XXE)<\/li>\n<li>L\u1ed7i ki\u1ec3m so\u00e1t truy c\u1eadp<\/li>\n<li>L\u1ed7i c\u1ea5u h\u00ecnh b\u1ea3o m\u1eadt<\/li>\n<li><a href=\"https:\/\/www.f5.com\/glossary\/cross-site-scripting\"><strong>Cross Site Scripting (XSS)<\/strong><\/a><\/li>\n<li>Insecure Deserialization<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>C\u00e1ch Web Application Firewall Ng\u0103n Ch\u1eb7n t\u1ea5n c\u00f4ng SQL Injection v\u00e0 XSS<\/h2>\n<p>M\u1ed9t WAF ho\u1ea1t \u0111\u1ed9ng d\u1ef1a theo 2 m\u00f4 h\u00ecnh b\u1ea3o m\u1eadt: Positive v\u00e0 Negative.<\/p>\n<p>M\u00f4 h\u00ecnh Positive ch\u1ec9 cho ph\u00e9p c\u00e1c l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp web h\u1ee3p l\u1ec7 \u0111\u01b0\u1ee3c \u0111\u1ecbnh ngh\u0129a s\u1eb5n \u0111i qua v\u00e0 ch\u1eb7n t\u1ea5t c\u1ea3 c\u00e1c l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp c\u00f2n l\u1ea1i.<\/p>\n<p>M\u00f4 h\u00ecnh Negative s\u1ebd cho ph\u00e9p t\u1ea5t c\u1ea3 c\u00e1c l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp web v\u01b0\u1ee3t qua v\u00e0 ch\u1ec9 ch\u1eb7n c\u00e1c l\u01b0u l\u01b0\u1ee3ng \u0111\u01b0\u1ee3c m\u00e0 WAF cho l\u00e0 nguy h\u1ea1i.<\/p>\n<p>\u0110\u00f4i khi c\u0169ng c\u00f3 c\u00e1c WAF cung c\u1ea5p c\u1ea3 2 m\u00f4 h\u00ecnh tr\u00ean, tuy nhi\u00ean th\u00f4ng th\u01b0\u1eddng WAF ch\u1ec9 cung c\u1ea5p 1 trong 2 m\u00f4 h\u00ecnh. V\u1edbi m\u00f4 h\u00ecnh Postitive th\u00ec \u0111\u00f2i h\u1ecfi nhi\u1ec1u c\u1ea5u h\u00ecnh v\u00e0 t\u00f9y ch\u1ec9nh, c\u00f2n m\u00f4 h\u00ecnh Negative ch\u1ee7 y\u1ebfu d\u1ef1a v\u00e0o kh\u1ea3 n\u0103ng h\u1ecdc h\u1ecfi v\u00e0 ph\u00e2n t\u00edch h\u00e0nh vi c\u1ee7a l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng.<\/p>\n<ol>\n<li>\n<h3><strong> SQL Injection<\/strong><\/h3>\n<\/li>\n<\/ol>\n<p>M\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng SQL injection l\u00e0 m\u1ed9t h\u00ecnh th\u1ee9c t\u1ea5n c\u00f4ng b\u1ea3o m\u1eadt trong \u0111\u00f3 k\u1ebb t\u1ea5n c\u00f4ng cung c\u1ea5p m\u00e3 Structured Query Language (SQL) d\u01b0\u1edbi d\u1ea1ng y\u00eau c\u1ea7u h\u00e0nh \u0111\u1ed9ng th\u00f4ng qua m\u1ed9t bi\u1ec3u m\u1eabu Web, tr\u1ef1c ti\u1ebfp \u0111\u1ebfn m\u1ed9t \u1ee9ng d\u1ee5ng Web \u0111\u1ec3 truy c\u1eadp v\u00e0o c\u01a1 s\u1edf d\u1eef li\u1ec7u v\u00e0\/ho\u1eb7c d\u1eef li\u1ec7u \u1ee9ng d\u1ee5ng back-end.<\/p>\n<p>\u0110i\u1ec1u n\u00e0y c\u00f3 th\u1ec3 g\u00e2y ra nh\u1eefng h\u00e0nh vi kh\u00f4ng mong mu\u1ed1n \u0111\u1ebfn \u1ee9ng d\u1ee5ng b\u1ecb nh\u1eafm \u0111\u1ebfn. Th\u00f4ng th\u01b0\u1eddng, lo\u1ea1i t\u1ea5n c\u00f4ng n\u00e0y th\u00e0nh c\u00f4ng do \u1ee9ng d\u1ee5ng Web thi\u1ebfu ki\u1ec3m tra \u0111\u1ea7u v\u00e0o c\u1ee7a ng\u01b0\u1eddi d\u00f9ng, cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng cung c\u1ea5p m\u00e3 \u1ee9ng d\u1ee5ng SQL trong c\u00e1c bi\u1ec3u m\u1eabu HTML thay v\u00ec c\u00e1c chu\u1ed7i v\u0103n b\u1ea3n b\u00ecnh th\u01b0\u1eddng, ch\u1eb3ng h\u1ea1n.<\/p>\n<p><strong>C\u00e1ch WAF ng\u0103n ch\u1eb7n SQL Injection<\/strong>:<\/p>\n<p>WAF c\u00f3 th\u1ec3 \u00e1p d\u1ee5ng c\u00e1c bi\u1ec7n ph\u00e1p l\u1ecdc v\u00e0 l\u00e0m s\u1ea1ch c\u00e1c \u0111\u1ea7u v\u00e0o t\u1eeb ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o r\u1eb1ng kh\u00f4ng c\u00f3 m\u00e3 SQL \u0111\u1ed9c h\u1ea1i \u0111\u01b0\u1ee3c th\u1ef1c thi. T\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng ki\u1ec3m tra c\u00e1c y\u00eau c\u1ea7u HTTP \u0111\u1ebfn \u0111\u1ec3 ph\u00e1t hi\u1ec7n c\u00e1c chu\u1ed7i k\u00fd t\u1ef1 \u0111\u00e1ng ng\u1edd ho\u1eb7c c\u00e1c m\u1eabu c\u00e2u l\u1ec7nh SQL \u0111\u1ed9c h\u1ea1i.<\/p>\n<p>WAF s\u1eed d\u1ee5ng c\u00e1c quy t\u1eafc b\u1ea3o m\u1eadt \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u1ecbnh ngh\u0129a s\u1eb5n \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh v\u00e0 ch\u1eb7n c\u00e1c y\u00eau c\u1ea7u ch\u1ee9a m\u00e3 SQL kh\u00f4ng h\u1ee3p l\u1ec7. Qu\u1ea3n tr\u1ecb vi\u00ean c\u00f3 th\u1ec3 t\u1ea1o v\u00e0 t\u00f9y ch\u1ec9nh c\u00e1c quy t\u1eafc ri\u00eang \u0111\u1ec3 ph\u00e1t hi\u1ec7n c\u00e1c lo\u1ea1i t\u1ea5n c\u00f4ng SQL Injection c\u1ee5 th\u1ec3 \u0111\u1ed1i v\u1edbi \u1ee9ng d\u1ee5ng c\u1ee7a h\u1ecd.<\/p>\n<ol start=\"2\">\n<li>\n<h3><strong> Cross-Site Scripting (XSS)<\/strong><\/h3>\n<\/li>\n<\/ol>\n<p>T\u1ea5n c\u00f4ng Cross-site Scripting (XSS ho\u1eb7c CSS) l\u00e0 m\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng v\u00e0o \u1ee9ng d\u1ee5ng Web nh\u1eb1m truy c\u1eadp v\u00e0o th\u00f4ng tin c\u00e1 nh\u00e2n b\u1eb1ng c\u00e1ch chuy\u1ec3n m\u00e3 \u0111\u1ed9c \u0111\u1ebfn ng\u01b0\u1eddi d\u00f9ng cu\u1ed1i th\u00f4ng qua c\u00e1c trang Web tin c\u1eady. Th\u00f4ng th\u01b0\u1eddng, lo\u1ea1i t\u1ea5n c\u00f4ng n\u00e0y th\u00e0nh c\u00f4ng do \u1ee9ng d\u1ee5ng Web kh\u00f4ng ki\u1ec3m tra \u0111\u1ea7u v\u00e0o c\u1ee7a ng\u01b0\u1eddi d\u00f9ng, cho ph\u00e9p ng\u01b0\u1eddi d\u00f9ng cung c\u1ea5p m\u00e3 \u1ee9ng d\u1ee5ng trong c\u00e1c bi\u1ec3u m\u1eabu HTML thay v\u00ec c\u00e1c chu\u1ed7i v\u0103n b\u1ea3n th\u00f4ng th\u01b0\u1eddng.<\/p>\n<p><strong>C\u00e1ch WAF ng\u0103n ch\u1eb7n XSS<\/strong>:<\/p>\n<p>Cho ph\u00e9p qu\u1ea3n tr\u1ecb vi\u00ean t\u00f9y ch\u1ec9nh c\u00e1c quy t\u1eafc \u0111\u1ec3 ph\u00f9 h\u1ee3p v\u1edbi c\u1ea5u tr\u00fac v\u00e0 nhu c\u1ea7u b\u1ea3o m\u1eadt c\u1ee7a \u1ee9ng d\u1ee5ng c\u1ee5 th\u1ec3.<\/p>\n<ul>\n<li><strong>Ki\u1ec3m Tra N\u1ed9i Dung HTML<\/strong>: WAF ph\u00e2n t\u00edch n\u1ed9i dung HTML c\u1ee7a c\u00e1c y\u00eau c\u1ea7u v\u00e0 ph\u1ea3n h\u1ed3i \u0111\u1ec3 ph\u00e1t hi\u1ec7n c\u00e1c \u0111o\u1ea1n m\u00e3 JavaScript ho\u1eb7c m\u00e3 HTML kh\u00f4ng mong mu\u1ed1n.<\/li>\n<li><strong>Ch\u1eb7n M\u00e3 \u0110\u1ed9c H\u1ea1i<\/strong>: WAF s\u1eed d\u1ee5ng c\u00e1c quy t\u1eafc \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh v\u00e0 ch\u1eb7n c\u00e1c \u0111o\u1ea1n m\u00e3 c\u00f3 th\u1ec3 g\u00e2y ra t\u1ea5n c\u00f4ng XSS.<\/li>\n<li><strong>M\u00e3 H\u00f3a K\u00fd T\u1ef1 \u0110\u1eb7c Bi\u1ec7t<\/strong>: WAF c\u00f3 th\u1ec3 t\u1ef1 \u0111\u1ed9ng m\u00e3 h\u00f3a c\u00e1c k\u00fd t\u1ef1 \u0111\u1eb7c bi\u1ec7t trong \u0111\u1ea7u v\u00e0o c\u1ee7a ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 ng\u0103n ch\u1eb7n m\u00e3 JavaScript kh\u00f4ng h\u1ee3p l\u1ec7 \u0111\u01b0\u1ee3c ch\u00e8n v\u00e0o trang web.<\/li>\n<\/ul>\n<h2>K\u1ebft Lu\u1eadn<\/h2>\n<p>Vi\u1ec7c tri\u1ec3n khai WAF l\u00e0 m\u1ed9t b\u01b0\u1edbc quan tr\u1ecdng \u0111\u1ec3 b\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng web c\u1ee7a b\u1ea1n kh\u1ecfi c\u00e1c m\u1ed1i \u0111e d\u1ecda. V\u1edbi kh\u1ea3 n\u0103ng gi\u00e1m s\u00e1t, l\u1ecdc l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp, v\u00e0 b\u1ea3o v\u1ec7 ch\u1ed1ng l\u1ea1i c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng ph\u1ed5 bi\u1ebfn, WAF \u0111\u1ea3m b\u1ea3o r\u1eb1ng doanh nghi\u1ec7p c\u1ee7a b\u1ea1n lu\u00f4n \u0111\u01b0\u1ee3c an to\u00e0n tr\u01b0\u1edbc nh\u1eefng nguy c\u01a1 t\u1eeb th\u1ebf gi\u1edbi m\u1ea1ng.<\/p>\n<h2>Contact Information<\/h2>\n<p>\u0110\u1ec3 t\u00ecm hi\u1ec3u th\u00f4ng tin v\u1ec1 m\u00e1y ch\u1ee7 v\u00e0 c\u00e1c d\u1ecbch v\u1ee5 Private Cloud, m\u00e1y ch\u1ee7 \u1ea3o, CDN, m\u00e1y ch\u1ee7 v\u1eadt l\u00fd\u2026 Qu\u00fd kh\u00e1ch vui l\u00f2ng li\u00ean h\u1ec7 ch\u00fang t\u00f4i theo th\u00f4ng tin d\u01b0\u1edbi \u0111\u00e2y:<\/p>\n<p><strong>VNSO TECHNOLOGY CO., LTD \u2013 SINCE 2015<\/strong><\/p>\n<ul>\n<li>Website:\u00a0<a href=\"https:\/\/vnso.vn\/en\/\">https:\/\/vnso.vn\/<\/a><\/li>\n<li>Hotline: 0929 000 444 | Email: info@vnso.vn<\/li>\n<li>Head Office: Lot O, No. 10, Street 15, Mi\u1ebfu N\u1ed5i Residential Area, Ward 3, B\u00ecnh Th\u1ea1nh District, HCMC<\/li>\n<li>VPGD \u0110\u00e0 N\u1eb5ng: 462 \u0110i\u1ec7n Bi\u00ean Ph\u1ee7, Q.Thanh Kh\u00ea, \u0110\u00e0 N\u1eb5ng<\/li>\n<li>VPGD H\u00e0 N\u1ed9i: S\u1ed1 7, Y\u00ean Th\u1ebf, P. V\u0103n Mi\u1ebfu, Q. \u0110\u1ed1ng \u0110a, H\u00e0 N\u1ed9i<\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>V\u1edbi s\u1ef1 gia t\u0103ng c\u1ee7a c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng, vi\u1ec7c b\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng web c\u1ee7a b\u1ea1n kh\u00f4ng ch\u1ec9 l\u00e0 m\u1ed9t l\u1ef1a ch\u1ecdn m\u00e0 l\u00e0 m\u1ed9t nhu c\u1ea7u thi\u1ebft y\u1ebfu. Web Application Firewall ho\u1eb7c c\u00f2n \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 T\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng Web (WAF) ch\u00ednh l\u00e0 gi\u1ea3i ph\u00e1p t\u1ed1i \u01b0u \u0111\u1ec3 b\u1ea3o v\u1ec7 \u1ee9ng [&hellip;]<\/p>","protected":false},"author":2,"featured_media":21039,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17,1],"tags":[498,497],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v20.3 (Yoast SEO v22.8) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Ng\u0103n Ch\u1eb7n T\u1ea5n C\u00f4ng SQL Injection v\u00e0 XSS v\u1edbi Web Application Firewall<\/title>\n<meta name=\"description\" content=\"Web Application Firewall ho\u1eb7c c\u00f2n \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 T\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng Web (WAF) ch\u00ednh l\u00e0 gi\u1ea3i ph\u00e1p \u0111\u1ec3 b\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng web kh\u1ecfi c\u00e1c m\u1ed1i \u0111e d\u1ecda m\u1ea1ng.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/vnso.vn\/en\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ng\u0103n Ch\u1eb7n T\u1ea5n C\u00f4ng SQL Injection v\u00e0 XSS v\u1edbi Web Application Firewall\" \/>\n<meta property=\"og:description\" content=\"Web Application Firewall ho\u1eb7c c\u00f2n \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 T\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng Web (WAF) ch\u00ednh l\u00e0 gi\u1ea3i ph\u00e1p \u0111\u1ec3 b\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng web kh\u1ecfi c\u00e1c m\u1ed1i \u0111e d\u1ecda m\u1ea1ng.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/vnso.vn\/en\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/\" \/>\n<meta property=\"og:site_name\" content=\"C\u00d4NG NGH\u1ec6 VNSO\u2122\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/VNSO.VN\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-07T09:38:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-11-07T09:01:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/vnso.vn\/wp-content\/uploads\/2024\/08\/Ngan-chan-tan-cong-SQL-Injection-va-XSS-voi-Web-Application-Firewall-3.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"624\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"vannguyen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"vannguyen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/\"},\"author\":{\"name\":\"vannguyen\",\"@id\":\"https:\/\/vnso.vn\/#\/schema\/person\/9c3e4c776d4cf5d9208ae6467a24adef\"},\"headline\":\"Ng\u0103n Ch\u1eb7n T\u1ea5n C\u00f4ng SQL Injection v\u00e0 XSS v\u1edbi Web Application Firewall\",\"datePublished\":\"2024-08-07T09:38:36+00:00\",\"dateModified\":\"2024-11-07T09:01:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/\"},\"wordCount\":1735,\"publisher\":{\"@id\":\"https:\/\/vnso.vn\/#organization\"},\"image\":{\"@id\":\"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/vnso.vn\/wp-content\/uploads\/2024\/08\/Ngan-chan-tan-cong-SQL-Injection-va-XSS-voi-Web-Application-Firewall-3.png\",\"keywords\":[\"firewall\",\"web application firewall\"],\"articleSection\":[\"Th\u00f4ng tin chung\",\"Tin t\u1ee9c\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/\",\"url\":\"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/\",\"name\":\"Ng\u0103n Ch\u1eb7n T\u1ea5n C\u00f4ng SQL Injection v\u00e0 XSS v\u1edbi Web Application Firewall\",\"isPartOf\":{\"@id\":\"https:\/\/vnso.vn\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/vnso.vn\/wp-content\/uploads\/2024\/08\/Ngan-chan-tan-cong-SQL-Injection-va-XSS-voi-Web-Application-Firewall-3.png\",\"datePublished\":\"2024-08-07T09:38:36+00:00\",\"dateModified\":\"2024-11-07T09:01:38+00:00\",\"description\":\"Web Application Firewall ho\u1eb7c c\u00f2n \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 T\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng Web (WAF) ch\u00ednh l\u00e0 gi\u1ea3i ph\u00e1p \u0111\u1ec3 b\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng web kh\u1ecfi c\u00e1c m\u1ed1i \u0111e d\u1ecda m\u1ea1ng.\",\"breadcrumb\":{\"@id\":\"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/#primaryimage\",\"url\":\"https:\/\/vnso.vn\/wp-content\/uploads\/2024\/08\/Ngan-chan-tan-cong-SQL-Injection-va-XSS-voi-Web-Application-Firewall-3.png\",\"contentUrl\":\"https:\/\/vnso.vn\/wp-content\/uploads\/2024\/08\/Ngan-chan-tan-cong-SQL-Injection-va-XSS-voi-Web-Application-Firewall-3.png\",\"width\":1200,\"height\":624,\"caption\":\"Ng\u0103n ch\u1eb7n t\u1ea5n c\u00f4ng SQL Injection v\u00e0 XSS v\u1edbi Web Application Firewall\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Trang ch\u1ee7\",\"item\":\"https:\/\/vnso.vn\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ng\u0103n Ch\u1eb7n T\u1ea5n C\u00f4ng SQL Injection v\u00e0 XSS v\u1edbi Web Application Firewall\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/vnso.vn\/#website\",\"url\":\"https:\/\/vnso.vn\/\",\"name\":\"C\u00d4NG NGH\u1ec6 VNSO\u2122\",\"description\":\"Private Cloud, VPS, Server v\u00e0 Gi\u1ea3i ph\u00e1p CNTT\",\"publisher\":{\"@id\":\"https:\/\/vnso.vn\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/vnso.vn\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/vnso.vn\/#organization\",\"name\":\"C\u00d4NG NGH\u1ec6 VNSO\u2122\",\"url\":\"https:\/\/vnso.vn\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/vnso.vn\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/vnso.vn\/wp-content\/uploads\/2024\/06\/VNSO-Logo-Social-2024.png\",\"contentUrl\":\"https:\/\/vnso.vn\/wp-content\/uploads\/2024\/06\/VNSO-Logo-Social-2024.png\",\"width\":1200,\"height\":1200,\"caption\":\"C\u00d4NG NGH\u1ec6 VNSO\u2122\"},\"image\":{\"@id\":\"https:\/\/vnso.vn\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/VNSO.VN\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/vnso.vn\/#\/schema\/person\/9c3e4c776d4cf5d9208ae6467a24adef\",\"name\":\"vannguyen\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/vnso.vn\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2f9b7bb825329ad21af9322d9f4936d1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2f9b7bb825329ad21af9322d9f4936d1?s=96&d=mm&r=g\",\"caption\":\"vannguyen\"},\"url\":\"https:\/\/vnso.vn\/en\/author\/vannguyen\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Ng\u0103n Ch\u1eb7n T\u1ea5n C\u00f4ng SQL Injection v\u00e0 XSS v\u1edbi Web Application Firewall","description":"Web Application Firewall ho\u1eb7c c\u00f2n \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 T\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng Web (WAF) ch\u00ednh l\u00e0 gi\u1ea3i ph\u00e1p \u0111\u1ec3 b\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng web kh\u1ecfi c\u00e1c m\u1ed1i \u0111e d\u1ecda m\u1ea1ng.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/vnso.vn\/en\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/","og_locale":"en_US","og_type":"article","og_title":"Ng\u0103n Ch\u1eb7n T\u1ea5n C\u00f4ng SQL Injection v\u00e0 XSS v\u1edbi Web Application Firewall","og_description":"Web Application Firewall ho\u1eb7c c\u00f2n \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 T\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng Web (WAF) ch\u00ednh l\u00e0 gi\u1ea3i ph\u00e1p \u0111\u1ec3 b\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng web kh\u1ecfi c\u00e1c m\u1ed1i \u0111e d\u1ecda m\u1ea1ng.","og_url":"https:\/\/vnso.vn\/en\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/","og_site_name":"C\u00d4NG NGH\u1ec6 VNSO\u2122","article_publisher":"https:\/\/www.facebook.com\/VNSO.VN","article_published_time":"2024-08-07T09:38:36+00:00","article_modified_time":"2024-11-07T09:01:38+00:00","og_image":[{"width":1200,"height":624,"url":"https:\/\/vnso.vn\/wp-content\/uploads\/2024\/08\/Ngan-chan-tan-cong-SQL-Injection-va-XSS-voi-Web-Application-Firewall-3.png","type":"image\/png"}],"author":"vannguyen","twitter_card":"summary_large_image","twitter_misc":{"Written by":"vannguyen","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/#article","isPartOf":{"@id":"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/"},"author":{"name":"vannguyen","@id":"https:\/\/vnso.vn\/#\/schema\/person\/9c3e4c776d4cf5d9208ae6467a24adef"},"headline":"Ng\u0103n Ch\u1eb7n T\u1ea5n C\u00f4ng SQL Injection v\u00e0 XSS v\u1edbi Web Application Firewall","datePublished":"2024-08-07T09:38:36+00:00","dateModified":"2024-11-07T09:01:38+00:00","mainEntityOfPage":{"@id":"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/"},"wordCount":1735,"publisher":{"@id":"https:\/\/vnso.vn\/#organization"},"image":{"@id":"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/#primaryimage"},"thumbnailUrl":"https:\/\/vnso.vn\/wp-content\/uploads\/2024\/08\/Ngan-chan-tan-cong-SQL-Injection-va-XSS-voi-Web-Application-Firewall-3.png","keywords":["firewall","web application firewall"],"articleSection":["Th\u00f4ng tin chung","Tin t\u1ee9c"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/","url":"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/","name":"Ng\u0103n Ch\u1eb7n T\u1ea5n C\u00f4ng SQL Injection v\u00e0 XSS v\u1edbi Web Application Firewall","isPartOf":{"@id":"https:\/\/vnso.vn\/#website"},"primaryImageOfPage":{"@id":"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/#primaryimage"},"image":{"@id":"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/#primaryimage"},"thumbnailUrl":"https:\/\/vnso.vn\/wp-content\/uploads\/2024\/08\/Ngan-chan-tan-cong-SQL-Injection-va-XSS-voi-Web-Application-Firewall-3.png","datePublished":"2024-08-07T09:38:36+00:00","dateModified":"2024-11-07T09:01:38+00:00","description":"Web Application Firewall ho\u1eb7c c\u00f2n \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0 T\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng Web (WAF) ch\u00ednh l\u00e0 gi\u1ea3i ph\u00e1p \u0111\u1ec3 b\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng web kh\u1ecfi c\u00e1c m\u1ed1i \u0111e d\u1ecda m\u1ea1ng.","breadcrumb":{"@id":"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/#primaryimage","url":"https:\/\/vnso.vn\/wp-content\/uploads\/2024\/08\/Ngan-chan-tan-cong-SQL-Injection-va-XSS-voi-Web-Application-Firewall-3.png","contentUrl":"https:\/\/vnso.vn\/wp-content\/uploads\/2024\/08\/Ngan-chan-tan-cong-SQL-Injection-va-XSS-voi-Web-Application-Firewall-3.png","width":1200,"height":624,"caption":"Ng\u0103n ch\u1eb7n t\u1ea5n c\u00f4ng SQL Injection v\u00e0 XSS v\u1edbi Web Application Firewall"},{"@type":"BreadcrumbList","@id":"https:\/\/vnso.vn\/ngan-chan-tan-cong-sql-injection-va-xss-voi-web-application-firewall\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Trang ch\u1ee7","item":"https:\/\/vnso.vn\/"},{"@type":"ListItem","position":2,"name":"Ng\u0103n Ch\u1eb7n T\u1ea5n C\u00f4ng SQL Injection v\u00e0 XSS v\u1edbi Web Application Firewall"}]},{"@type":"WebSite","@id":"https:\/\/vnso.vn\/#website","url":"https:\/\/vnso.vn\/","name":"C\u00d4NG NGH\u1ec6 VNSO\u2122","description":"Private Cloud, VPS, Server v\u00e0 Gi\u1ea3i ph\u00e1p CNTT","publisher":{"@id":"https:\/\/vnso.vn\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/vnso.vn\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/vnso.vn\/#organization","name":"C\u00d4NG NGH\u1ec6 VNSO\u2122","url":"https:\/\/vnso.vn\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/vnso.vn\/#\/schema\/logo\/image\/","url":"https:\/\/vnso.vn\/wp-content\/uploads\/2024\/06\/VNSO-Logo-Social-2024.png","contentUrl":"https:\/\/vnso.vn\/wp-content\/uploads\/2024\/06\/VNSO-Logo-Social-2024.png","width":1200,"height":1200,"caption":"C\u00d4NG NGH\u1ec6 VNSO\u2122"},"image":{"@id":"https:\/\/vnso.vn\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/VNSO.VN"]},{"@type":"Person","@id":"https:\/\/vnso.vn\/#\/schema\/person\/9c3e4c776d4cf5d9208ae6467a24adef","name":"vannguyen","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/vnso.vn\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/2f9b7bb825329ad21af9322d9f4936d1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2f9b7bb825329ad21af9322d9f4936d1?s=96&d=mm&r=g","caption":"vannguyen"},"url":"https:\/\/vnso.vn\/en\/author\/vannguyen\/"}]}},"_links":{"self":[{"href":"https:\/\/vnso.vn\/en\/wp-json\/wp\/v2\/posts\/21033"}],"collection":[{"href":"https:\/\/vnso.vn\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vnso.vn\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vnso.vn\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/vnso.vn\/en\/wp-json\/wp\/v2\/comments?post=21033"}],"version-history":[{"count":0,"href":"https:\/\/vnso.vn\/en\/wp-json\/wp\/v2\/posts\/21033\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vnso.vn\/en\/wp-json\/wp\/v2\/media\/21039"}],"wp:attachment":[{"href":"https:\/\/vnso.vn\/en\/wp-json\/wp\/v2\/media?parent=21033"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vnso.vn\/en\/wp-json\/wp\/v2\/categories?post=21033"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vnso.vn\/en\/wp-json\/wp\/v2\/tags?post=21033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}