{"id":7507,"date":"2023-08-08T16:48:01","date_gmt":"2023-08-08T09:48:01","guid":{"rendered":"https:\/\/vacif.com\/?p=7507"},"modified":"2024-06-24T04:02:15","modified_gmt":"2024-06-24T04:02:15","slug":"top-10-lo-hong-bao-mat-pho-bien-tren-nen-tang-web-cua-owasp-p2","status":"publish","type":"post","link":"https:\/\/vacif.com\/en\/top-10-lo-hong-bao-mat-pho-bien-tren-nen-tang-web-cua-owasp-p2\/","title":{"rendered":"TOP 10 L\u1ed6 H\u1ed4NG B\u1ea2O M\u1eacT PH\u1ed4 BI\u1ebeN TR\u00caN N\u1ec0N T\u1ea2NG WEB C\u1ee6A OWASP (P2)"},"content":{"rendered":"\n

N\u1ed9i dung b\u00e0i vi\u1ebft :<\/strong><\/p>\n\n\n\n

1. Top 10 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt ph\u1ed5 bi\u1ebfn tr\u00ean c\u00e1c trang web theo OWASP<\/strong><\/p>\n\n\n\n

Top 10 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt ph\u1ed5 bi\u1ebfn tr\u00ean n\u1ec1n t\u1ea3ng web c\u1ee7a owasp (p1) m\u1ecdi ng\u01b0\u1eddi xem t\u1ea1i \u0111\u00e2y :<\/strong><\/p>\n\n\n\n

\nhttp:\/\/aws.vacif.com\/blog\/top-10-lo-hong-bao-mat-pho-bien-tren-nen-tang-web-cua-owasp-p1\/\n<\/div><\/figure>\n\n\n\n

1.6 Security Misconfiguration (C\u1ea5u h\u00ecnh b\u1ea3o m\u1eadt kh\u00f4ng \u0111\u00fang)<\/strong><\/p>\n\n\n

\n
\"\"<\/figure>\n<\/div>\n\n\n

L\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng xu\u1ea5t hi\u1ec7n khi c\u1ea5u h\u00ecnh h\u1ec7 th\u1ed1ng, \u1ee9ng d\u1ee5ng ho\u1eb7c m\u00e1y ch\u1ee7 kh\u00f4ng \u0111\u00fang c\u00e1ch, d\u1eabn \u0111\u1ebfn vi\u1ec7c m\u1edf c\u1eeda cho c\u00e1c t\u1ea5n c\u00f4ng v\u00e0 truy c\u1eadp tr\u00e1i ph\u00e9p.<\/p>\n\n\n\n

M\u00f4 t\u1ea3:<\/strong> L\u1ed7i c\u1ea5u h\u00ecnh b\u1ea3o m\u1eadt kh\u00f4ng \u0111\u00fang x\u1ea3y ra khi c\u00e1c thi\u1ebft l\u1eadp, c\u1ea5u h\u00ecnh v\u00e0 m\u1eb7c \u0111\u1ecbnh c\u1ee7a h\u1ec7 th\u1ed1ng, \u1ee9ng d\u1ee5ng ho\u1eb7c m\u00e1y ch\u1ee7 kh\u00f4ng \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7 \u0111\u00fang c\u00e1ch. \u0110i\u1ec1u n\u00e0y c\u00f3 th\u1ec3 bao g\u1ed3m vi\u1ec7c \u0111\u1ec3 l\u1ea1i m\u1eb7c \u0111\u1ecbnh c\u1ee7a c\u01a1 s\u1edf d\u1eef li\u1ec7u, m\u00e1y ch\u1ee7, th\u01b0 vi\u1ec7n, ho\u1eb7c th\u1eadm ch\u00ed m\u1edf quy\u1ec1n truy c\u1eadp kh\u00f4ng \u0111\u00e1ng cho ph\u00e9p.<\/p>\n\n\n\n

Nguy c\u01a1: L\u1ed7i c\u1ea5u h\u00ecnh b\u1ea3o m\u1eadt kh\u00f4ng \u0111\u00fang c\u00f3 th\u1ec3 g\u00e2y ra c\u00e1c v\u1ea5n \u0111\u1ec1 nghi\u00eam tr\u1ecdng, bao g\u1ed3m:<\/strong><\/p>\n\n\n\n

    \n
  • Truy c\u1eadp tr\u00e1i ph\u00e9p:<\/strong> K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 t\u00ecm ra c\u00e1c \u0111i\u1ec3m y\u1ebfu trong c\u1ea5u h\u00ecnh kh\u00f4ng \u0111\u00fang v\u00e0 ti\u1ebfn h\u00e0nh t\u1ea5n c\u00f4ng truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0o h\u1ec7 th\u1ed1ng.<\/li>\n\n\n\n
  • R\u00f2 r\u1ec9 th\u00f4ng tin nh\u1ea1y c\u1ea3m:<\/strong> C\u1ea5u h\u00ecnh kh\u00f4ng \u0111\u00fang c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn vi\u1ec7c r\u00f2 r\u1ec9 th\u00f4ng tin nh\u1ea1y c\u1ea3m nh\u01b0 t\u00ean ng\u01b0\u1eddi d\u00f9ng, m\u1eadt kh\u1ea9u, v\u00e0 d\u1eef li\u1ec7u kh\u00e1c.<\/li>\n\n\n\n
  • Th\u1ef1c thi m\u00e3 t\u1eeb xa (RCE):<\/strong> N\u1ebfu m\u00e1y ch\u1ee7 ho\u1eb7c \u1ee9ng d\u1ee5ng \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh sai, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 th\u1ef1c thi m\u00e3 \u0111\u1ed9c t\u1eeb xa tr\u00ean h\u1ec7 th\u1ed1ng.<\/li>\n\n\n\n
  • T\u1ea5n c\u00f4ng denial-of-service (DoS):<\/strong> C\u1ea5u h\u00ecnh sai c\u00f3 th\u1ec3 t\u1ea1o \u0111i\u1ec1u ki\u1ec7n thu\u1eadn l\u1ee3i cho t\u1ea5n c\u00f4ng t\u1eeb ch\u1ed1i d\u1ecbch v\u1ee5 b\u1eb1ng c\u00e1ch \u00e1p \u0111\u1eb7t t\u1ea3i l\u1edbn l\u00ean h\u1ec7 th\u1ed1ng.<\/li>\n<\/ul>\n\n\n\n

    Ph\u00f2ng ng\u1eeba: \u0110\u1ec3 ng\u0103n ch\u1eb7n l\u1ed7i c\u1ea5u h\u00ecnh b\u1ea3o m\u1eadt kh\u00f4ng \u0111\u00fang, c\u1ea7n tu\u00e2n th\u1ee7 c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt sau:<\/strong><\/p>\n\n\n\n

      \n
    • Thi\u1ebft l\u1eadp c\u1ea5u h\u00ecnh an to\u00e0n:<\/strong> \u0110\u1ea3m b\u1ea3o r\u1eb1ng c\u1ea5u h\u00ecnh c\u1ee7a h\u1ec7 th\u1ed1ng, \u1ee9ng d\u1ee5ng v\u00e0 m\u00e1y ch\u1ee7 \u0111\u01b0\u1ee3c thi\u1ebft l\u1eadp an to\u00e0n v\u00e0 \u0111\u00fang c\u00e1ch.<\/li>\n\n\n\n
    • Lo\u1ea1i b\u1ecf c\u00e1c c\u1ea5u h\u00ecnh m\u1eb7c \u0111\u1ecbnh:<\/strong> Lo\u1ea1i b\u1ecf ho\u1eb7c c\u1ea5u h\u00ecnh l\u1ea1i c\u00e1c thi\u1ebft l\u1eadp m\u1eb7c \u0111\u1ecbnh kh\u00f4ng an to\u00e0n c\u1ee7a h\u1ec7 th\u1ed1ng, \u1ee9ng d\u1ee5ng v\u00e0 m\u00e1y ch\u1ee7.<\/li>\n\n\n\n
    • C\u1eadp nh\u1eadt v\u00e0 ki\u1ec3m tra b\u1ea3o m\u1eadt \u0111\u1ecbnh k\u1ef3:<\/strong> \u0110\u1ea3m b\u1ea3o r\u1eb1ng c\u00e1c c\u1ea5u h\u00ecnh \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt v\u00e0 ki\u1ec3m tra b\u1ea3o m\u1eadt \u0111\u1ecbnh k\u1ef3 \u0111\u1ec3 ng\u0103n ch\u1eb7n c\u00e1c l\u1ed7 h\u1ed5ng ti\u1ec1m \u1ea9n.<\/li>\n\n\n\n
    • Ki\u1ec3m tra c\u1ea5u h\u00ecnh \u0111\u1ed9c l\u1eadp:<\/strong> Th\u1ef1c hi\u1ec7n ki\u1ec3m tra b\u1ea3o m\u1eadt ri\u00eang bi\u1ec7t cho c\u1ea5u h\u00ecnh \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh c\u00e1c thi\u1ebft l\u1eadp kh\u00f4ng \u0111\u00fang c\u00e1ch v\u00e0 \u0111i\u1ec3m y\u1ebfu.<\/li>\n<\/ul>\n\n\n\n

      1.7 Cross-Site Scripting (XSS)<\/strong><\/p>\n\n\n

      \n
      \"\"<\/figure>\n<\/div>\n\n\n

      L\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nguy hi\u1ec3m x\u1ea3y ra khi \u1ee9ng d\u1ee5ng kh\u00f4ng x\u1eed l\u00fd \u0111\u00fang c\u00e1ch d\u1eef li\u1ec7u nh\u1eadp v\u00e0o t\u1eeb ng\u01b0\u1eddi d\u00f9ng, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng ch\u00e8n m\u00e3 \u0111\u1ed9c JavaScript ho\u1eb7c m\u00e3 \u0111\u1ed9c kh\u00e1c v\u00e0o trang web.<\/p>\n\n\n\n

      M\u00f4 t\u1ea3:<\/strong> T\u1ea5n c\u00f4ng XSS x\u1ea3y ra khi \u1ee9ng d\u1ee5ng web kh\u00f4ng th\u1ec3 l\u1ecdc v\u00e0 m\u00e3 h\u00f3a \u0111\u00fang c\u00e1ch d\u1eef li\u1ec7u nh\u1eadp v\u00e0o t\u1eeb ng\u01b0\u1eddi d\u00f9ng, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng ch\u00e8n m\u00e3 \u0111\u1ed9c v\u00e0o trang web. Khi ng\u01b0\u1eddi d\u00f9ng kh\u00e1c truy c\u1eadp trang web ch\u1ee9a m\u00e3 \u0111\u1ed9c, m\u00e3 \u0111\u1ed9c c\u00f3 th\u1ec3 th\u1ef1c thi tr\u00ean tr\u00ecnh duy\u1ec7t c\u1ee7a h\u1ecd, \u0111\u00e1nh c\u1eafp th\u00f4ng tin ho\u1eb7c th\u1eadm ch\u00ed ki\u1ec3m so\u00e1t t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng.<\/p>\n\n\n\n

      Nguy c\u01a1: T\u1ea5n c\u00f4ng XSS c\u00f3 th\u1ec3 g\u00e2y ra c\u00e1c v\u1ea5n \u0111\u1ec1 nghi\u00eam tr\u1ecdng, bao g\u1ed3m:<\/strong><\/p>\n\n\n\n

        \n
      • \u0110\u00e1nh c\u1eafp th\u00f4ng tin ng\u01b0\u1eddi d\u00f9ng:<\/strong> K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n m\u00e3 \u0111\u1ed9c \u0111\u1ec3 \u0111\u00e1nh c\u1eafp th\u00f4ng tin c\u00e1 nh\u00e2n c\u1ee7a ng\u01b0\u1eddi d\u00f9ng nh\u01b0 t\u00ean \u0111\u0103ng nh\u1eadp, m\u1eadt kh\u1ea9u, th\u00f4ng tin th\u1ebb t\u00edn d\u1ee5ng, v\u00e0 nhi\u1ec1u th\u00f4ng tin kh\u00e1c.<\/li>\n\n\n\n
      • Suy y\u1ebfu t\u00ednh to\u00e0n v\u1eb9n c\u1ee7a trang web:<\/strong> M\u00e3 \u0111\u1ed9c c\u00f3 th\u1ec3 thay \u0111\u1ed5i n\u1ed9i dung trang web, g\u00e2y \u1ea3nh h\u01b0\u1edfng ti\u00eau \u00e2m \u0111\u1ebfn uy t\u00edn c\u1ee7a trang web.<\/li>\n\n\n\n
      • Th\u1ef1c thi t\u1ea5n c\u00f4ng t\u1eeb xa (RCE):<\/strong> T\u1ea5n c\u00f4ng XSS c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn th\u1ef1c thi m\u00e3 \u0111\u1ed9c t\u1eeb xa tr\u00ean m\u00e1y ng\u01b0\u1eddi d\u00f9ng, g\u00e2y ra c\u00e1c h\u00e0nh \u0111\u1ed9ng x\u00e2m nh\u1eadp.<\/li>\n\n\n\n
      • L\u1eeba \u0111\u1ea3o ng\u01b0\u1eddi d\u00f9ng:<\/strong> K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 t\u1ea1o ra c\u00e1c trang web gi\u1ea3 m\u1ea1o \u0111\u1ec3 l\u1eeba \u0111\u1ea3o ng\u01b0\u1eddi d\u00f9ng v\u00e0 \u0111\u00e1nh c\u1eafp th\u00f4ng tin.<\/li>\n<\/ul>\n\n\n\n

        Ph\u00f2ng ng\u1eeba: \u0110\u1ec3 ng\u0103n ch\u1eb7n t\u1ea5n c\u00f4ng Cross-Site Scripting (XSS), c\u1ea7n tu\u00e2n th\u1ee7 c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt sau:<\/strong><\/p>\n\n\n\n

          \n
        • M\u00e3 h\u00f3a v\u00e0 ki\u1ec3m tra d\u1eef li\u1ec7u \u0111\u1ea7u v\u00e0o:<\/strong> Ki\u1ec3m tra v\u00e0 m\u00e3 h\u00f3a \u0111\u00fang c\u00e1ch d\u1eef li\u1ec7u nh\u1eadp v\u00e0o t\u1eeb ng\u01b0\u1eddi d\u00f9ng \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o r\u1eb1ng kh\u00f4ng c\u00f3 m\u00e3 \u0111\u1ed9c \u0111\u01b0\u1ee3c ch\u00e8n v\u00e0o.<\/li>\n\n\n\n
        • S\u1eed d\u1ee5ng th\u01b0 vi\u1ec7n an to\u00e0n:<\/strong> S\u1eed d\u1ee5ng th\u01b0 vi\u1ec7n m\u00e3 h\u00f3a v\u00e0 x\u1eed l\u00fd HTML an to\u00e0n \u0111\u1ec3 ng\u0103n ch\u1eb7n m\u00e3 \u0111\u1ed9c XSS.<\/li>\n\n\n\n
        • Ch\u1eb7n c\u1eeda s\u1ed5 popup (pop-up windows):<\/strong> Ch\u1eb7n vi\u1ec7c s\u1eed d\u1ee5ng c\u1eeda s\u1ed5 popup kh\u00f4ng c\u1ea7n thi\u1ebft ho\u1eb7c c\u00f3 th\u1ec3 b\u1ecb l\u1ee3i d\u1ee5ng \u0111\u1ec3 th\u1ef1c hi\u1ec7n t\u1ea5n c\u00f4ng.<\/li>\n\n\n\n
        • S\u1eed d\u1ee5ng Content Security Policy (CSP):<\/strong> S\u1eed d\u1ee5ng CSP \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh c\u00e1c ngu\u1ed3n t\u00e0i nguy\u00ean h\u1ee3p l\u1ec7 m\u00e0 trang web c\u00f3 th\u1ec3 t\u1ea3i, gi\u00fap ng\u0103n ch\u1eb7n t\u1ea3i c\u00e1c ngu\u1ed3n kh\u00f4ng an to\u00e0n.<\/li>\n\n\n\n
        • T\u1ef1 \u0111\u1ed9ng ki\u1ec3m tra b\u1ea3o m\u1eadt:<\/strong> S\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 ki\u1ec3m tra b\u1ea3o m\u1eadt t\u1ef1 \u0111\u1ed9ng \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh c\u00e1c l\u1ed7 h\u1ed5ng XSS v\u00e0 c\u00e1c v\u1ea5n \u0111\u1ec1 b\u1ea3o m\u1eadt kh\u00e1c.<\/li>\n<\/ul>\n\n\n\n

          1.8 Insecure Deserialization (Kh\u00f4ng an to\u00e0n khi gi\u1ea3i m\u00e3 \u0111\u1ed1i t\u01b0\u1ee3ng)<\/strong><\/p>\n\n\n

          \n
          \"\"<\/figure>\n<\/div>\n\n\n

          L\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng x\u1ea3y ra khi \u1ee9ng d\u1ee5ng kh\u00f4ng ki\u1ec3m tra v\u00e0 x\u00e1c th\u1ef1c \u0111\u00fang c\u00e1ch d\u1eef li\u1ec7u khi gi\u1ea3i m\u00e3 \u0111\u1ed1i t\u01b0\u1ee3ng, d\u1eabn \u0111\u1ebfn nguy c\u01a1 th\u1ef1c thi m\u00e3 \u0111\u1ed9c ho\u1eb7c t\u1ea5n c\u00f4ng t\u1eeb xa.<\/p>\n\n\n\n

          M\u00f4 t\u1ea3:<\/strong> Kh\u00f4ng an to\u00e0n khi gi\u1ea3i m\u00e3 \u0111\u1ed1i t\u01b0\u1ee3ng x\u1ea3y ra khi d\u1eef li\u1ec7u \u0111\u1ed1i t\u01b0\u1ee3ng kh\u00f4ng \u0111\u01b0\u1ee3c ki\u1ec3m tra v\u00e0 x\u00e1c th\u1ef1c \u0111\u00fang c\u00e1ch tr\u01b0\u1edbc khi \u0111\u01b0\u1ee3c gi\u1ea3i m\u00e3. K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 ch\u00e8n d\u1eef li\u1ec7u \u0111\u1ed9c h\u1ea1i ho\u1eb7c t\u1ea5n c\u00f4ng trong d\u1eef li\u1ec7u \u0111\u01b0\u1ee3c g\u1eedi t\u1edbi \u1ee9ng d\u1ee5ng, d\u1eabn \u0111\u1ebfn th\u1ef1c thi m\u00e3 \u0111\u1ed9c ho\u1eb7c th\u1eadm ch\u00ed ki\u1ec3m so\u00e1t m\u00e1y ch\u1ee7 t\u1eeb xa.<\/p>\n\n\n\n

          Nguy c\u01a1: Kh\u00f4ng an to\u00e0n khi gi\u1ea3i m\u00e3 \u0111\u1ed1i t\u01b0\u1ee3ng c\u00f3 th\u1ec3 g\u00e2y ra c\u00e1c v\u1ea5n \u0111\u1ec1 nghi\u00eam tr\u1ecdng, bao g\u1ed3m:<\/strong><\/p>\n\n\n\n

            \n
          • Th\u1ef1c thi m\u00e3 \u0111\u1ed9c:<\/strong> K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 ch\u00e8n m\u00e3 \u0111\u1ed9c v\u00e0o d\u1eef li\u1ec7u \u0111\u1ed1i t\u01b0\u1ee3ng, khi\u1ebfn cho \u1ee9ng d\u1ee5ng th\u1ef1c thi m\u00e3 \u0111\u1ed9c khi gi\u1ea3i m\u00e3 \u0111\u1ed1i t\u01b0\u1ee3ng.<\/li>\n\n\n\n
          • T\u1ea5n c\u00f4ng t\u1eeb xa:<\/strong> K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 ch\u00e8n c\u00e1c t\u00e0i li\u1ec7u \u0111\u1ed9c h\u1ea1i v\u00e0o d\u1eef li\u1ec7u \u0111\u1ed1i t\u01b0\u1ee3ng, g\u00e2y ra c\u00e1c t\u1ea5n c\u00f4ng t\u1eeb xa v\u00e0 ki\u1ec3m so\u00e1t m\u00e1y ch\u1ee7 ho\u1eb7c h\u1ec7 th\u1ed1ng.<\/li>\n\n\n\n
          • Thay \u0111\u1ed5i d\u1eef li\u1ec7u:<\/strong> K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 thay \u0111\u1ed5i d\u1eef li\u1ec7u \u0111\u1ed1i t\u01b0\u1ee3ng \u0111\u1ec3 g\u00e2y \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn t\u00ednh to\u00e0n v\u1eb9n c\u1ee7a d\u1eef li\u1ec7u.<\/li>\n<\/ul>\n\n\n\n

            Ph\u00f2ng ng\u1eeba: \u0110\u1ec3 ng\u0103n ch\u1eb7n kh\u00f4ng an to\u00e0n khi gi\u1ea3i m\u00e3 \u0111\u1ed1i t\u01b0\u1ee3ng, c\u1ea7n tu\u00e2n th\u1ee7 c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt sau:<\/strong><\/p>\n\n\n\n

              \n
            • Ki\u1ec3m tra v\u00e0 x\u00e1c th\u1ef1c d\u1eef li\u1ec7u:<\/strong> Ki\u1ec3m tra v\u00e0 x\u00e1c th\u1ef1c \u0111\u00fang c\u00e1ch d\u1eef li\u1ec7u \u0111\u1ed1i t\u01b0\u1ee3ng tr\u01b0\u1edbc khi gi\u1ea3i m\u00e3, \u0111\u1ea3m b\u1ea3o r\u1eb1ng d\u1eef li\u1ec7u l\u00e0 h\u1ee3p l\u1ec7 v\u00e0 kh\u00f4ng ch\u1ee9a m\u00e3 \u0111\u1ed9c.<\/li>\n\n\n\n
            • S\u1eed d\u1ee5ng th\u01b0 vi\u1ec7n an to\u00e0n:<\/strong> S\u1eed d\u1ee5ng th\u01b0 vi\u1ec7n v\u00e0 c\u00f4ng c\u1ee5 gi\u1ea3i m\u00e3 an to\u00e0n, c\u00f3 kh\u1ea3 n\u0103ng ki\u1ec3m tra d\u1eef li\u1ec7u \u0111\u1ed1i t\u01b0\u1ee3ng tr\u01b0\u1edbc khi gi\u1ea3i m\u00e3.<\/li>\n\n\n\n
            • T\u1ed1i gi\u1ea3n h\u00f3a gi\u1ea3i m\u00e3 \u0111\u1ed1i t\u01b0\u1ee3ng:<\/strong> H\u1ea1n ch\u1ebf vi\u1ec7c gi\u1ea3i m\u00e3 \u0111\u1ed1i t\u01b0\u1ee3ng ch\u1ec9 cho nh\u1eefng d\u1eef li\u1ec7u c\u1ea7n thi\u1ebft, gi\u1ea3m nguy c\u01a1 c\u00e1c t\u1ea5n c\u00f4ng t\u1eeb vi\u1ec7c gi\u1ea3i m\u00e3 d\u1eef li\u1ec7u kh\u00f4ng c\u1ea7n thi\u1ebft.<\/li>\n\n\n\n
            • Kho\u00e1 l\u1ea1i quy\u1ec1n truy c\u1eadp \u0111\u1ed1i t\u01b0\u1ee3ng:<\/strong> \u0110\u1ea3m b\u1ea3o r\u1eb1ng ch\u1ec9 c\u00f3 ng\u01b0\u1eddi d\u00f9ng v\u00e0 ph\u1ea7n m\u1ec1m c\u00f3 quy\u1ec1n c\u1ea7n thi\u1ebft m\u1edbi c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0 gi\u1ea3i m\u00e3 \u0111\u1ed1i t\u01b0\u1ee3ng.<\/li>\n<\/ul>\n\n\n\n

              1.9 Using Components with Known Vulnerabilities (S\u1eed d\u1ee5ng th\u00e0nh ph\u1ea7n c\u00f3 l\u1ed7 h\u1ed5ng \u0111\u00e3 bi\u1ebft)<\/strong><\/p>\n\n\n

              \n
              \"\"<\/figure>\n<\/div>\n\n\n

              L\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nguy hi\u1ec3m x\u1ea3y ra khi \u1ee9ng d\u1ee5ng s\u1eed d\u1ee5ng c\u00e1c th\u00e0nh ph\u1ea7n, th\u01b0 vi\u1ec7n ho\u1eb7c ph\u1ea7n m\u1ec1m c\u00f3 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u00e3 bi\u1ebft m\u00e0 kh\u00f4ng \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt ho\u1eb7c v\u00e1.<\/p>\n\n\n\n

              M\u00f4 t\u1ea3:<\/strong> Khi \u1ee9ng d\u1ee5ng s\u1eed d\u1ee5ng c\u00e1c th\u00e0nh ph\u1ea7n b\u00ean ngo\u00e0i nh\u01b0 th\u01b0 vi\u1ec7n, framework ho\u1eb7c c\u00e1c ph\u1ea7n m\u1ec1m m\u1edf r\u1ed9ng, v\u00e0 nh\u1eefng th\u00e0nh ph\u1ea7n n\u00e0y c\u00f3 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u00e3 bi\u1ebft, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 t\u00ecm ra v\u00e0 khai th\u00e1c nh\u1eefng l\u1ed7 h\u1ed5ng n\u00e0y \u0111\u1ec3 t\u1ea5n c\u00f4ng h\u1ec7 th\u1ed1ng.<\/p>\n\n\n\n

              Nguy c\u01a1: S\u1eed d\u1ee5ng th\u00e0nh ph\u1ea7n c\u00f3 l\u1ed7 h\u1ed5ng \u0111\u00e3 bi\u1ebft c\u00f3 th\u1ec3 g\u00e2y ra c\u00e1c v\u1ea5n \u0111\u1ec1 nghi\u00eam tr\u1ecdng, bao g\u1ed3m:<\/strong><\/p>\n\n\n\n

                \n
              • T\u1ea5n c\u00f4ng t\u1eeb xa:<\/strong> K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng l\u1ed7 h\u1ed5ng trong th\u00e0nh ph\u1ea7n \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng t\u1eeb xa, ki\u1ec3m so\u00e1t h\u1ec7 th\u1ed1ng ho\u1eb7c truy c\u1eadp d\u1eef li\u1ec7u.<\/li>\n\n\n\n
              • Th\u1ef1c thi m\u00e3 \u0111\u1ed9c:<\/strong> K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng l\u1ed7 h\u1ed5ng trong th\u00e0nh ph\u1ea7n \u0111\u1ec3 th\u1ef1c thi m\u00e3 \u0111\u1ed9c tr\u00ean m\u00e1y ch\u1ee7 ho\u1eb7c m\u00e1y kh\u00e1ch.<\/li>\n\n\n\n
              • R\u00f2 r\u1ec9 th\u00f4ng tin:<\/strong> L\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn r\u00f2 r\u1ec9 th\u00f4ng tin nh\u1ea1y c\u1ea3m ho\u1eb7c b\u00ed m\u1eadt.<\/li>\n<\/ul>\n\n\n\n

                Ph\u00f2ng ng\u1eeba: \u0110\u1ec3 ng\u0103n ch\u1eb7n s\u1eed d\u1ee5ng th\u00e0nh ph\u1ea7n c\u00f3 l\u1ed7 h\u1ed5ng \u0111\u00e3 bi\u1ebft, c\u1ea7n tu\u00e2n th\u1ee7 c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt sau:<\/strong><\/p>\n\n\n\n

                  \n
                • Gi\u00e1m s\u00e1t v\u00e0 c\u1eadp nh\u1eadt:<\/strong> Theo d\u00f5i c\u00e1c t\u00e0i li\u1ec7u b\u1ea3o m\u1eadt, th\u00f4ng b\u00e1o v\u1ec1 l\u1ed7 h\u1ed5ng v\u00e0 c\u1eadp nh\u1eadt th\u01b0\u1eddng xuy\u00ean c\u00e1c th\u00e0nh ph\u1ea7n v\u00e0 th\u01b0 vi\u1ec7n \u0111\u00e3 s\u1eed d\u1ee5ng.<\/li>\n\n\n\n
                • Ki\u1ec3m tra th\u00e0nh ph\u1ea7n:<\/strong> S\u1eed d\u1ee5ng c\u00e1c c\u00f4ng c\u1ee5 ki\u1ec3m tra t\u1ef1 \u0111\u1ed9ng \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh c\u00e1c th\u00e0nh ph\u1ea7n c\u00f3 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u00e3 bi\u1ebft.<\/li>\n\n\n\n
                • Lo\u1ea1i b\u1ecf ho\u1eb7c v\u00e1 c\u00e1c l\u1ed7 h\u1ed5ng:<\/strong> N\u1ebfu c\u00f3 s\u1eb5n c\u00e1c b\u1ea3n v\u00e1 ho\u1eb7c phi\u00ean b\u1ea3n kh\u00f4ng c\u00f3 l\u1ed7 h\u1ed5ng, c\u1eadp nh\u1eadt ngay \u0111\u1ec3 lo\u1ea1i b\u1ecf l\u1ed7 h\u1ed5ng.<\/li>\n\n\n\n
                • Gi\u1edbi h\u1ea1n quy\u1ec1n truy c\u1eadp:<\/strong> \u0110\u1ea3m b\u1ea3o r\u1eb1ng th\u00e0nh ph\u1ea7n b\u00ean ngo\u00e0i ch\u1ec9 c\u00f3 quy\u1ec1n truy c\u1eadp t\u1ed1i thi\u1ec3u v\u00e0o h\u1ec7 th\u1ed1ng.<\/li>\n\n\n\n
                • S\u1eed d\u1ee5ng c\u01a1 ch\u1ebf b\u1ea3o m\u1eadt kh\u00e1c nhau:<\/strong> S\u1eed d\u1ee5ng c\u00e1c c\u01a1 ch\u1ebf b\u1ea3o m\u1eadt nh\u01b0 sandboxing, c\u00e1ch ly ho\u1eb7c ki\u1ec3m tra c\u1ea5u h\u00ecnh \u0111\u1ec3 h\u1ea1n ch\u1ebf nguy c\u01a1 t\u1eeb th\u00e0nh ph\u1ea7n b\u00ean ngo\u00e0i.<\/li>\n<\/ul>\n\n\n\n

                  1.10 Insufficient Logging & Monitoring (\u0110\u0103ng nh\u1eadp v\u00e0 gi\u00e1m s\u00e1t kh\u00f4ng \u0111\u1ee7)<\/strong><\/p>\n\n\n

                  \n
                  \"\"<\/figure>\n<\/div>\n\n\n

                  L\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt quan tr\u1ecdng x\u1ea3y ra khi h\u1ec7 th\u1ed1ng kh\u00f4ng c\u00f3 kh\u1ea3 n\u0103ng ghi nh\u1eadt k\u00fd \u0111\u1ea7y \u0111\u1ee7 v\u00e0 kh\u00f4ng gi\u00e1m s\u00e1t ho\u1ea1t \u0111\u1ed9ng \u0111\u1ec3 ph\u00e1t hi\u1ec7n t\u1ea5n c\u00f4ng v\u00e0 s\u1ef1 c\u1ed1 b\u1ea3o m\u1eadt.<\/p>\n\n\n\n

                  M\u00f4 t\u1ea3:<\/strong> L\u1ed7 h\u1ed5ng n\u00e0y x\u1ea3y ra khi \u1ee9ng d\u1ee5ng ho\u1eb7c h\u1ec7 th\u1ed1ng kh\u00f4ng th\u1ef1c hi\u1ec7n \u0111\u1ee7 kh\u1ea3 n\u0103ng ghi nh\u1eadt k\u00fd (logging) v\u00e0 gi\u00e1m s\u00e1t (monitoring) \u0111\u1ec3 theo d\u00f5i c\u00e1c ho\u1ea1t \u0111\u1ed9ng quan tr\u1ecdng, nh\u01b0 th\u1eed th\u00e1ch h\u1ec7 th\u1ed1ng, t\u1ea5n c\u00f4ng t\u1eeb ch\u1ed1i d\u1ecbch v\u1ee5 (DoS), hay c\u00e1c t\u1ea5n c\u00f4ng b\u1ea3o m\u1eadt kh\u00e1c.<\/p>\n\n\n\n

                  Nguy c\u01a1:<\/strong> S\u1ef1 thi\u1ebfu h\u1ee5t trong vi\u1ec7c ghi nh\u1eadt k\u00fd v\u00e0 gi\u00e1m s\u00e1t c\u00f3 th\u1ec3 g\u00e2y ra c\u00e1c v\u1ea5n \u0111\u1ec1 nghi\u00eam tr\u1ecdng, bao g\u1ed3m:<\/p>\n\n\n\n

                    \n
                  • Kh\u1ea3 n\u0103ng x\u00e1c \u0111\u1ecbnh t\u1ea5n c\u00f4ng gi\u1ea3m:<\/strong> Thi\u1ebfu th\u00f4ng tin nh\u1eadt k\u00fd v\u00e0 gi\u00e1m s\u00e1t l\u00e0m cho vi\u1ec7c ph\u00e1t hi\u1ec7n v\u00e0 \u0111\u1ed1i ph\u00f3 v\u1edbi c\u00e1c t\u1ea5n c\u00f4ng tr\u1edf n\u00ean kh\u00f3 kh\u0103n h\u01a1n, cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng ho\u1ea1t \u0111\u1ed9ng trong b\u00f3ng t\u1ed1i.<\/li>\n\n\n\n
                  • Kh\u00f3 kh\u0103n trong vi\u1ec7c \u0111i\u1ec1u tra:<\/strong> Thi\u1ebfu th\u00f4ng tin nh\u1eadt k\u00fd c\u00f3 th\u1ec3 g\u00e2y kh\u00f3 kh\u0103n trong vi\u1ec7c \u0111i\u1ec1u tra v\u00e0 x\u00e1c \u0111\u1ecbnh nguy\u00ean nh\u00e2n g\u1ed1c r\u1ec5 c\u1ee7a c\u00e1c s\u1ef1 c\u1ed1 b\u1ea3o m\u1eadt.<\/li>\n\n\n\n
                  • Kh\u00f4ng th\u1ec3 x\u00e1c \u0111\u1ecbnh ho\u1ea1t \u0111\u1ed9ng b\u1ea5t th\u01b0\u1eddng:<\/strong> Thi\u1ebfu gi\u00e1m s\u00e1t l\u00e0m cho vi\u1ec7c nh\u1eadn bi\u1ebft c\u00e1c ho\u1ea1t \u0111\u1ed9ng kh\u00f4ng b\u00ecnh th\u01b0\u1eddng ho\u1eb7c s\u1ef1 x\u00e2m nh\u1eadp tr\u1edf n\u00ean kh\u00f3 kh\u0103n.<\/li>\n\n\n\n
                  • Kh\u00f4ng th\u1ec3 \u0111\u00e1p \u1ee9ng y\u00eau c\u1ea7u tu\u00e2n th\u1ee7:<\/strong> C\u00e1c quy \u0111\u1ecbnh v\u1ec1 b\u1ea3o m\u1eadt v\u00e0 tu\u00e2n th\u1ee7 (compliance) th\u01b0\u1eddng y\u00eau c\u1ea7u vi\u1ec7c ghi nh\u1eadt k\u00fd v\u00e0 gi\u00e1m s\u00e1t \u0111\u1ea7y \u0111\u1ee7.<\/li>\n<\/ul>\n\n\n\n

                    Ph\u00f2ng ng\u1eeba:<\/strong> \u0110\u1ec3 ng\u0103n ch\u1eb7n l\u1ed7 h\u1ed5ng \u0111\u0103ng nh\u1eadp v\u00e0 gi\u00e1m s\u00e1t kh\u00f4ng \u0111\u1ee7, c\u1ea7n tu\u00e2n th\u1ee7 c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt sau:<\/p>\n\n\n\n

                      \n
                    • Thi\u1ebft l\u1eadp ghi nh\u1eadt k\u00fd \u0111\u1ea7y \u0111\u1ee7:<\/strong> \u0110\u1ea3m b\u1ea3o r\u1eb1ng h\u1ec7 th\u1ed1ng ghi nh\u1eadt k\u00fd m\u1ecdi ho\u1ea1t \u0111\u1ed9ng quan tr\u1ecdng, bao g\u1ed3m c\u1ea3 t\u01b0\u01a1ng t\u00e1c c\u1ee7a ng\u01b0\u1eddi d\u00f9ng v\u00e0 c\u00e1c ho\u1ea1t \u0111\u1ed9ng h\u1ec7 th\u1ed1ng.<\/li>\n\n\n\n
                    • Thi\u1ebft l\u1eadp gi\u00e1m s\u00e1t ch\u1ee7 \u0111\u1ed9ng:<\/strong> S\u1eed d\u1ee5ng gi\u00e1m s\u00e1t ch\u1ee7 \u0111\u1ed9ng \u0111\u1ec3 theo d\u00f5i ho\u1ea1t \u0111\u1ed9ng h\u1ec7 th\u1ed1ng v\u00e0 ph\u00e1t hi\u1ec7n s\u1ef1 c\u1ed1 b\u1ea3o m\u1eadt ngay khi ch\u00fang x\u1ea3y ra.<\/li>\n\n\n\n
                    • X\u00e2y d\u1ef1ng h\u1ec7 th\u1ed1ng c\u1ea3nh b\u00e1o:<\/strong> Thi\u1ebft l\u1eadp h\u1ec7 th\u1ed1ng c\u1ea3nh b\u00e1o \u0111\u1ec3 th\u00f4ng b\u00e1o v\u1ec1 c\u00e1c s\u1ef1 c\u1ed1 v\u00e0 t\u1ea5n c\u00f4ng b\u1ea3o m\u1eadt ngay khi ch\u00fang \u0111\u01b0\u1ee3c ph\u00e1t hi\u1ec7n.<\/li>\n\n\n\n
                    • X\u00e2y d\u1ef1ng qu\u00e1 tr\u00ecnh x\u1eed l\u00fd s\u1ef1 c\u1ed1:<\/strong> \u0110\u1ea3m b\u1ea3o r\u1eb1ng c\u00f3 quy tr\u00ecnh x\u1eed l\u00fd s\u1ef1 c\u1ed1 b\u1ea3o m\u1eadt \u0111\u01b0\u1ee3c x\u00e2y d\u1ef1ng v\u00e0 \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n khi c\u1ea7n.<\/li>\n\n\n\n
                    • Ki\u1ec3m tra v\u00e0 c\u1eadp nh\u1eadt \u0111\u1ecbnh k\u1ef3:<\/strong> Xem x\u00e9t v\u00e0 ki\u1ec3m tra vi\u1ec7c ghi nh\u1eadt k\u00fd v\u00e0 gi\u00e1m s\u00e1t \u0111\u1ecbnh k\u1ef3 \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o t\u00ednh \u0111\u1ea7y \u0111\u1ee7 v\u00e0 hi\u1ec7u qu\u1ea3.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

                      N\u1ed9i dung b\u00e0i vi\u1ebft : 1. Top 10 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt ph\u1ed5 bi\u1ebfn tr\u00ean c\u00e1c trang web theo OWASP Top 10 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt ph\u1ed5 bi\u1ebfn tr\u00ean n\u1ec1n t\u1ea3ng web c\u1ee7a owasp (p1) m\u1ecdi ng\u01b0\u1eddi xem t\u1ea1i \u0111\u00e2y : 1.6 Security Misconfiguration (C\u1ea5u h\u00ecnh b\u1ea3o m\u1eadt kh\u00f4ng \u0111\u00fang) L\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng b\u1ea3o […]<\/p>\n","protected":false},"author":11,"featured_media":7516,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[18,80,17],"tags":[238,239,92,240],"class_list":["post-7507","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-endpoint","category-huong-dan-tai-lieu","category-bao-mat","tag-cross-site-scripting","tag-insecure-deserialization","tag-ransomware","tag-security-misconfiguration","entry","has-media"],"_links":{"self":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/7507","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/comments?post=7507"}],"version-history":[{"count":1,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/7507\/revisions"}],"predecessor-version":[{"id":10149,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/7507\/revisions\/10149"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media\/7516"}],"wp:attachment":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media?parent=7507"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/categories?post=7507"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/tags?post=7507"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}