{"id":83799,"date":"2021-08-21T20:47:18","date_gmt":"2021-08-21T17:47:18","guid":{"rendered":"http:\/\/hilmibilici.com\/?p=83799"},"modified":"2024-12-02T13:56:21","modified_gmt":"2024-12-02T10:56:21","slug":"sizma-testi-nasil-yapilir","status":"publish","type":"post","link":"http:\/\/hilmibilici.com\/?p=83799","title":{"rendered":"S\u0131zma Testi nas\u0131l yap\u0131l\u0131r?"},"content":{"rendered":"<p><strong>\u00d6deme sistemleri g\u00fcvenlik a\u00e7\u0131s\u0131ndan nas\u0131l test edilir?<\/strong><br \/>\nPandemi i\u00e7inde \u00e7evrimi\u00e7i \u00f6demelerin artmas\u0131, doland\u0131r\u0131c\u0131lar\u0131 bu alana daha da \u00e7ekmi\u015f durumdad\u0131r. 2020&#8217;nin ilk \u00e7eyre\u011finde <a href=\"https:\/\/www.kaspersky.com.tr\/\" target=\"_blank\" rel=\"noopener\">Kaspersky Lab<\/a> taraf\u0131ndan 42.115 mobil bankac\u0131l\u0131k vir\u00fcs\u00fc tespit edildi.\u00a0Bu, son bir bu\u00e7uk y\u0131l\u0131n en y\u00fcksek de\u011feri, 2019&#8217;un d\u00f6rd\u00fcnc\u00fc \u00e7eyre\u011finden 2,5 kat daha y\u00fcksektir. Finansal kurulu\u015flar bu ko\u015fullar alt\u0131nda sistemlerinin bilgi g\u00fcvenli\u011fini nas\u0131l test edebilirler?<\/p>\n<p><strong>S\u0131zma testleri ve g\u00fcvenlik a\u00e7\u0131\u011f\u0131 taramalar\u0131<\/strong><\/p>\n<p>Otomatik g\u00fcvenlik a\u00e7\u0131\u011f\u0131 taramalar\u0131 ve bilgisayar korsanl\u0131\u011f\u0131 kontrolleri gibi baz\u0131 y\u00f6ntemler zaten klasik olarak kabul edilebilir. Kartlarla \u00e7al\u0131\u015fan \u00f6deme sistemleri i\u00e7in g\u00fcvenlik a\u00e7\u0131\u011f\u0131 taramas\u0131, BT altyap\u0131s\u0131nda \u00f6nemli de\u011fi\u015fikliklerden sonra en az \u00fc\u00e7 ayda bir veya her seferinde yap\u0131lmal\u0131d\u0131r. Ayr\u0131ca, y\u0131lda bir kez veya altyap\u0131daki \u00f6nemli de\u011fi\u015fikliklerden sonra, bu kurulu\u015flar\u0131n <a href=\"http:\/\/hilmibilici.com\/index.php\/2021\/06\/22\/siber-guvenlik-ve-sizma-testi-kitabim-yayinda\/\">s\u0131zma testlerini<\/a> (<strong>pentest<\/strong>), \u00d6zel olarak i\u015fe al\u0131nan veya kurum i\u00e7i bilgisayar korsanlar\u0131 taraf\u0131ndan sald\u0131r\u0131ya u\u011frad\u0131klar\u0131nda ge\u00e7meleri gerekir . .. Bunu yapmak i\u00e7in piyasada otomatik bir tak\u0131m programlar vard\u0131r ve bilgisayar korsanlar\u0131n\u0131n bunlar\u0131 do\u011fru bir \u015fekilde kullanabilmeleri i\u00e7in belirli niteliklere sahip olmalar\u0131 yeterlidir.<\/p>\n<p>Penetrasyon testinin sonu\u00e7lar\u0131na dayanarak, etik bilgisayar korsanlar\u0131 (yada <a href=\"http:\/\/hilmibilici.com\/index.php\/2021\/08\/06\/sizma-testi-uzmani\/\" target=\"_blank\" rel=\"noopener\">s\u0131zma testi uzmanlar\u0131<\/a>) ya BT altyap\u0131n\u0131z\u0131n g\u00fcvenli oldu\u011fu ve yak\u0131n gelecekte kartlarla g\u00fcvenle \u00e7al\u0131\u015fmaya devam edebilece\u011finiz sonucuna var\u0131yor ya da tam tersine g\u00fcvenlik a\u00e7\u0131klar\u0131 bulduklar\u0131n\u0131 ve bunlar\u0131 kapatmay\u0131 teklif ediyorlar. D\u00fczeltmeler yap\u0131ld\u0131ktan sonra ikinci bir <strong>s\u0131zma testi<\/strong> ve ard\u0131ndan gerekirse g\u00fcvenlik a\u00e7\u0131klar\u0131 tamamen kapat\u0131lana kadar bir tane daha yap\u0131l\u0131r.<\/p>\n<p><strong>Denetim<\/strong><br \/>\nDi\u011fer bir kontrol unsuru ise, pasif-aktif g\u00fcvenlik olarak adland\u0131r\u0131l\u0131r. Kurulu\u015f , t\u00fcm BT ortam\u0131n\u0131, t\u00fcm altyap\u0131s\u0131n\u0131 ustaca de\u011ferlendiren denet\u00e7ilerden harici hizmetler al\u0131r veya sipari\u015f eder. \u0130deal olarak, bu t\u00fcr bir denetim d\u00fczenli olarak (en az y\u0131lda bir kez) ger\u00e7ekle\u015ftirilmelidir, ancak bu ayn\u0131 zamanda maliyetli bir \u015feydir.<\/p>\n<p><strong>Sorumlu geli\u015ftirme<\/strong><br \/>\nBu \u00fc\u00e7\u00fcnc\u00fc kontrol ve g\u00fcvenlik konusudur. Kendi ba\u015flar\u0131na yaz\u0131l\u0131m yazan kurulu\u015flarla ilgilidir. Kendi finansal ve di\u011fer BT sistemlerini olu\u015fturma ve gelecekteki pentestleri beklemeden yaz\u0131l\u0131m\u0131n do\u011frudan geli\u015ftirme s\u00fcrecinde olas\u0131 g\u00fcvenlik a\u00e7\u0131klar\u0131 i\u00e7in izlenmesi ger\u00e7e\u011finde yatmaktad\u0131r.<\/p>\n<p>Kodu bu \u015fekilde taramak i\u00e7in \u00f6zel yard\u0131mc\u0131 programlar\u0131 da kullanabilirsiniz . \u00d6rne\u011fin, geli\u015ftiricinin a\u00e7\u0131k bir yaz\u0131l\u0131m kitapl\u0131\u011f\u0131 kulland\u0131\u011f\u0131n\u0131 ve 2016&#8217;da i\u00e7inde bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulundu\u011funu vurgulayabilecekler, bu nedenle g\u00fcvenlik amac\u0131yla bu kitapl\u0131\u011f\u0131n 2017&#8217;den daha eski olmayan bir s\u00fcr\u00fcm\u00fcn\u00fc kullanman\u0131z gerekiyor. Ayr\u0131ca, bu zincire, \u00fcr\u00fcn\u00fcn\u00fcz\u00fcn her yeni yap\u0131s\u0131n\u0131 tarayan otomatik g\u00fcvenlik a\u00e7\u0131\u011f\u0131 taray\u0131c\u0131lar\u0131 yerle\u015ftirilmi\u015ftir.<\/p>\n<p>Bunlar\u0131n hepsi de \u00f6nemli giderlerdir. B\u00f6yle bir kontrol ard\u0131\u015f\u0131k d\u00fczeni, kulland\u0131\u011f\u0131n\u0131z kitapl\u0131klardaki yeni g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 d\u00fczenli olarak kontrol ederek olu\u015fturulmal\u0131, otomatikle\u015ftirilmeli ve s\u00fcrd\u00fcr\u00fclmelidir.<\/p>\n<p class=\"important\">Yak\u0131n gelecekte, g\u00fcven talep eden \u015firketler (\u00f6zellikle finansal olanlar) ile ilgili olarak \u015fu soru sorulacak: Siber \u00e7\u00f6pl\u00fcklere eklenmeden kurtulmak i\u00e7in kendi BT altyap\u0131n\u0131z\u0131 korumaya nas\u0131l haz\u0131rlanmal\u0131s\u0131n\u0131z?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u00d6deme sistemleri g\u00fcvenlik a\u00e7\u0131s\u0131ndan nas\u0131l test edilir? Pandemi i\u00e7inde \u00e7evrimi\u00e7i \u00f6demelerin artmas\u0131, doland\u0131r\u0131c\u0131lar\u0131 bu alana daha da \u00e7ekmi\u015f durumdad\u0131r. 2020&#8217;nin&#8230;<\/p>\n","protected":false},"author":1,"featured_media":85080,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[37],"tags":[95,137,194,343,402,424,425],"class_list":["post-83799","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bilisim-hukuku","tag-bilisim-guvenligi","tag-cyber-security","tag-finansal-guvenlik","tag-pentest","tag-siber-guvenlik","tag-sizma-testi","tag-sizma-testi-uzmani"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/posts\/83799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=83799"}],"version-history":[{"count":2,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/posts\/83799\/revisions"}],"predecessor-version":[{"id":85081,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/posts\/83799\/revisions\/85081"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=\/wp\/v2\/media\/85080"}],"wp:attachment":[{"href":"http:\/\/hilmibilici.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=83799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=83799"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/hilmibilici.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=83799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}