Bir kurumun internete a\u00e7\u0131k t\u00fcm alt alan adlar\u0131n\u0131 (subdomain) bilmek, hem sald\u0131rganlar hem de savunmac\u0131lar i\u00e7in kritiktir. Certificate Transparency (CT) loglar\u0131, bu ke\u015ffin en g\u00fc\u00e7l\u00fc ve pasif kayna\u011f\u0131d\u0131r.<\/p>\n
CT, d\u00fczenlenen her SSL sertifikas\u0131n\u0131n herkese a\u00e7\u0131k, denetlenebilir loglara kaydedildi\u011fi bir sistemdir. Amac\u0131, yetkisiz (rogue) sertifika d\u00fczenlemelerini g\u00f6r\u00fcn\u00fcr k\u0131lmakt\u0131r. Yan etki olarak, bir alan ad\u0131 i\u00e7in sertifika al\u0131nm\u0131\u015f t\u00fcm subdomain’ler bu loglarda ortaya \u00e7\u0131kar.<\/p>\n
Unutulmu\u015f bir test sunucusu (test.site.com), eski bir panel (admin.site.com) veya yedek sistem, \u00e7o\u011fu zaman g\u00fcncellenmedi\u011fi i\u00e7in sald\u0131r\u0131n\u0131n en zay\u0131f halkas\u0131d\u0131r. Sald\u0131rganlar \u00f6nce CT loglar\u0131ndan subdomain listesi \u00e7\u0131kar\u0131r. Savunmac\u0131 olarak siz de ayn\u0131 listeyi \u00e7\u0131kar\u0131p bu varl\u0131klar\u0131 kapatabilir veya g\u00fcncelleyebilirsiniz.<\/p>\n
Sertifika Ge\u00e7mi\u015fi (CT) arac\u0131m\u0131z<\/a> bir alan ad\u0131 i\u00e7in toplam sertifika say\u0131s\u0131n\u0131, farkl\u0131 sertifika otoritelerini ve loglardan \u00e7\u0131kar\u0131lan benzersiz subdomain listesini g\u00f6sterir. Wildcard sertifikalar ayr\u0131ca i\u015faretlenir.<\/p>\n Bir kurumun internete a\u00e7\u0131k t\u00fcm alt alan adlar\u0131n\u0131 (subdomain) bilmek, hem sald\u0131rganlar hem de savunmac\u0131lar i\u00e7in kritiktir. Certificate Transparency (CT) loglar\u0131, bu ke\u015ffin en g\u00fc\u00e7l\u00fc ve pasif kayna\u011f\u0131d\u0131r. Certificate Transparency Nedir? CT, d\u00fczenlenen her SSL sertifikas\u0131n\u0131n herkese a\u00e7\u0131k, denetlenebilir loglara kaydedildi\u011fi bir sistemdir. Amac\u0131, yetkisiz (rogue) sertifika d\u00fczenlemelerini g\u00f6r\u00fcn\u00fcr k\u0131lmakt\u0131r. Yan etki olarak, bir alan … Devam\u0131n\u0131 oku<\/a><\/p>\n","protected":false},"author":1,"featured_media":25,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-26","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-guvenlik"],"_links":{"self":[{"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/posts\/26","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/comments?post=26"}],"version-history":[{"count":1,"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/posts\/26\/revisions"}],"predecessor-version":[{"id":43,"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/posts\/26\/revisions\/43"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/media\/25"}],"wp:attachment":[{"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/media?parent=26"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/categories?post=26"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secradar.net\/blog\/wp-json\/wp\/v2\/tags?post=26"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Sald\u0131r\u0131 Y\u00fczeyini Daraltmak<\/h2>\n
\n