{"id":5524,"date":"2020-12-14T19:52:58","date_gmt":"2020-12-14T18:52:58","guid":{"rendered":"https:\/\/nethemba.com\/?p=5524"},"modified":"2020-12-29T13:00:18","modified_gmt":"2020-12-29T12:00:18","slug":"prirucka-naseho-zakaznika-i","status":"publish","type":"post","link":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/","title":{"rendered":"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka I"},"content":{"rendered":"

V\u0161e, co jste cht\u011bli v\u011bd\u011bt o na\u0161ich\u00a0 slu\u017eb\u00e1ch v IT bezpe\u010dnosti<\/span><\/h1>\n

C\u00edlem n\u00e1sleduj\u00edc\u00edho dokumentu je na z\u00e1klad\u011b na\u0161ich 14-let\u00fdch zku\u0161enost\u00ed v oblasti etick\u00e9ho hackov\u00e1n\u00ed (proveden\u00fdch stovky penetra\u010dn\u00edch test\u016f a bezpe\u010dnostn\u00edch audit\u016f pro mno\u017estv\u00ed <\/span>na\u0161ich z\u00e1kazn\u00edk\u016f<\/span><\/a>) vysv\u011btlit jak si vybrat vhodn\u00fd penetra\u010dn\u00ed test nebo bezpe\u010dnostn\u00ed audit, a to tak, aby byl v souladu s va\u0161imi o\u010dek\u00e1v\u00e1n\u00edmi proveden maxim\u00e1ln\u011b profesion\u00e1ln\u011b a za co mo\u017en\u00e1 nejlep\u0161\u00ed cenu.<\/span><\/p>\n

Dokument je rozd\u011blen na t\u0159i \u010d\u00e1sti, kter\u00e9 budou postupn\u011b zve\u0159ejn\u011bny na na\u0161em blogu.<\/span><\/p>\n

Prvn\u00ed \u010d\u00e1st:<\/b><\/p>\n

Jak\u00fd penetra\u010dn\u00ed test nebo bezpe\u010dnostn\u00ed audit pot\u0159ebuji (Request For Information)<\/span><\/a><\/p>\n

Druh\u00e1 \u010d\u00e1st:<\/b><\/p>\n

Chci nab\u00eddku, co ode m\u011b pot\u0159ebujete? (Request For Proposal)<\/span><\/a><\/p>\n

Rozhodl jsem se pro va\u0161e slu\u017eby, poj\u010fme do toho!<\/span><\/a><\/p>\n

Jak p\u0159iprav\u00edm testovac\u00ed prost\u0159ed\u00ed a testovac\u00ed \u00fa\u010dty?<\/span><\/a><\/p>\n

Testov\u00e1n\u00ed \u00fasp\u011b\u0161n\u011b prob\u00edh\u00e1, co m\u00e1m \u010dekat?<\/span><\/a><\/p>\n

V\u00fdsledn\u00e1 zpr\u00e1va<\/span><\/a><\/p>\n

T\u0159et\u00ed \u010d\u00e1st:<\/b><\/p>\n

Opakovan\u00e9 testy a bug bounty program<\/span><\/a><\/p>\n

Jak\u00e9 technologick\u00e9 certifik\u00e1ty by m\u011bli m\u00edt eti\u010dt\u00ed hacke\u0159i?<\/span><\/a><\/p>\n

Pro\u010d pr\u00e1v\u011b testy u „svobodn\u00e9“ firmy?<\/span><\/a><\/p>\n

<\/a>Jak\u00fd penetra\u010dn\u00ed test nebo bezpe\u010dnostn\u00ed audit pot\u0159ebuji? (RFI)<\/span><\/h1>\n

Testy webov\u00fdch aplikac\u00ed<\/span><\/h2>\n

Pokud jste mal\u00e1 firma bez vlastn\u00ed intern\u00ed infrastruktury tak v\u00e1s z\u0159ejm\u011b bude zaj\u00edmat penetra\u010dn\u00ed test va\u0161eho webu nebo va\u0161\u00ed webov\u00e9 aplikace. Pokud m\u00e1te mal\u00fd nebo st\u0159edn\u011b velk\u00fd web bez komplexn\u00ed dynamick\u00e9 funkcionality, tak v\u00e1m posta\u010d\u00ed n\u00e1\u0161 nejpopul\u00e1rn\u011bj\u0161\u00ed <\/span>standardn\u00ed penetra\u010dn\u00ed test<\/span><\/a>. Jeho c\u00edlem je b\u011bhem fixn\u00edho \u010dasu (3 dny) odhalit co nejv\u00edce kritick\u00fdch nebo jin\u00fdch v\u00e1\u017en\u00fdch zranitelnost\u00ed. Jde o „blackbox“ simulaci re\u00e1ln\u00e9ho hackersk\u00e9ho \u00fatoku, kdy potenci\u00e1ln\u00ed \u00fato\u010dn\u00edk m\u00e1 na vyh\u00e1ckov\u00e1n\u00ed va\u0161\u00ed aplikace fixn\u00ed \u010das t\u0159i dny. Odpov\u00edd\u00e1 tedy na ot\u00e1zku – co v\u0161echno dok\u00e1\u017ee profesion\u00e1ln\u00ed hacker odhalit a zneu\u017e\u00edt b\u011bhem uveden\u00e9ho \u010dasu?<\/span><\/p>\n

Bohu\u017eel t\u0159i dny obvykle nesta\u010d\u00ed k odhalen\u00ed v\u011bt\u0161iny zranitelnost\u00ed, obzvl\u00e1\u0161t\u011b v slo\u017eit\u011bj\u0161\u00edch a komplexn\u011bj\u0161\u00edch aplikac\u00edch. Na toto je vhodn\u00fd <\/span>detailn\u00ed bezpe\u010dnostn\u00ed audit<\/span><\/a>, kter\u00fd prov\u00e1d\u00edme podle standardu OWASP (moment\u00e1ln\u011b ve <\/span>verzi 4.2<\/span><\/a>). Jde o nejdetailn\u011bj\u0161\u00ed webov\u00fd test, kter\u00fd prov\u00e1d\u00edme striktn\u011b podle t\u00e9to otev\u0159en\u00e9 metodologie.<\/span><\/p>\n

V p\u0159\u00edpad\u011b z\u00e1jmu z\u00e1kazn\u00edka realizujeme i audit zdrojov\u00fdch k\u00f3d\u016f aplikace. Jeliko\u017e zdrojov\u00fd k\u00f3d je obvykle rozs\u00e1hl\u00fd, soust\u0159ed\u00edme se speci\u00e1ln\u011b na z hlediska bezpe\u010dnosti, kritick\u00e9 \u010d\u00e1sti k\u00f3du – autentizaci, autorizaci a session management.<\/span><\/p>\n

P\u0159i detailn\u00edm bezpe\u010dnostn\u00edm auditu proch\u00e1z\u00edme a testujeme v\u0161echny formul\u00e1\u0159e webov\u00e9 aplikace na v\u0161echny druhy zn\u00e1m\u00fdch webov\u00fdch \u00fatok\u016f. Proto je tento audit i v\u00fdrazn\u011b pracn\u011bj\u0161\u00ed (pot\u0159ebujeme cca 2-4 t\u00fddny na detailn\u00ed otestov\u00e1n\u00ed jedn\u00e9 aplikace). Sou\u010d\u00e1st\u00ed tohoto testu je i tvorba (programov\u00e1n\u00ed) exploit\u016f, co\u017e jsou specializovan\u00e9 programy, kter\u00fdmi prakticky demonstrujeme zneu\u017eit\u00ed odhalen\u00fdch kritick\u00fdch zranitelnost\u00ed. Detailn\u00ed bezpe\u010dnostn\u00ed audit doporu\u010dujeme pro v\u0161echny z hlediska bezpe\u010dnosti kritick\u00e9 aplikace, kter\u00e9 disponuj\u00ed citliv\u00fdmi osobn\u00edmi nebo finan\u010dn\u00edmi \u00fadaji, tedy i nap\u0159. zda umo\u017e\u0148uj\u00ed finan\u010dn\u00ed p\u0159evody. Tento test je proto vhodn\u00fd pro finan\u010dn\u00ed sektor st\u0159edn\u011b velk\u00e9 \u010di velk\u00e9 spole\u010dnosti. Doporu\u010dujeme jej realizovat p\u0159ed nasazen\u00edm jak\u00e9koli nov\u011b vyvinut\u00e9 aplikace do produk\u010dn\u00edho prost\u0159ed\u00ed.<\/span><\/p>\n

Testy mobiln\u00edch aplikac\u00ed<\/span><\/h2>\n

M\u00edt p\u011bknou a funk\u010dn\u00ed mobiln\u00ed aplikaci je v sou\u010dasn\u00e9 dob\u011b pro velk\u00e9 mno\u017estv\u00ed firem ji\u017e nezbytnost a standard sou\u010dasn\u011b. Mobiln\u00ed aplikace pro Android nebo iPhone mohou obsahovat takov\u00e9 druhy zranitelnost\u00ed, kter\u00e9 se ve webov\u00fdch aplikac\u00edch nenach\u00e1zej\u00ed. Proto doporu\u010dujeme ka\u017edou takovou mobiln\u00ed aplikaci p\u0159ed jej\u00edm ofici\u00e1ln\u00edm spu\u0161t\u011bn\u00edm d\u016fkladn\u011b otestovat.<\/span><\/p>\n

V r\u00e1mci slu\u017eby <\/span>bezpe\u010dnostn\u00ed audit mobiln\u00ed aplikace<\/span><\/a> prov\u00e1d\u00edme jak testov\u00e1n\u00ed serverov\u00e9 \u010d\u00e1sti webov\u00fdch slu\u017eeb (REST \/ SOAP), tak klientsk\u00e9 \u010d\u00e1sti (frontend) samotn\u00e9 aplikace (Android aplikace napsan\u00e9 v Jav\u011b dekompilujeme a iOS aplikace napsan\u00e9 v Objective C reverzujeme). Sou\u010d\u00e1st testov\u00e1n\u00ed je tak\u00e9 aktivn\u00ed sledov\u00e1n\u00ed a intervence do komunikace mezi samotnou mobiln\u00ed aplikac\u00ed a jej\u00ed serverovou stranou (p\u0159i t\u00e9to komunikaci upravujeme jak \u017e\u00e1dosti aplikace, tak odpov\u011bdi ze strany serveru s c\u00edlem identifikovat mo\u017en\u00e9 zranitelnosti). Vyu\u017e\u00edv\u00e1me k tomu r\u016fzn\u00e9 tzv. „fault injection“ n\u00e1stroje. Dok\u00e1\u017eeme obej\u00edt r\u016fzn\u00e9 bezpe\u010dnostn\u00ed ochrany, kter\u00fdmi se aplikace chr\u00e1n\u00ed (nap\u0159\u00edklad SSL pinning, detekce roota \/ jailbreaku, obfuskace k\u00f3du atd). Otestov\u00e1n\u00ed jedn\u00e9 mobiln\u00ed aplikace na jedn\u00e9 platform\u011b trv\u00e1 \u0159\u00e1dov\u011b 1-3 t\u00fddny.<\/span><\/p>\n

Extern\u00ed penetra\u010dn\u00ed testy<\/span><\/h2>\n

Pokud jste v\u011bt\u0161\u00ed firma, tak pravd\u011bpodobn\u011b ji\u017e disponujete vlastn\u00ed s\u00ed\u0165ovou infrastrukturou (extern\u00ed a intern\u00ed firemn\u00ed s\u00edt\u00ed), kterou je t\u0159eba udr\u017eovat a chr\u00e1nit. Na to v\u00e1m pom\u016f\u017ee n\u00e1\u0161 <\/span>extern\u00ed penetra\u010dn\u00ed test<\/span><\/a>. Ten dok\u00e1\u017ee b\u00fdt realizov\u00e1n v kompletn\u00ed „blackbox“ form\u011b, kdy n\u00e1m jako z\u00e1kazn\u00edk neposkytnete \u017e\u00e1dn\u00e9 informace o va\u0161\u00ed s\u00ed\u0165ov\u00e9 infrastruktu\u0159e. V r\u00e1mci f\u00e1ze, kter\u00e1 se naz\u00fdv\u00e1 „information gathering“ se tyto pot\u0159ebn\u00e9 informace pokus\u00edme z\u00edskat z ve\u0159ejn\u011b dostupn\u00fdch registr\u016f \u010di datab\u00e1z\u00ed. Na\u0161\u00edm c\u00edlem je identifikovat va\u0161e potenci\u00e1ln\u00ed s\u00ed\u0165ov\u00e9 IP rozsahy nebo IP adresy. Tato f\u00e1ze je pasivn\u00ed, co\u017e znamen\u00e1, \u017ee va\u0161ich server\u016f \u010di s\u00ed\u0165ov\u00fdch prvk\u016f se „nedot\u00fdk\u00e1me“, jen shroma\u017e\u010fujeme dostupn\u00e9 informace o va\u0161\u00ed infrastruktu\u0159e. Pot\u00e9 co z\u00edsk\u00e1me seznam va\u0161ich potenci\u00e1ln\u00edch IP adres nebo IP rozsah\u016f, v\u00e1s kontaktujeme a nech\u00e1me si od v\u00e1s explicitn\u011b potvrdit, \u017ee jde skute\u010dn\u011b o va\u0161e re\u00e1ln\u00e9 IP adresy. Pokra\u010dovat v aktivn\u00edm testov\u00e1n\u00ed IP adres, kter\u00e9 v\u00e1m nepat\u0159\u00ed, je toti\u017e neleg\u00e1ln\u00ed.<\/span><\/p>\n

Druh\u00e1, zhruba o jeden den rychlej\u0161\u00ed alternativa je n\u00e1m rovnou poslat va\u0161e IP rozsahy nebo seznamy IP adres, kter\u00e9 chcete otestovat. N\u00e1sledn\u011b se dok\u00e1\u017eeme pustit do penetra\u010dn\u00edho testov\u00e1n\u00ed. Extern\u00ed penetra\u010dn\u00ed test trv\u00e1 \u0159\u00e1dov\u011b p\u00e1r dn\u00ed a\u017e t\u00fddn\u016f (podle velikosti testovan\u00e9 infrastruktury).<\/span><\/p>\n

Intern\u00ed penetra\u010dn\u00ed testy<\/span><\/h2>\n

A\u017e <\/span>60% v\u0161ech bezpe\u010dnostn\u00edch incident\u016f poch\u00e1z\u00ed od intern\u00edch zam\u011bstnanc\u016f<\/span><\/a> nebo z intern\u00ed s\u00edt\u011b. Proto je d\u016fle\u017eit\u00e9 db\u00e1t i o bezpe\u010dnost intern\u00ed s\u00ed\u0165ov\u00e9 infrastruktury. Na jej\u00ed otestov\u00e1n\u00ed nab\u00edz\u00edme <\/span>penetra\u010dn\u00ed test intranetu<\/span><\/a>. Ten m\u016f\u017ee b\u00fdt realizov\u00e1n, bu\u010f z pohledu n\u00e1hodn\u00e9ho anonymn\u00edho \u00fato\u010dn\u00edka (\u010dlov\u011bk, kter\u00fd p\u0159i\u0161el do firmy na pohovor a p\u0159ipojil si laptop v zaseda\u010dce), nebo z pohledu b\u011b\u017en\u00e9ho zam\u011bstnance (nap\u0159\u00edklad sekret\u00e1\u0159ky, kter\u00e1 m\u00e1 p\u0159\u00edstup do firemn\u00edho dom\u00e9nov\u00e9ho serveru). Obvykle n\u00e1m sta\u010d\u00ed anonymn\u00ed p\u0159\u00edstup do intern\u00ed s\u00edt\u011b, abychom dok\u00e1zali obej\u00edt ochrany jako MAC security, 802.1x \u010di jin\u00e9 ochrany na linkov\u00e9 vrstv\u011b. \u00datoky jako ARP poisoning a vyd\u00e1v\u00e1n\u00edm se za „ofici\u00e1ln\u00ed“ s\u00ed\u0165ov\u00fd router dok\u00e1\u017eeme relativn\u011b rychle z\u00edskat opr\u00e1vn\u011bn\u00ed jin\u00fdch intern\u00edch u\u017eivatel\u016f (tak\u017ee \u010dastokr\u00e1t ofici\u00e1ln\u00ed \u00fa\u010det sekret\u00e1\u0159ky nakonec ani nepot\u0159ebujeme). Dokud to nen\u00ed stanoveno jinak, tak nejv\u011bt\u0161\u00edm c\u00edlem intern\u00edho penetra\u010dn\u00edho testu je kompromitovat hlavn\u00ed dom\u00e9nov\u00fd server (AD) a hlavn\u00ed s\u00ed\u0165ov\u00fd router, kter\u00fd sm\u011b\u0159uje ve\u0161ker\u00fd s\u00ed\u0165ov\u00fd provoz z va\u0161\u00ed firmy do Internetu. Toto de facto znamen\u00e1, \u017ee se n\u00e1m poda\u0159ilo z\u00edskat plnou kontrolu nad va\u0161\u00ed intern\u00ed s\u00edt\u00ed. V minulosti jsme v\u011bt\u0161inu intern\u00edch penetra\u010dn\u00edch test\u016f realizovali „onsite“, tedy fyzicky u z\u00e1kazn\u00edka. V sou\u010dasn\u00e9 pandemick\u00e9 dob\u011b jsme se prakticky \u00fapln\u011b „p\u0159epnuli“ do testov\u00e1n\u00ed na d\u00e1lku p\u0159es z\u00e1kazn\u00edky vytvo\u0159en\u00e9 VPN spojen\u00ed. Pokud se najdou korporace, kter\u00e9 maj\u00ed mnoho pobo\u010dek na cel\u00e9m sv\u011bt\u011b s odd\u011blen\u00fdmi intern\u00edmi s\u00edt\u011bmi, tak na jejich kompletn\u00ed otestov\u00e1n\u00ed pot\u0159ebujeme VPN spojen\u00ed do ka\u017ed\u00e9 z t\u011bchto lokalit.<\/span><\/p>\n

Lok\u00e1ln\u00ed bezpe\u010dnostn\u00ed audit<\/span><\/h2>\n

P\u0159i „toulk\u00e1ch“ po intern\u00ed s\u00edti \u010dastokr\u00e1t objev\u00edme z pohledu z\u00e1kazn\u00edka kl\u00ed\u010dov\u00fd nebo kritick\u00fd server, kter\u00fd vy\u017eaduje detailn\u00ed otestov\u00e1n\u00ed, a to z pohledu jak neprivilegovan\u00e9ho, \u200b\u200btak privilegovan\u00e9ho u\u017eivatele. V tomto p\u0159\u00edpad\u011b zah\u00e1j\u00edme <\/span>lok\u00e1ln\u00ed bezpe\u010dnostn\u00ed audit<\/span><\/a>, jeho\u017e c\u00edlem je odhalit v\u0161echny mo\u017en\u00e9 zranitelnosti v dan\u00e9m lok\u00e1ln\u00edm syst\u00e9mu a instalovan\u00fdch aplikac\u00edch. A pomoci n\u00e1sledn\u011b p\u0159i jeho dal\u0161\u00edm zabezpe\u010den\u00ed (tzv. hardening). P\u0159i tomto syst\u00e9mov\u00e9m auditu nap\u0159\u00edklad ov\u011b\u0159ujeme v\u0161echny mo\u017en\u00e9 zp\u016fsoby neautorizovan\u00e9 eskalace neprivilegovan\u00fdch u\u017eivatel\u016f na privilegovan\u00e9 (administr\u00e1tor \/ root).<\/span><\/p>\n

Soci\u00e1ln\u00ed in\u017een\u00fdrstv\u00ed<\/span><\/h2>\n

V\u0161echny v\u00fd\u0161e uveden\u00e9 testy se t\u00fdkaly hled\u00e1n\u00ed zranitelnost\u00ed, kter\u00e9 umo\u017e\u0148uj\u00ed \u00fatoky na technologie. Bohu\u017eel \u010dastokr\u00e1t se st\u00e1v\u00e1, \u017ee i p\u0159esto, \u017ee pou\u017e\u00edv\u00e1te vysoce bezpe\u010dn\u00e9 technologie (syst\u00e9my a aplikace), tak se stanete ob\u011bt\u00ed hackersk\u00e9ho \u00fatoku. V tomto p\u0159\u00edpad\u011b hovo\u0159\u00edme o tzv. \u00fatoc\u00edch soci\u00e1ln\u00edho in\u017een\u00fdrstv\u00ed, kdy p\u0159edm\u011btem \u00fatoku nejsou technologie, ale samotn\u00ed lid\u00e9. \u00dato\u010dn\u00edk p\u0159i soci\u00e1ln\u00edm in\u017een\u00fdrstv\u00ed vyu\u017e\u00edv\u00e1 typick\u00e9 lidsk\u00e9 vlastnosti jako altruismus, d\u016fv\u011b\u0159ivost, pot\u0159eba pom\u00e1hat, ale i sobectv\u00ed \u010di strach z autorit.<\/span><\/p>\n

Test <\/span>Soci\u00e1ln\u00ed in\u017een\u00fdrstv\u00ed<\/span><\/a>, kter\u00e9 prov\u00e1d\u00edme, se skl\u00e1d\u00e1 ze t\u0159\u00ed \u010d\u00e1st\u00ed.<\/span><\/p>\n

Prvn\u00ed \u010d\u00e1st p\u0159edstavuje internetov\u00fd c\u00edlen\u00fd phishing (tzv. Spear-phishing), kdy se obvykle sna\u017e\u00edme pomoc\u00ed kan\u00e1l\u016f jako jsou e-maily nebo klienti instantn\u00ed komunikace zmanipulovat va\u0161e zam\u011bstnance to tak, aby n\u00e1m poskytli zvolen\u00e9 citliv\u00e9 informace nebo n\u00e1m umo\u017enily prov\u00e9st jinak nepovolen\u00e9 operace.<\/span><\/p>\n

Druh\u00e1 \u010d\u00e1st prob\u00edh\u00e1 telefonicky nebo SMS zpr\u00e1vami, kdy vyu\u017e\u00edv\u00e1me metody impersonifikace (vyd\u00e1v\u00e1n\u00ed se za jinou osobu) \u010di caller ID spoofing (nap\u0159. vol\u00e1me ob\u011bti z p\u0159edem zn\u00e1m\u00fdch podvr\u017een\u00fdch \u010d\u00edsel, kter\u00fdm d\u016fv\u011b\u0159uje).<\/span><\/p>\n

T\u0159et\u00ed f\u00e1ze p\u0159edstavuje samotnou fyzickou infiltraci do budovy z\u00e1kazn\u00edka. K tomu obvykle pot\u0159ebujeme tzv. „Get Out Of Jail Letter“, tedy dokument podepsan\u00fd veden\u00edm firmy, prohla\u0161uj\u00edc\u00edho, \u017ee jde jen o test, abychom se vyhnuli p\u0159\u00edpadn\u00e9 fyzick\u00e9 konfrontaci.<\/span><\/p>\n

Ka\u017ed\u00fd z\u00e1kazn\u00edk je jin\u00fd a vy\u017eaduje jin\u00e9 sc\u00e9n\u00e1\u0159e soci\u00e1ln\u00ed in\u017een\u00fdrstv\u00ed. N\u011bkte\u0159\u00ed zam\u011bstnanci z\u00e1kazn\u00edk\u016f maj\u00ed vy\u0161\u0161\u00ed bezpe\u010dnostn\u00ed pov\u011bdom\u00ed, a proto jsou imunn\u00ed na trivi\u00e1ln\u00ed \u00fatoky soci\u00e1ln\u00edho in\u017een\u00fdrstv\u00ed (nap\u0159\u00edklad na phishing e-maily \u010di rozsypan\u00e9 USB kl\u00ed\u010de s malwarem). Proto vypracov\u00e1v\u00e1me i sofistikovan\u011bj\u0161\u00ed sc\u00e9n\u00e1\u0159e, kter\u00e9 n\u00e1sledn\u011b otestujeme.<\/span>\u00a0<\/span><\/p>\n

Dob\u0159e realizovan\u00e9 soci\u00e1ln\u00ed in\u017een\u00fdrstv\u00ed je \u010dasto velmi \u00fasp\u011b\u0161n\u00e9. I v dne\u0161n\u00ed dob\u011b m\u016f\u017eeme vid\u011bt, jak v\u00fdborn\u011b funguj\u00ed podvodn\u00edci vyd\u00e1vaj\u00edc\u00ed se za zam\u011bstnance Microsoftu, kte\u0159\u00ed v\u00e1m zavolaj\u00ed p\u0159es telefon a sna\u017e\u00ed se z\u00edskat p\u0159\u00edstup k po\u010d\u00edta\u010di a citliv\u00fdm osobn\u00edm \u00fadaj\u016fm.<\/span><\/p>\n

Specializovan\u00e9 testy<\/span><\/h2>\n

Pokud jste z\u00e1kazn\u00edk, kter\u00fd m\u00e1 z\u00e1jem o specifick\u00e9 testy n\u011bjak\u00e9 konkr\u00e9tn\u00ed technologie nebo platformy, tak n\u00e1m dejte v\u011bd\u011bt. M\u00e1me experty a zku\u0161enosti s bezpe\u010dnost\u00ed n\u00e1sleduj\u00edc\u00edch technologi\u00ed:<\/span><\/p>\n

Bezpe\u010dnostn\u00ed audit smart kontrakt\u016f<\/span><\/a> – pokud pot\u0159ebujete otestovat decentralizovan\u00e9 aplikace nad Ethereum (\u010di jin\u00fdm) blockchainem, umo\u017e\u0148uj\u00edc\u00edm smart kontrakty. T\u00e9matu zranitelnost\u00ed v smart kontraktech jsme se v\u011bnovali v <\/span>tomto del\u0161\u00edm \u010dl\u00e1nku<\/span><\/a>.<\/span><\/p>\n

Bezpe\u010dnostn\u00ed audit SAP syst\u00e9m\u016f<\/span><\/a> – pokud chcete otestovat bezpe\u010dnost va\u0161ich SAP syst\u00e9m\u016f a aplikac\u00ed. Jeliko\u017e SAP je velmi slo\u017eit\u00fd robustn\u00ed syst\u00e9m, tak m\u00e1me velmi vysokou \u00fasp\u011b\u0161nost v jeho kompromitac\u00edch.<\/span><\/p>\n

Bezpe\u010dnostn\u00ed audit \u010dipov\u00fdch karet<\/span><\/a> – v minulosti jsme <\/span>demonstrovali prolomen\u00ed<\/span><\/a> nejroz\u0161\u00ed\u0159en\u011bj\u0161\u00edch \u010dipov\u00fdch karet na sv\u011bt\u011b (Mifare Classic) a tak\u00e9 jsme jako prvn\u00ed publikovali open-source n\u00e1stroj na jejich prolomen\u00ed (<\/span>mfoc<\/span><\/a>, dostupn\u00fd nap\u0159\u00edklad v hackersk\u00e9 distribuci Kali). Tyto zku\u0161enosti jsme opakovan\u011b vyu\u017eili na auditov\u00e1n\u00ed r\u016fzn\u00fdch technologi\u00ed bezdr\u00e1tov\u00fdch \u010dipov\u00fdch karet (spl\u0148uj\u00edc\u00ed standardy ISO 15693 a ISO \/ IEC 14443).<\/span><\/p>\n

Bezpe\u010dnostn\u00ed audit bezdr\u00e1tov\u00fdch (WiFi) s\u00edt\u00ed<\/span><\/a> – podvr\u017een\u00e9 wifi hotspoty (tzv. „Rogue APs“) mohou p\u0159edstavovat ne\u017e\u00e1douc\u00ed zp\u016fsob \u00faniku citliv\u00fdch informac\u00ed z va\u0161\u00ed intern\u00ed s\u00edt\u011b. Podobn\u011b nedostate\u010dn\u011b zabezpe\u010den\u00e1 intern\u00ed wifi s\u00ed\u0165 znamen\u00e1, \u017ee \u00fato\u010dn\u00edk kompromituje v\u00e1s, va\u0161e zam\u011bstnance nebo z\u00e1kazn\u00edky. Toto v\u0161echno dok\u00e1\u017ee odhalit bezpe\u010dnostn\u00ed audit bezdr\u00e1tov\u00fdch (WiFi) s\u00edt\u00ed, kter\u00fd r\u00e1di realizujeme fyzicky ve va\u0161ich prostor\u00e1ch.<\/span><\/p>\n

Bezpe\u010dnostn\u00ed audit <\/span>SCADA<\/span><\/a> a <\/span>IoT<\/span><\/a> – a\u0165 u\u017e jen pou\u017e\u00edv\u00e1te nebo i vyr\u00e1b\u00edte vlastn\u00ed hardware nebo jste podnik s kritickou pr\u016fmyslovou infrastrukturou, tak m\u016f\u017eete vyu\u017e\u00edt na\u0161e specializovan\u00e9 SCADA a IoT bezpe\u010dnostn\u00ed audity, kter\u00e9 dok\u00e1\u017e\u00ed odhalit zranitelnosti ve va\u0161em hardwaru \u010di v pr\u016fmyslov\u00e9 infrastruktu\u0159e. Tyto zranitelnosti mohou m\u00edt v p\u0159\u00edpad\u011b zneu\u017eit\u00ed \u010dasto fat\u00e1ln\u00ed d\u016fsledky – nap\u0159\u00edklad selh\u00e1n\u00ed v\u00fdrobn\u00ed linky, gener\u00e1toru, znefunk\u010dn\u011bn\u00ed kardio stimul\u00e1toru atd.<\/span><\/p>\n

V na\u0161\u00ed firm\u011b m\u00e1me zku\u0161enost\u00ed s testov\u00e1n\u00edm bezpe\u010dnosti propriet\u00e1rn\u00edch VoIP telefon\u016f, WiFi router\u016f, palubn\u00edch jednotek do aut, mobiln\u00edmi BTS stanicemi \u010di pr\u016fmyslov\u00e9 infrastruktury.<\/span><\/p>\n

Ve druh\u00e9 \u010d\u00e1sti \u010dl\u00e1nku si vysv\u011btl\u00edme, jak\u00e9 p\u0159esn\u011b informace pot\u0159ebujeme od v\u00e1s na vytvo\u0159en\u00ed vhodn\u00e9 nab\u00eddky, podeps\u00e1n\u00ed smluv, vytvo\u0159en\u00ed testovac\u00edho prost\u0159ed\u00ed a testovac\u00edch \u00fa\u010dt\u016f a spu\u0161t\u011bn\u00ed samotn\u00e9ho testov\u00e1n\u00ed.<\/p>\n","protected":false},"excerpt":{"rendered":"

V\u0161e, co jste cht\u011bli v\u011bd\u011bt o na\u0161ich\u00a0 slu\u017eb\u00e1ch v IT bezpe\u010dnosti C\u00edlem n\u00e1sleduj\u00edc\u00edho dokumentu je na z\u00e1klad\u011b na\u0161ich 14-let\u00fdch zku\u0161enost\u00ed v oblasti etick\u00e9ho hackov\u00e1n\u00ed (proveden\u00fdch stovky penetra\u010dn\u00edch test\u016f a bezpe\u010dnostn\u00edch audit\u016f pro mno\u017estv\u00ed na\u0161ich z\u00e1kazn\u00edk\u016f) vysv\u011btlit jak si vybrat vhodn\u00fd penetra\u010dn\u00ed test nebo bezpe\u010dnostn\u00ed audit, a to tak, aby byl v souladu s va\u0161imi o\u010dek\u00e1v\u00e1n\u00edmi […]<\/p>\n","protected":false},"author":2,"featured_media":5509,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2885,12],"tags":[508,2872,2873,2874,2876,1052,510,2875],"class_list":["post-5524","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-2","category-uncategorized-cs","tag-bezpecnostne-audity-cs","tag-bezpecnostni-audity","tag-eticke-hackovani","tag-it-bezpecnostni-sluzby","tag-owasp-web-security-testing-guide-cs","tag-penetracni-testy","tag-socialne-inzinierstvo-cs","tag-socialni-inzenyrstvi"],"yoast_head":"\nP\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka I - Nethemba<\/title>\n<meta name=\"description\" content=\"V\u0161e, co jste cht\u011bli v\u011bd\u011bt o na\u0161ich slu\u017eb\u00e1ch v IT bezpe\u010dnosti. Jak\u00fd penetra\u010dn\u00ed test nebo bezpe\u010dnostn\u00ed audit pot\u0159ebuji? OWASP testy mobiln\u00fdch a webov\u00fdch aplikac\u00ed\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka I - Nethemba\" \/>\n<meta property=\"og:description\" content=\"V\u0161e, co jste cht\u011bli v\u011bd\u011bt o na\u0161ich slu\u017eb\u00e1ch v IT bezpe\u010dnosti. Jak\u00fd penetra\u010dn\u00ed test nebo bezpe\u010dnostn\u00ed audit pot\u0159ebuji? OWASP testy mobiln\u00fdch a webov\u00fdch aplikac\u00ed\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-14T18:52:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-12-29T12:00:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/owasp-web-security-testing-guide.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1101\" \/>\n\t<meta property=\"og:image:height\" content=\"586\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Pavol Lupt\u00e1k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@nethemba\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Napsal(a)\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pavol Lupt\u00e1k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minut\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-i\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-i\\\/\"},\"author\":{\"name\":\"Pavol Lupt\u00e1k\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\"},\"headline\":\"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka I\",\"datePublished\":\"2020-12-14T18:52:58+00:00\",\"dateModified\":\"2020-12-29T12:00:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-i\\\/\"},\"wordCount\":2369,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-i\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nethemba.com\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/owasp-web-security-testing-guide.png\",\"keywords\":[\"bezpe\u010dnostn\u00e9 audity\",\"BEZPE\u010cNOSTN\u00cd AUDITY\",\"etick\u00e9 hackov\u00e1n\u00ed\",\"IT BEZPE\u010cNOSTN\u00cd SLU\u017dBY\",\"OWASP web security testing guide\",\"penetra\u010dn\u00ed testy\",\"soci\u00e1lne in\u017einierstvo\",\"SOCI\u00c1LN\u00cd IN\u017dEN\u00ddRSTV\u00cd\"],\"articleSection\":[\"Blog\",\"Uncategorized @cs\"],\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-i\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-i\\\/\",\"url\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-i\\\/\",\"name\":\"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka I - Nethemba\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-i\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-i\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nethemba.com\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/owasp-web-security-testing-guide.png\",\"datePublished\":\"2020-12-14T18:52:58+00:00\",\"dateModified\":\"2020-12-29T12:00:18+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\"},\"description\":\"V\u0161e, co jste cht\u011bli v\u011bd\u011bt o na\u0161ich slu\u017eb\u00e1ch v IT bezpe\u010dnosti. Jak\u00fd penetra\u010dn\u00ed test nebo bezpe\u010dnostn\u00ed audit pot\u0159ebuji? OWASP testy mobiln\u00fdch a webov\u00fdch aplikac\u00ed\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-i\\\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-i\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-i\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nethemba.com\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/owasp-web-security-testing-guide.png\",\"contentUrl\":\"https:\\\/\\\/nethemba.com\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/owasp-web-security-testing-guide.png\",\"width\":1101,\"height\":586},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/prirucka-naseho-zakaznika-i\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/home-new-2025\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka I\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nethemba.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"cs\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\",\"name\":\"Pavol Lupt\u00e1k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"cs\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"caption\":\"Pavol Lupt\u00e1k\"},\"sameAs\":[\"https:\\\/\\\/www.nethemba.com\\\/\"],\"url\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/author\\\/nethemba-admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka I - Nethemba","description":"V\u0161e, co jste cht\u011bli v\u011bd\u011bt o na\u0161ich slu\u017eb\u00e1ch v IT bezpe\u010dnosti. Jak\u00fd penetra\u010dn\u00ed test nebo bezpe\u010dnostn\u00ed audit pot\u0159ebuji? OWASP testy mobiln\u00fdch a webov\u00fdch aplikac\u00ed","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/","og_locale":"cs_CZ","og_type":"article","og_title":"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka I - Nethemba","og_description":"V\u0161e, co jste cht\u011bli v\u011bd\u011bt o na\u0161ich slu\u017eb\u00e1ch v IT bezpe\u010dnosti. Jak\u00fd penetra\u010dn\u00ed test nebo bezpe\u010dnostn\u00ed audit pot\u0159ebuji? OWASP testy mobiln\u00fdch a webov\u00fdch aplikac\u00ed","og_url":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_published_time":"2020-12-14T18:52:58+00:00","article_modified_time":"2020-12-29T12:00:18+00:00","og_image":[{"width":1101,"height":586,"url":"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/owasp-web-security-testing-guide.png","type":"image\/png"}],"author":"Pavol Lupt\u00e1k","twitter_card":"summary_large_image","twitter_creator":"@nethemba","twitter_site":"@nethemba","twitter_misc":{"Napsal(a)":"Pavol Lupt\u00e1k","Odhadovan\u00e1 doba \u010dten\u00ed":"12 minut"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/#article","isPartOf":{"@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/"},"author":{"name":"Pavol Lupt\u00e1k","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"headline":"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka I","datePublished":"2020-12-14T18:52:58+00:00","dateModified":"2020-12-29T12:00:18+00:00","mainEntityOfPage":{"@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/"},"wordCount":2369,"commentCount":0,"image":{"@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/#primaryimage"},"thumbnailUrl":"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/owasp-web-security-testing-guide.png","keywords":["bezpe\u010dnostn\u00e9 audity","BEZPE\u010cNOSTN\u00cd AUDITY","etick\u00e9 hackov\u00e1n\u00ed","IT BEZPE\u010cNOSTN\u00cd SLU\u017dBY","OWASP web security testing guide","penetra\u010dn\u00ed testy","soci\u00e1lne in\u017einierstvo","SOCI\u00c1LN\u00cd IN\u017dEN\u00ddRSTV\u00cd"],"articleSection":["Blog","Uncategorized @cs"],"inLanguage":"cs","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/","url":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/","name":"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka I - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/#primaryimage"},"image":{"@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/#primaryimage"},"thumbnailUrl":"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/owasp-web-security-testing-guide.png","datePublished":"2020-12-14T18:52:58+00:00","dateModified":"2020-12-29T12:00:18+00:00","author":{"@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"description":"V\u0161e, co jste cht\u011bli v\u011bd\u011bt o na\u0161ich slu\u017eb\u00e1ch v IT bezpe\u010dnosti. Jak\u00fd penetra\u010dn\u00ed test nebo bezpe\u010dnostn\u00ed audit pot\u0159ebuji? OWASP testy mobiln\u00fdch a webov\u00fdch aplikac\u00ed","breadcrumb":{"@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/"]}]},{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/#primaryimage","url":"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/owasp-web-security-testing-guide.png","contentUrl":"https:\/\/nethemba.com\/wp-content\/uploads\/2020\/12\/owasp-web-security-testing-guide.png","width":1101,"height":586},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/cs\/prirucka-naseho-zakaznika-i\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/cs\/home-new-2025\/"},{"@type":"ListItem","position":2,"name":"P\u0159\u00edru\u010dka na\u0161eho z\u00e1kazn\u00edka I"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"cs"},{"@type":"Person","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234","name":"Pavol Lupt\u00e1k","image":{"@type":"ImageObject","inLanguage":"cs","@id":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","caption":"Pavol Lupt\u00e1k"},"sameAs":["https:\/\/www.nethemba.com\/"],"url":"https:\/\/nethemba.com\/cs\/author\/nethemba-admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts\/5524","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/comments?post=5524"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/posts\/5524\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/media\/5509"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/media?parent=5524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/categories?post=5524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/tags?post=5524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}