
Уровни критичности уязвимостей
Узнать больше14.12.2024
Array ( [bSimple] => N [bAdmin] => N [arForm] => Array ( [ID] => 7 [TIMESTAMP_X] => 14.12.2022 12:26:48 [NAME] => Форма на странице appScreener [SID] => SIMPLE_FORM_7 [BUTTON] => Сохранить [C_SORT] => 300 [FIRST_SITE_ID] => [IMAGE_ID] => [USE_CAPTCHA] => N [DESCRIPTION] => [DESCRIPTION_TYPE] => text [FORM_TEMPLATE] => [USE_DEFAULT_TEMPLATE] => Y [SHOW_TEMPLATE] => [MAIL_EVENT_TYPE] => FORM_FILLING_SIMPLE_FORM_7 [SHOW_RESULT_TEMPLATE] => [PRINT_RESULT_TEMPLATE] => [EDIT_RESULT_TEMPLATE] => [FILTER_RESULT_TEMPLATE] => [TABLE_RESULT_TEMPLATE] => [USE_RESTRICTIONS] => N [RESTRICT_USER] => 0 [RESTRICT_TIME] => 0 [RESTRICT_STATUS] => [STAT_EVENT1] => form7 [STAT_EVENT2] => feedback7 [STAT_EVENT3] => [LID] => [VARNAME] => SIMPLE_FORM_7 [C_FIELDS] => 0 [QUESTIONS] => 18 [STATUSES] => 1 ) [arQuestions] => Array ( [fio] => Array ( [ID] => 38 [FORM_ID] => 7 [TIMESTAMP_X] => 18.12.2023 15:02:02 [ACTIVE] => Y [TITLE] => ФИО [TITLE_TYPE] => text [SID] => fio [C_SORT] => 100 [ADDITIONAL] => N [REQUIRED] => Y [IN_FILTER] => Y [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => ФИО [RESULTS_TABLE_TITLE] => ФИО [VARNAME] => fio ) [phone] => Array ( [ID] => 39 [FORM_ID] => 7 [TIMESTAMP_X] => 18.12.2023 15:02:11 [ACTIVE] => Y [TITLE] => Телефон [TITLE_TYPE] => text [SID] => phone [C_SORT] => 200 [ADDITIONAL] => N [REQUIRED] => Y [IN_FILTER] => Y [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => Телефон [RESULTS_TABLE_TITLE] => Телефон [VARNAME] => phone ) [email] => Array ( [ID] => 40 [FORM_ID] => 7 [TIMESTAMP_X] => 18.12.2023 15:02:25 [ACTIVE] => Y [TITLE] => E-mail [TITLE_TYPE] => text [SID] => email [C_SORT] => 300 [ADDITIONAL] => N [REQUIRED] => Y [IN_FILTER] => Y [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => E-mail [RESULTS_TABLE_TITLE] => E-mail [VARNAME] => email ) [SIMPLE_QUESTION_351] => Array ( [ID] => 41 [FORM_ID] => 7 [TIMESTAMP_X] => 24.05.2018 10:11:02 [ACTIVE] => Y [TITLE] => Компания [TITLE_TYPE] => text [SID] => SIMPLE_QUESTION_351 [C_SORT] => 400 [ADDITIONAL] => N [REQUIRED] => N [IN_FILTER] => Y [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => text [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => Компания [RESULTS_TABLE_TITLE] => Компания [VARNAME] => SIMPLE_QUESTION_351 ) [SIMPLE_QUESTION_433] => Array ( [ID] => 42 [FORM_ID] => 7 [TIMESTAMP_X] => 24.05.2018 10:11:02 [ACTIVE] => Y [TITLE] => Комментарий [TITLE_TYPE] => text [SID] => SIMPLE_QUESTION_433 [C_SORT] => 500 [ADDITIONAL] => N [REQUIRED] => N [IN_FILTER] => Y [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => text [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => Комментарий [RESULTS_TABLE_TITLE] => Комментарий [VARNAME] => SIMPLE_QUESTION_433 ) [product] => Array ( [ID] => 43 [FORM_ID] => 7 [TIMESTAMP_X] => 18.12.2023 15:02:48 [ACTIVE] => Y [TITLE] => Продукт [TITLE_TYPE] => text [SID] => product [C_SORT] => 600 [ADDITIONAL] => N [REQUIRED] => N [IN_FILTER] => Y [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => Продукт [RESULTS_TABLE_TITLE] => Продукт [VARNAME] => product ) [utm_source] => Array ( [ID] => 182 [FORM_ID] => 7 [TIMESTAMP_X] => 18.12.2023 15:03:11 [ACTIVE] => Y [TITLE] => utm_source [TITLE_TYPE] => text [SID] => utm_source [C_SORT] => 700 [ADDITIONAL] => N [REQUIRED] => N [IN_FILTER] => Y [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => utm_source [RESULTS_TABLE_TITLE] => utm_source [VARNAME] => utm_source ) [utm_medium] => Array ( [ID] => 183 [FORM_ID] => 7 [TIMESTAMP_X] => 18.12.2023 15:03:20 [ACTIVE] => Y [TITLE] => utm_medium [TITLE_TYPE] => text [SID] => utm_medium [C_SORT] => 800 [ADDITIONAL] => N [REQUIRED] => N [IN_FILTER] => Y [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => utm_medium [RESULTS_TABLE_TITLE] => utm_medium [VARNAME] => utm_medium ) [utm_campaign] => Array ( [ID] => 184 [FORM_ID] => 7 [TIMESTAMP_X] => 18.12.2023 15:03:29 [ACTIVE] => Y [TITLE] => utm_campaign [TITLE_TYPE] => text [SID] => utm_campaign [C_SORT] => 900 [ADDITIONAL] => N [REQUIRED] => N [IN_FILTER] => Y [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => utm_campaign [RESULTS_TABLE_TITLE] => utm_campaign [VARNAME] => utm_campaign ) [utm_term] => Array ( [ID] => 185 [FORM_ID] => 7 [TIMESTAMP_X] => 18.12.2023 15:03:39 [ACTIVE] => Y [TITLE] => utm_term [TITLE_TYPE] => text [SID] => utm_term [C_SORT] => 1000 [ADDITIONAL] => N [REQUIRED] => N [IN_FILTER] => Y [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => utm_term [RESULTS_TABLE_TITLE] => utm_term [VARNAME] => utm_term ) [first_in] => Array ( [ID] => 186 [FORM_ID] => 7 [TIMESTAMP_X] => 18.12.2023 15:03:49 [ACTIVE] => Y [TITLE] => Первый заход [TITLE_TYPE] => text [SID] => first_in [C_SORT] => 1100 [ADDITIONAL] => N [REQUIRED] => N [IN_FILTER] => Y [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => Первый заход [RESULTS_TABLE_TITLE] => Первый заход [VARNAME] => first_in ) [url] => Array ( [ID] => 508 [FORM_ID] => 7 [TIMESTAMP_X] => 18.05.2022 17:04:15 [ACTIVE] => Y [TITLE] => url [TITLE_TYPE] => text [SID] => url [C_SORT] => 1200 [ADDITIONAL] => N [REQUIRED] => N [IN_FILTER] => N [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => [RESULTS_TABLE_TITLE] => [VARNAME] => url ) [clientidga] => Array ( [ID] => 509 [FORM_ID] => 7 [TIMESTAMP_X] => 18.05.2022 17:04:27 [ACTIVE] => Y [TITLE] => clientidga [TITLE_TYPE] => text [SID] => clientidga [C_SORT] => 1300 [ADDITIONAL] => N [REQUIRED] => N [IN_FILTER] => N [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => [RESULTS_TABLE_TITLE] => [VARNAME] => clientidga ) [clientidym] => Array ( [ID] => 510 [FORM_ID] => 7 [TIMESTAMP_X] => 18.05.2022 17:04:42 [ACTIVE] => Y [TITLE] => clientidym [TITLE_TYPE] => text [SID] => clientidym [C_SORT] => 1400 [ADDITIONAL] => N [REQUIRED] => N [IN_FILTER] => N [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => [RESULTS_TABLE_TITLE] => [VARNAME] => clientidym ) [gacounterid] => Array ( [ID] => 511 [FORM_ID] => 7 [TIMESTAMP_X] => 18.05.2022 17:05:01 [ACTIVE] => Y [TITLE] => gacounterid [TITLE_TYPE] => text [SID] => gacounterid [C_SORT] => 1500 [ADDITIONAL] => N [REQUIRED] => N [IN_FILTER] => N [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => [RESULTS_TABLE_TITLE] => [VARNAME] => gacounterid ) [ymcounterid] => Array ( [ID] => 512 [FORM_ID] => 7 [TIMESTAMP_X] => 18.05.2022 17:05:14 [ACTIVE] => Y [TITLE] => ymcounterid [TITLE_TYPE] => text [SID] => ymcounterid [C_SORT] => 1600 [ADDITIONAL] => N [REQUIRED] => N [IN_FILTER] => N [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => [RESULTS_TABLE_TITLE] => [VARNAME] => ymcounterid ) [marketing] => Array ( [ID] => 855 [FORM_ID] => 7 [TIMESTAMP_X] => 08.12.2022 11:44:27 [ACTIVE] => Y [TITLE] => Согласие на получение последних новостей компании, сообщений рекламного и информационного характера [TITLE_TYPE] => text [SID] => marketing [C_SORT] => 1700 [ADDITIONAL] => N [REQUIRED] => N [IN_FILTER] => N [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => [RESULTS_TABLE_TITLE] => [VARNAME] => marketing ) [policy] => Array ( [ID] => 1427 [FORM_ID] => 7 [TIMESTAMP_X] => 05.06.2024 13:16:02 [ACTIVE] => Y [TITLE] => Cогласие на обработку своих данных согласно политике обработки персональных данных. [TITLE_TYPE] => text [SID] => policy [C_SORT] => 1800 [ADDITIONAL] => N [REQUIRED] => Y [IN_FILTER] => N [IN_RESULTS_TABLE] => Y [IN_EXCEL_TABLE] => Y [FIELD_TYPE] => [IMAGE_ID] => [COMMENTS] => [FILTER_TITLE] => [RESULTS_TABLE_TITLE] => Cогласие на обработку своих данных согласно политике обработки персональных данных. [VARNAME] => policy ) ) [arAnswers] => Array ( [fio] => Array ( [0] => Array ( [ID] => 38 [FIELD_ID] => 38 [QUESTION_ID] => 38 [TIMESTAMP_X] => 18.12.2023 15:02:02 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [phone] => Array ( [0] => Array ( [ID] => 39 [FIELD_ID] => 39 [QUESTION_ID] => 39 [TIMESTAMP_X] => 18.12.2023 15:02:11 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [email] => Array ( [0] => Array ( [ID] => 40 [FIELD_ID] => 40 [QUESTION_ID] => 40 [TIMESTAMP_X] => 18.12.2023 15:02:25 [MESSAGE] => [VALUE] => [FIELD_TYPE] => email [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [SIMPLE_QUESTION_351] => Array ( [0] => Array ( [ID] => 41 [FIELD_ID] => 41 [QUESTION_ID] => 41 [TIMESTAMP_X] => 24.05.2018 10:11:02 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [SIMPLE_QUESTION_433] => Array ( [0] => Array ( [ID] => 42 [FIELD_ID] => 42 [QUESTION_ID] => 42 [TIMESTAMP_X] => 24.05.2018 10:11:02 [MESSAGE] => [VALUE] => [FIELD_TYPE] => textarea [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [product] => Array ( [0] => Array ( [ID] => 43 [FIELD_ID] => 43 [QUESTION_ID] => 43 [TIMESTAMP_X] => 18.12.2023 15:02:48 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [utm_source] => Array ( [0] => Array ( [ID] => 267 [FIELD_ID] => 182 [QUESTION_ID] => 182 [TIMESTAMP_X] => 18.12.2023 15:03:11 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [utm_medium] => Array ( [0] => Array ( [ID] => 268 [FIELD_ID] => 183 [QUESTION_ID] => 183 [TIMESTAMP_X] => 18.12.2023 15:03:20 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [utm_campaign] => Array ( [0] => Array ( [ID] => 269 [FIELD_ID] => 184 [QUESTION_ID] => 184 [TIMESTAMP_X] => 18.12.2023 15:03:29 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [utm_term] => Array ( [0] => Array ( [ID] => 270 [FIELD_ID] => 185 [QUESTION_ID] => 185 [TIMESTAMP_X] => 18.12.2023 15:03:39 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [first_in] => Array ( [0] => Array ( [ID] => 271 [FIELD_ID] => 186 [QUESTION_ID] => 186 [TIMESTAMP_X] => 18.12.2023 15:03:49 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [url] => Array ( [0] => Array ( [ID] => 1020 [FIELD_ID] => 508 [QUESTION_ID] => 508 [TIMESTAMP_X] => 18.05.2022 17:04:15 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 100 [ACTIVE] => Y ) ) [clientidga] => Array ( [0] => Array ( [ID] => 1021 [FIELD_ID] => 509 [QUESTION_ID] => 509 [TIMESTAMP_X] => 18.05.2022 17:04:27 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 100 [ACTIVE] => Y ) ) [clientidym] => Array ( [0] => Array ( [ID] => 1022 [FIELD_ID] => 510 [QUESTION_ID] => 510 [TIMESTAMP_X] => 18.05.2022 17:04:42 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 100 [ACTIVE] => Y ) ) [gacounterid] => Array ( [0] => Array ( [ID] => 1023 [FIELD_ID] => 511 [QUESTION_ID] => 511 [TIMESTAMP_X] => 18.05.2022 17:05:01 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 100 [ACTIVE] => Y ) ) [ymcounterid] => Array ( [0] => Array ( [ID] => 1024 [FIELD_ID] => 512 [QUESTION_ID] => 512 [TIMESTAMP_X] => 18.05.2022 17:05:14 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 100 [ACTIVE] => Y ) ) [marketing] => Array ( [0] => Array ( [ID] => 1647 [FIELD_ID] => 855 [QUESTION_ID] => 855 [TIMESTAMP_X] => 08.12.2022 11:44:27 [MESSAGE] => Согласие на получение последних новостей компании, сообщений рекламного и информационного характера [VALUE] => [FIELD_TYPE] => checkbox [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 100 [ACTIVE] => Y ) ) [policy] => Array ( [0] => Array ( [ID] => 2234 [FIELD_ID] => 1427 [QUESTION_ID] => 1427 [TIMESTAMP_X] => 05.06.2024 13:16:02 [MESSAGE] => Да [VALUE] => Y [FIELD_TYPE] => checkbox [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 100 [ACTIVE] => Y ) ) ) [arDropDown] => Array ( ) [arMultiSelect] => Array ( ) [WEB_FORM_NAME] => SIMPLE_FORM_7 [F_RIGHT] => 10 [FORM_NOTE] => [isFormNote] => N [arrVALUES] => Array ( ) [isFormErrors] => N [isAccessFormParams] => N [isStatisticIncluded] => Y [FORM_HEADER] =>[QUESTIONS] => Array ( [fio] => Array ( [CAPTION] => ФИО [IS_HTML_CAPTION] => N [REQUIRED] => Y [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 38 [FIELD_ID] => 38 [QUESTION_ID] => 38 [TIMESTAMP_X] => 18.12.2023 15:02:02 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [VALUE] => ) [phone] => Array ( [CAPTION] => Телефон [IS_HTML_CAPTION] => N [REQUIRED] => Y [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 39 [FIELD_ID] => 39 [QUESTION_ID] => 39 [TIMESTAMP_X] => 18.12.2023 15:02:11 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [VALUE] => ) [email] => Array ( [CAPTION] => E-mail [IS_HTML_CAPTION] => N [REQUIRED] => Y [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 40 [FIELD_ID] => 40 [QUESTION_ID] => 40 [TIMESTAMP_X] => 18.12.2023 15:02:25 [MESSAGE] => [VALUE] => [FIELD_TYPE] => email [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [VALUE] => ) [SIMPLE_QUESTION_351] => Array ( [CAPTION] => Компания [IS_HTML_CAPTION] => N [REQUIRED] => N [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 41 [FIELD_ID] => 41 [QUESTION_ID] => 41 [TIMESTAMP_X] => 24.05.2018 10:11:02 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [VALUE] => ) [SIMPLE_QUESTION_433] => Array ( [CAPTION] => Комментарий [IS_HTML_CAPTION] => N [REQUIRED] => N [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 42 [FIELD_ID] => 42 [QUESTION_ID] => 42 [TIMESTAMP_X] => 24.05.2018 10:11:02 [MESSAGE] => [VALUE] => [FIELD_TYPE] => textarea [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [VALUE] => ) [product] => Array ( [CAPTION] => Продукт [IS_HTML_CAPTION] => N [REQUIRED] => N [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 43 [FIELD_ID] => 43 [QUESTION_ID] => 43 [TIMESTAMP_X] => 18.12.2023 15:02:48 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [VALUE] => ) [utm_source] => Array ( [CAPTION] => utm_source [IS_HTML_CAPTION] => N [REQUIRED] => N [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 267 [FIELD_ID] => 182 [QUESTION_ID] => 182 [TIMESTAMP_X] => 18.12.2023 15:03:11 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [VALUE] => ) [utm_medium] => Array ( [CAPTION] => utm_medium [IS_HTML_CAPTION] => N [REQUIRED] => N [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 268 [FIELD_ID] => 183 [QUESTION_ID] => 183 [TIMESTAMP_X] => 18.12.2023 15:03:20 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [VALUE] => ) [utm_campaign] => Array ( [CAPTION] => utm_campaign [IS_HTML_CAPTION] => N [REQUIRED] => N [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 269 [FIELD_ID] => 184 [QUESTION_ID] => 184 [TIMESTAMP_X] => 18.12.2023 15:03:29 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [VALUE] => ) [utm_term] => Array ( [CAPTION] => utm_term [IS_HTML_CAPTION] => N [REQUIRED] => N [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 270 [FIELD_ID] => 185 [QUESTION_ID] => 185 [TIMESTAMP_X] => 18.12.2023 15:03:39 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [VALUE] => ) [first_in] => Array ( [CAPTION] => Первый заход [IS_HTML_CAPTION] => N [REQUIRED] => N [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 271 [FIELD_ID] => 186 [QUESTION_ID] => 186 [TIMESTAMP_X] => 18.12.2023 15:03:49 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 0 [ACTIVE] => Y ) ) [VALUE] => ) [url] => Array ( [CAPTION] => url [IS_HTML_CAPTION] => N [REQUIRED] => N [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 1020 [FIELD_ID] => 508 [QUESTION_ID] => 508 [TIMESTAMP_X] => 18.05.2022 17:04:15 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 100 [ACTIVE] => Y ) ) [VALUE] => ) [clientidga] => Array ( [CAPTION] => clientidga [IS_HTML_CAPTION] => N [REQUIRED] => N [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 1021 [FIELD_ID] => 509 [QUESTION_ID] => 509 [TIMESTAMP_X] => 18.05.2022 17:04:27 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 100 [ACTIVE] => Y ) ) [VALUE] => ) [clientidym] => Array ( [CAPTION] => clientidym [IS_HTML_CAPTION] => N [REQUIRED] => N [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 1022 [FIELD_ID] => 510 [QUESTION_ID] => 510 [TIMESTAMP_X] => 18.05.2022 17:04:42 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 100 [ACTIVE] => Y ) ) [VALUE] => ) [gacounterid] => Array ( [CAPTION] => gacounterid [IS_HTML_CAPTION] => N [REQUIRED] => N [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 1023 [FIELD_ID] => 511 [QUESTION_ID] => 511 [TIMESTAMP_X] => 18.05.2022 17:05:01 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 100 [ACTIVE] => Y ) ) [VALUE] => ) [ymcounterid] => Array ( [CAPTION] => ymcounterid [IS_HTML_CAPTION] => N [REQUIRED] => N [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 1024 [FIELD_ID] => 512 [QUESTION_ID] => 512 [TIMESTAMP_X] => 18.05.2022 17:05:14 [MESSAGE] => [VALUE] => [FIELD_TYPE] => text [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 100 [ACTIVE] => Y ) ) [VALUE] => ) [marketing] => Array ( [CAPTION] => Согласие на получение последних новостей компании, сообщений рекламного и информационного характера [IS_HTML_CAPTION] => N [REQUIRED] => N [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 1647 [FIELD_ID] => 855 [QUESTION_ID] => 855 [TIMESTAMP_X] => 08.12.2022 11:44:27 [MESSAGE] => Согласие на получение последних новостей компании, сообщений рекламного и информационного характера [VALUE] => [FIELD_TYPE] => checkbox [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 100 [ACTIVE] => Y ) ) [VALUE] => ) [policy] => Array ( [CAPTION] => Cогласие на обработку своих данных согласно политике обработки персональных данных. [IS_HTML_CAPTION] => N [REQUIRED] => Y [IS_INPUT_CAPTION_IMAGE] => N [HTML_CODE] => [STRUCTURE] => Array ( [0] => Array ( [ID] => 2234 [FIELD_ID] => 1427 [QUESTION_ID] => 1427 [TIMESTAMP_X] => 05.06.2024 13:16:02 [MESSAGE] => Да [VALUE] => Y [FIELD_TYPE] => checkbox [FIELD_WIDTH] => 0 [FIELD_HEIGHT] => 0 [FIELD_PARAM] => [C_SORT] => 100 [ACTIVE] => Y ) ) [VALUE] => ) ) [SUBMIT_BUTTON] => [APPLY_BUTTON] => [RESET_BUTTON] => [REQUIRED_STAR] => * [CAPTCHA_IMAGE] =>
Python – востребованный язык программирования, на котором создано множество приложений. Ввиду широкой популярности продуктов на базе Python их количество огромно. Несмотря на удобство использования языка, хорошую интерпретацию, достаточный функционал и собственную концепцию программирования безопасность Python требует тщательного подхода и проведения серии тестов как на стадии разработки, так и готовых приложений. Для этого используются различные инструменты статического, динамического анализа, сервисы проверки приложений на безопасность.
Как защитить Python-приложения от вредоносных скриптов?
Защита Python-приложений базируется на трех принципах:
Все записи в sys.path должны направлять только на надежный и проверенный источник, где программный код выполняется без рисков.
Место расположения основного скрипта прописано в sys.path.
Инициирование команды python в текущем каталоге тождественно. местонахождению основного скрипта несмотря на присутствие параметров -c или -m.
Из этих принципов безопасности Python вытекает, что для того, чтобы защититься от вредоносных скриптов необходимо:
Размещать исходный код исключительно в проверенных и надежных местах.
Избегать использования любых скриптов, если они располагаются в папке Downloads, т.к. это чревато подменой исполняемых файлов.
Дыры безопасности Python
Инъекции. Одна из самых распространенных проблем безопасности, которая связана с несанкционированным доступом злоумышленников к БД через пользовательский ввод. В ходе атаки на приложение происходит исполнение команд в операционной системе сервера благодаря замене и некорректной обработке вводных данных. Как следствие киберпреступники получают доступ к БД.
Парсинг XML. Проблема возникает при внедрении киберпреступником в XML‑документы внешних сущностей, что приводит к их вынужденной обработке и выполнению на сервере. Провоцирует DoS-атаки или SSRF, направленные преимущественно на подрыв стабильности системы. Также делает доступным чтение, кражу файлов сервере.
Переполненный site-packages. Речь идет про переполнение директории импорта различными пакетами. Появление сторонних пакетов уже само по себе чревато множеством проблем безопасности ввиду рисков выполнения произвольного кода. Скопление пакетов и переполненность site-packages способны стать причиной переопределения всего поведения приложения и многократного усиления его уязвимостей.
Временные файлы. При генерации временных файлов присутствует вероятность подмены истинного файла подложным, особенно в случае использования функции mktemp(). Как следствие возникает загрузка не тех данных или становятся видны другие временные файлы, которые могут быть использованы злоумышленниками.
Помимо описанных проблем в безопасности Python не исключены временные атаки, десериализация данных через pickle, вторжение через YAML-файлы, использование уязвимостей старых версий Python и устаревших библиотек.
Уязвимости Python: типичные проблемы и риски
Проблемы безопасности в приложениях, созданных на Python во многом сосредоточены вокруг одних и тех же моментов, касающихся разработки или функционирования ПО. В качестве наиболее уязвимых мест Python выступают:
Исходный код приложения. Он может быть работоспособным, но включать массу недоработок, ошибок, что делает его использование опасным занятием и рано или поздно приведет к угрозам информационной безопасности.
Аутентификация. Слабо настроенная система аутентификации может быть сломана путем множественного обращения запросов или генерацией поточных паролей. Наиболее это актуально в тех случаях, когда отсутствуют ограничения на число попыток аутентификации или количество обращенных запросов к приложению на единицу времени.
Вводные данные. Отсутствие контроля и фильтрации вводных данных поступающих к приложению чревато выполнением управляющих конструкций и команд, которые внедряют злоумышленники посредством XSS, SQL-инъекций.
Контролируя эти уязвимости Python возможно кардинально улучшить ситуацию с безопасностью и предотвратить множество ИБ.
Solar appScreener и OWASP ZAP для обнаружения проблем безопасности Python
Для проверки безопасности Python-приложений все чаще используется комплекс решений, сочетающих методы статического и динамического анализа. Например, проверенным тандемом для проверки безопасности ПО считается использование OWASP ZAP и Solar appScreener. Первый инструмент является сканером безопасности с открытым кодом, а второй функциональным анализатором, сочетающим SAST и DAST подходы к тестированию ПО. С помощью OWASP ZAP можно проверить ПО на разные виды проникновения, запустить активное и пассивное сканирование на угрозы, получить отчет и список предупреждений. Solar appScreener поможет найти уязвимости Python связанные с присутствием старых версий ПО, небезопасных конструкций вроде init() или assert. Помимо этого, анализатор находит публичные ошибки, которые негативно сказываются на безопасности ПО вроде значения true для debug при работе Django. Также Solar appScreener обнаруживает пакеты содержащие вредоносный код в модулях. В ходе статического анализа проверке подвергаются помимо самого приложения также его компоненты. Благодаря динамическому анализу становится возможным выявить различного рода проникновения в Python-приложения.
OWASP ZAP располагает открытым API, поэтому беспроблемно интегрируется с Solar appScreener, повышает тем самым удобство тестирования, сокращает время формирования и коррекции задач, позволяет полностью контролировать тестирование, полно и своевременно получать его результаты и рекомендации.
Защита Python-приложений требует внимания как к исходному коду, так и к функционалу, поведению ПО. Комплексное и широкое тестирование уязвимостей, ошибок, НДВ приложений поможет убедиться в отсутствии критических проблем в безопасности, получить полезные рекомендации по устранению недостатков ПО.
ДРУГИЕ СТАТЬИ ПРОДУКТА
Еще больше о наших возможностях
Уровни критичности уязвимостей
Узнать большеSBOM (Software Bill of Materials)
Узнать большеApplication Security (AppSec): комплексная безопасность разработки приложений
Узнать большеБезопасность банковских приложений
Узнать большеТребования к безопасности ПО
Узнать большеPython проверка кода на безопасность
Узнать большеDLL проверка файлов на безопасность
Узнать большеPHP Проверка кода на безопасность
Узнать большеИнтеграция с JIRA
Узнать большеКонтроль недекларированных возможностей
Узнать большеСамые важные новости кибербезопасности у вас в почте
Выберите темы, на которые бы вам было интересно получать новости.
Спасибо, что подписались на нашу рассылку
Для получения бесплатной консультации заполните форму ниже и отправьте заявку. Наш менеджер свяжется с вами в ближайшее время.