应用程序安全检测包(预览版)Application security detection pack (preview)

Application Insights 会自动分析应用程序生成的遥测数据并检测潜在的安全问题。Application Insights automatically analyzes the telemetry generated by your application and detects potential security issues. 此功能使得你能够识别潜在的安全问题,并通过修复应用程序或采取必要的安全措施来处理这些问题。This capability enables you to identify potential security problems, and handle them by fixing the application or by taking the necessary security measures.

除了配置应用来发送遥测数据之外,此功能不要求进行特殊设置。This feature requires no special setup, other than configuring your app to send telemetry.

我何时会收到此类型的智能检测通知?When would I get this type of smart detection notification?

检测到的安全问题分三种类型:There are three types of security issues that are detected:

  1. 不安全的 URL 访问:正在同时通过 HTTP 和 HTTPS 访问应用程序中的 URL。Insecure URL access: a URL in the application is being accessed via both HTTP and HTTPS. 通常情况下,接受 HTTPS 请求的 URL 不应当接受 HTTP 请求。Typically, a URL that accepts HTTPS requests should not accept HTTP requests. 这可能表明应用程序中存在 bug 或安全问题。This may indicate a bug or security issue in your application.
  2. 不安全的窗体:应用程序中的窗体(或其他“POST”请求)使用了 HTTP 而非 HTTPS。Insecure form: a form (or other "POST" request) in the application uses HTTP instead of HTTPS. 使用 HTTP 可能会危害窗体发送的用户数据的安全。Using HTTP can compromise the user data that is sent by the form.
  3. 可疑用户活动:同一用户大约在同一时间在从多个国家/地区访问应用程序。Suspicious user activity: the application is being accessed from multiple countries/regions by the same user at approximately the same time. 例如,同一用户在同一小时内从中国和美国访问了应用程序。For example, the same user accessed the application from China and the United States within the same hour. 此检测表明可能有人试图恶意访问你的应用程序。This detection indicates a potentially malicious access attempt to your application.

我的应用是否一定有安全问题?Does my app definitely have a security issue?

否,收到通知并不意味着你的应用一定有问题。No, a notification doesn't mean that your app definitely has a security issue. 在许多情况下,检测到以上任一状况可能意味着存在安全问题。A detection of any of the scenarios above can, in many cases, indicate a security issue. 但是,检测可能有正常的业务理由并且可以忽略。However, the detection may have a natural business justification, and can be ignored.

如何修复“不安全的 URL 访问”检测?How do I fix the "Insecure URL access" detection?

  1. 会审。Triage. 该通知提供访问了不安全 URL 的用户数,以及受不安全访问影响最大的 URL。The notification provides the number of users who accessed insecure URLs, and the URL that was most affected by insecure access. 这可以帮助你对问题分配优先级。This can help you assign a priority to the problem.
  2. 划分范围。Scope. 访问了不安全 URL 的用户所占百分比是多少?What percentage of the users accessed insecure URLs? 受影响的 URL 有多少?How many URLs were affected? 可以从通知中获取此信息。This information can be obtained from the notification.
  3. 诊断。Diagnose. 该检测提供不安全请求的列表,以及受影响的 URL 和用户的列表,以帮助你进一步诊断问题。The detection provides the list of insecure requests, and the lists of URLs and users that were affected, to help you further diagnose the issue.

如何修复“不安全的窗体”检测?How do I fix the "Insecure form" detection?

  1. 会审。Triage. 该通知提供不安全窗体的数量,以及其数据可能已受危害的用户数。The notification provides the number of insecure forms and number of users whose data was potentially compromised. 这可以帮助你对问题分配优先级。This can help you assign a priority to the problem.
  2. 划分范围。Scope. 哪个窗体涉及的不安全传输数量最多?从时间方面来看,不安全传输是如何分布的?Which form was involved in the largest number of insecure transmissions, and what is the distribution of insecure transmissions over time? 可以从通知中获取此信息。This information can be obtained from the notification.
  3. 诊断。Diagnose. 该检测提供不安全窗体的列表以及每个窗体的不安全传输数量,以帮助你进一步诊断问题。The detection provides the list of insecure forms and a breakdown of the number of insecure transmissions for each form, to help you further diagnose the issue.

如何修复“可疑用户活动”检测?How do I fix the "Suspicious user activity" detection?

  1. 会审。Triage. 该通知提供表现出可疑行为的不同用户的数量。The notification provides the number of different users that exhibited the suspicious behavior. 这可以帮助你对问题分配优先级。This can help you assign a priority to the problem.
  2. 划分范围。Scope. 可疑请求是从哪些国家/地区发起的?From which countries/regions did the suspicious requests originate? 哪个用户最为可疑?Which user was the most suspicious? 可以从通知中获取此信息。This information can be obtained from the notification.
  3. 诊断。Diagnose. 该检测提供可疑用户的列表以及每个用户的国家/地区列表,以帮助你进一步诊断问题。The detection provides the list of suspicious users and the list of countries/regions for each user, to help you further diagnose the issue.