Back to Question Center
0

Izifundo ezintathu Zokuphepha Ze-Web Application To Keep In Mind. Uchwepheshe We-Semalt Uyazi Indlela Yokugwema Ukuba Uhlukunyezwa Ngezigebengu Zase-Cyber

1 answers:

Ngo-2015, i-Ponemon Institute yashicilele okutholakele ekutadisheni "Izindleko zoCyber ​​Crime",ababeziphethe. Akuzange kusimangaze ukuthi izindleko zobugebengu be-intanethi zanda. Kodwa-ke, lezi zibalo zazizulazula.Imiklamo ye-Cybersecurity Ventures (global conglomerate) ukuthi le ndleko izoshaya $ 6 trillion ngonyaka. Ngokwesilinganiso, kuthatha inhlanganoIzinsuku ezingu-31 zokubuyisela emuva ngemuva kobulelesi obuphathelene ne-cyber ngezindleko zokulungiswa cishe ngama-dollar ayi-639 500.

Bewazi ukuthi ukuphika kwenkonzo (ukuhlaselwa kwe-DDOS), ukwephulwa kwe-web kanye nobubiAmaphesenti angu-55 azo zonke izindleko zobugebengu be-cyber? Lokhu akugcini nje ukufaka ingozi kumininingwane yakho kodwa futhi kungakwenza ukwazi ukulahlekelwa imali.

uFrank Abagnale, iMenenja yokuPhumelela kweKhasimende i-Semalt Amasevisi weDivaysi, okuhlinzekwa ukucubungula amacala amathathu alandelayo okwephulwa okwenziwa ngo-2016.

Icala lokuqala: UMosack-Fonseca (AmaPanama ePanama)

Ihlazo likaPanama Papers lahlehla ekukhanyeni ngo-2015, kodwa ngenxa yalokhoizigidi zezincwadi okufanele zihlanjululwe ngazo, kwavuthwa ngo-2016. Ukuvuza kwembulwe ukuthi abezombangazwe, abomabhizinisi abacebile,abadumile kanye ne-creme de la creme yomphakathi bagcina imali yabo kuma-akhawunti ase-offshore. Ngokuvamile, lokhu kwakunomthunzi futhi kwawela ukuziphathaumugqa. Nakuba uMosack-Fonseca kwakuyinhlangano ekhethekile ekusithekeni, isu laso lokuphepha kolwazi lalingekho.Okokuqala, i-plugin ye-WordPress yeslayidi ye-slide ayisebenzisile yayiphelelwe yisikhathi. Okwesibili, basebenzisa uDrupal oneminyaka engu-3 ubudala ngokukhubazeka okuwaziwayo.Okumangalisa ukuthi abaphathi benhlangano abazange baphathe le nkinga.

Izifundo:

  • > njalo qinisekisa ukuthi amapulatifomu akho e-CMS, ama-plugin kanye nama-themes avuselelwe njalo..
  • > uhlale uvuselelwe nezinsongo zokuvikela ze-CMS zakamuva. I-Joomla, i-Drupal, i-WordPress nezinyeizinsizakalo zinolwazi lwalokhu.
  • > ukuskena zonke ama-plugin ngaphambi kokuthi usebenzise futhi usebenze

Icala lesibili: Isithombe sephrofayela ye-PayPal

UFlooran Courtial (injini yesofthiwe yesiFulentshi) wathola i-CSRF (ukuguqulwa kwesicelo se-cross site)ubungozi kusayithi elisha le-PayPal, i-PayPal.me. I-giant enkulu yenkokhelo yokukhokha inthanethi ivule i-PayPal.me ukuze ihlinzekele izinkokhelo ezisheshayo. Nokho,I-PayPal.me ingasetshenziswa. U-Florian wakwazi ukuhlela ngisho nokususa ithokheni ye-CSRF ngokubuyekeza isithombe sephrofayela yomsebenzisi. Njengalokhokwaba, noma ubani angazenza omunye umuntu ngokuthola isithombe sakhe ku-inthanethi njengesibonelo kusuka ku-Facebook.

Izifundo:

  • > uthola amathokheni ahlukile we-CSRF kubasebenzisi - lokhu kufanele kube okuyingqayizivele futhi ushintshe noma nini lapho umsebenzisi engena khona.
  • > ithokheni ngesicelo ngasinye - ngaphandle kwephuzu elingenhla, la mahokheni kufanele atholakale futhiuma umsebenzisi ebacela. Inikeza ukuvikeleka okwengeziwe.
  • > ukuphuma kwesikhathi - kunciphisa ukukhubazeka uma i-akhawunti ihlala ingasebenzi isikhathi esithile.

Icala lesithathu: UMnyango Wezangaphandle WaseRussia Ubhekana Nokuqokwa Kwama-XSS

Nakuba ukuhlaselwa kwewebhu okuningi kuhloswe ukulimaza inzuzo yenhlangano, idumela,kanye nomgwaqo, ezinye zenzelwe ukuhlazeka. I-Case in iphuzu, inhlekelele engakaze kwenzeke eRussia. Yilokho okwenzekile: i-hacker yaseMelika(ogama lakhe linguJester) wasebenzisa inselele yesiphambano samasayithi (XSS) ayibonile kwi-website ye-Ministry of Foreign Affairs yaseRussia. II-jester yakha iwebhusayithi ye-dummy ehlukumeza umbono wewebhusayithi esemthethweni ngaphandle kwesihloko esiyihlose ukwenzaukuhleka usulu kubo.

Izifundo:

  • > sanitize umaka we-HTML
  • > ungafaki idatha ngaphandle kokuthi uyiqinisekise
  • > sebenzisa ukuphunyuka kweJavaScript ngaphambi kokufaka idatha engadakiwe ngaphandle kwamanani we-JavaScript (i-JavaScript) welimi
  • > zivikele wena ku-DOM ngokusekelwe kokukhubazeka kwe-XSS
November 28, 2017
Izifundo ezintathu Zokuphepha Ze-Web Application To Keep In Mind. Uchwepheshe We-Semalt Uyazi Indlela Yokugwema Ukuba Uhlukunyezwa Ngezigebengu Zase-Cyber
Reply