Back to Question Center
0

Semalt: Indlela Yokuvikela Isayithi Lakho Kusuka Esikhathini Sokubhala NgeSayithi

1 answers:

Iningi lezentengiselwano eziku-intanethi zizame ukuzamazama. Cishe wonke umuntu onayo iwebhusayithingoba okungaphezulu konyaka kunomzamo wokuhlaselwa noma uzothola. Le nhlekelele ibeka abantu abaningi kakhulu engozini. Ama-Blogger nabanikaziAmawebhusayithi we-e-commerce kufanele aqaphele lokhu kuhlaselwa kwama-fictions futhi alungise amanye amaphutha okubhala, okuholela kule mizamo yokuqapha.Iningi lezindaba zezokuphepha kwe-intanethi zibandakanya abaduni abazama ukuthola ukungena ngemvume okungagunyaziwe kumawebhusayithi futhi bathole ukufinyelela okuningiulwazi, iningi lazo libhekene nedatha yekhasimende njengolwazi lwekhadi lesikweletu. Abanye abaduni bangenza izenzo ezingekho emthethweninjengoba ukwehlisa iwebhusayithi noma ukwethula amasu okuncintisana okungalungile ku-platform ye-e-commerce.

Enye yezokuhlaselwa kwesicelo sewebhu esiphezulu yiS Cross-site Scripting (XSS)ukuhlasela. Lokhu kuphazamiseka kuhilela ukuhlaselwa komjovo ohlangothini lweklayenti, okuhloswe ekusebenzeni izikripthi kwiwebhusayithi noma kwesicelo sewebhu esisetshenziswayoukufaka umbhalo oqondile. Ikhodi yokukhokha enonya yenza imisebenzi ehlukahlukene emzimbeni wekhodi kanye nokwenza isiphequluli sesisulu sithumeleamakhodi endaweni engaziwa yecala kuphela eyaziwa yi-hacker.

I-Artem Abgarian, iMenenja Ephumelelayo Yempumelelo Yekhasimende Semalt ,unikeza izindlela zakho ezahlukene ngezindlela ezahlukene zokuthi le script ye-java isebenza kanjani nokuvikela iwebhusayithi yakho kulokhu kuhlasela:

Ukuhlasela kwe-cross-site Scripting (XSS)

Lokhu kuhlasela kuhilela ukwenza isisulu siqhaqhe isixhumanisi esenza iskripthi ukuze sithinteiziphequluli eziningi. Le ndlela ingasebenzisa ezinye izindlela ezifana ne-VBScript, i-ActiveX, ne-Flash, kodwa i-Javascript iyinto evamile ngenxa yemvamisaukusetshenziswa kwezinsiza eziningi zewebhu. Lokhu kuhlasela kuhilela i-hacker eqondisa ukuhlaselwa kwamakhasi angenayo. Le nqubo ihilela ukujovaukukhokhwa kwesiphequluli sesisulu ngokuchofoza isixhumanisi esinonya. Lesi sigaba sibandakanya ukuhlaselwa kobugebengu obuningi kanye namanye ama-PTChlela futhi uguqule imikhankaso yesikhangiso.

Izinsongo ezingenzeka

NgeJavaScript, umhlaseli angakwazi ukuthumela nokuthola izicelo ze-HTTPS. II-hacker nayo ingakwazi ukuthola amaphasiwedi nokufaka iziqinisekiso zomsebenzisi ngomsebenzisi ongenakuzibonela, ikakhulukazi uma bebheka isiphequluli sabo. LokhuHack kungenza umuntu alahlekelwe yonke idatha ebalulekile kuwebhusayithi kanye nokukhuthaza ukuhlaselwa ukukhwabanisa njengendawo yomsebenzisi, ikheli le-IP,imakrofoni, ikhamera yewebhu kanye nokunye ukuhlaselwa kwe-SQL injection.

Kwezinye izimo, ukuhlasela kwe-Cross-site Scripting (XSS) kungakhipha isiphequluli sonkeamakhukhi. I-XSS yinqubo eyinkimbinkimbi yobunjiniyela, futhi ingenza isiphequluli sibe isendlalelo esobala. Ngenxa yalokho, udinga ukucabangakwezinye izici zokuklama zewebhusayithi yakho ukuyivikela nge-XSS.

Isiphetho

Kunoma iyiphi indawo ye-e-commerce, kubalulekile ukuvikela isayithi lakho ngokumelene ne-hacks enjalonjenge-Cross-site Scripting (XSS) yokuhlasela. Lokhu kusetshenziselwa ukuhlaselwa kwe-code-side injection injection, okungeyona nje eyenza iwebhusayithi ibe yingozi kodwafuthi umsebenzisi wokugcina. I-hacker ingakwazi ukuqhuba iskripthi kwiseva, engenza ukuba bathole ukufinyelela kolwazi oluyimfihlo. Ezinye izindlelaukuvimbela ukuhlaselwa kwesiSpring-site Scripting (XSS) kulesi siqondiso. Ungakwazi ukwenza iwebhusayithi yakho iphephile kusuka ku-XSSukuhlasela futhi futhi uvikele ukuphepha kwamakhasimende akho ngokumelene nabaqashi.

November 28, 2017
Semalt: Indlela Yokuvikela Isayithi Lakho Kusuka Esikhathini Sokubhala NgeSayithi
Reply