Back to Question Center
0

Uchwepheshe we-Semalt: Izindlela Eziningi Kakhulu ZamaHackers Asebenzisa Ukuhlaselwa A Site

1 answers:

Ukukhohlakala kuyisongo esibhekene namabhizinisi amancane namabhizinisi amakhulu. Eqinisweni, izinkampani ezinkulu zifanaI-Microsoft, i-NBC, i-Twitter, i-Facebook, i-Drupal, ne-ZenDesk isanda kufaka amawebhusayithi abo. Kungakhathaliseki ukuthi lezi zigebengu zomshuwalense zifisauthatha idatha yangasese, vala i-PC yakho noma uthathe ukulawula kwewebhusayithi yakho, into eyodwa ihlala isicacile; ziphazamisa amabhizinisi.

I-Artem Abgarian, i i-Semalt Umphathi Wempumelelo Ekhasimende Lomkhulu, okunikezwayo ukucabangela izinyathelo ezilandelayo umqashi angasebenzisa ukungenelela kumawebhusayithi / uhlelo lwakho.

1. Ukuhlaselwa kwe-Injection

Lokhu kuhlasela kwenzeka uma kukhona iphutha ku-Library yakho ye-SQL, i-SQL Database noma ngisho ne-OSngokwayo. Ithimba lakho labasebenzi livule lokho okudlule njengamafayela athembekile kodwa engaziwa, amafayela afihlile imiyalo (imijovo). Ngokwenzangakho-ke, bavumela le ngozi ukuthi ithole ukufinyelela okungagunyaziwe kwedatha eyimfihlo efana nemininingwane yekhadi lesikweletu, ama-akhawunti asebhange, inombolo yokuphepha yomphakathi,njll.

2. Ukuhlasela kweSpanish Scripting Attack

Ukuhlasela kwe-XSS kwenzeka uma iphakethe lefayela, isicelo noma i-URL 'thola isicelo' ithunyelwa kuiwindi lesiphequluli. Qaphela ukuthi ngesikhathi sokuhlaselwa, isikhali (kungaba yilokho okukhulunywa ngaso) sithatha inqubo yokuqinisekisa. Ngenxa yalokho,umsebenzisi ukhohliswa ekucabangeni ukuthi basebenza ekhasini lewebhu elivumelekile.

3. Ukuhlaselwa Okuqinisekisiwe Nokuhlaselwa KwamaSession

Kulolu cala, i-hacker izama ukufaka imali kwisistimu yokuqinisekiswa yomsebenzisi obuthakathaka.Lolu hlelo luhilela amaphasiwedi womsebenzisi, ama-ID weseshini, ukuphathwa okuyisisekelo kanye nokuphequlula amakhukhi. Uma kukhona indawo ethile, abaduni bangafinyelelai-akhawunti yakho yomsebenzisi kusuka endaweni eyikude bese ingena ngemvume usebenzisa iziqinisekiso zakho.

4. I-Clickjack Attack

Ukuchofoza (noma ukuhlaselwa kwe-UI-Redress) kwenzeka lapho abaduni bebenzisa ama-multiple, opaqueizendlalelo zokukhohlisa umsebenzisi ngokuchofoza ungqimba ophezulu ngaphandle kokusola into. Kulesi simo, ukuchofoza 'kwama-hijacks' okwakushoyoekhasini lakho lewebhu. Isibonelo, ngokuhlanganisa ngokucophelela ama-iframes, amabhokisi emibhalo kanye namafashthi wezitayela, i-hacker izoholela umsebenzisi ukuba acabange ukuthibayangena ngemvume ku-akhawunti yabo, kodwa ngomqondo wangempela, lokho kuwuhlaka olungabonakali olulawulwa ngumuntu onesisusa esiphezulu.

5. I-DNS i-Spoofing

Bewazi ukuthi idatha yesikhashana endala oyikhohliwe nayo ingafika futhi ihambelewena? Yebo, i-hacker ingakwazi ukukhomba ukuhlukunyezwa ohlelweni lwegama lesizinda elivumela ukuba liguqule ithrafikhi kusuka kuseva elifanele ukuya ku-dummyiwebhusayithi noma iseva. Lezi zihlaselo ziphindaphindiwe futhi zizisakaze kusuka kwiseva eyodwa ye-DNS kwenye, zikhukhumeza noma yini endleleni yayo.

6. Ukuhlaselwa Kwengqalasizinda Yezenhlalakahle

Ngokuqinisekile, lokhu akukona ukukhwabanisa nge-se. Kulesi simo, unikeza okuyimfihloulwazi ngolwazi oluhle luthi phezu kwengxoxo yewebhu, i-imeyili, imidiya yezenhlalo noma nganoma yikuphi ukuxhumana kwe-inthanethi. Nokho, yilapho inkinga ifika khonain; lokho okucabangayo ukuthi ungumhlinzeki wezinsizakalo ezisezingeni elihle uba yisiqhinga. Isibonelo esihle kungaba "ukuxhaswa kobuchwepheshe be-Microsoft".

7. I-SYMlinking (ukuhlaselwa kwangaphakathi)

Ama-symlink amafayela akhethekile athi "ukhomba" isixhumanisi esinzima esivumelanisa ifayela elifakiweuhlelo. Lapha, i-hacker ngokuyinhloko ibeka i-symlink enjengokuthi uhlelo lokusebenza noma umsebenzisi othola ukuphela kokuqaphela ukuthiukufinyelela ifayela elifanele. Lezi zinguquko zikhohlakele, zibhale phansi, zifaka noma ziguqule izimvume zefayela.

8. Isikhumulo se-Cross-Site Request Attack

Lokhu kuhlaselwa kwenzeka lapho umsebenzisi engena ngemvume ku-akhawunti yakhe. A hacker kusuka aIndawo eyikude ingathatha leli thuba ukukuthumela isicelo se-HTTP esibanjwe. Lokhu kusho ukuqoqa imininingwane yakho yekhukhi. Le dokhi yedathaihlala isebenza uma uhlala ungene ngemvume. Ukuze uphephe, njalo uphume kuma-akhawunti akho uma usuqedile nabo.

9. Ukuhlaselwa kweMode Code Remote

Lokhu kusebenzisa ubuthakathaka kuseva yakho. Izingxenye ezinokukhubazeka njengezinkomba ezikude,izinhlaka, imitapo yolwazi kanye namanye amamojula e-software asebenzayo ngokusekelwe komsebenzisi ahloswe yi-malware, scripts kanye nomyaloimigqa.

10. Ukuhlasela kwe-DDOS

Ukuphikisana kokuhlaselwa kwenkonzo (okufingqiwe njenge-DDOS), kwenzeka uma umshininoma amasevisi we-server anqatshelwe kuwe. Manje uma ungaxhunyiwe ku-intanethi, abaduni bahlobanisa newebhusayithi noma umsebenzi othize. Inhloso yelokhu kuhlasela yilokhu: ukuphazamisa noma ukuthatha uhlelo olusebenzayo.

November 28, 2017
Uchwepheshe we-Semalt: Izindlela Eziningi Kakhulu ZamaHackers Asebenzisa Ukuhlaselwa A Site
Reply