Back to Question Center
0

I-Semalt Expert: I-Surefire Ways Ukukhusela I-Site esuka kwi-Hackers

1 answers:

Uninzi lwabantu bacinga ukuba i-website yabo ayinanto ebalulekileyo yokuhlaselwa. Iwebsite ingabaukutshatyalaliswa ngumnxeba ukusebenzisa iseva ukudlulisa ugaxekile okanye ukuyisebenzisa njengesixhasi sexeshana ukufumana iifayile ezingekho mthethweni. Hackers ihlose iwebhusayithiamaseva kumabhaknini am, asebenze njengeebhodnetshi okanye umfuno we-ransomware. AbaHackers basebenzisa izikripthi ezenziwe ngokuzenzekelayo ukuphula i-intanethi kumzamo wokuukuxhaphaza ubunzima kwisofthiwe.

Ngezantsi ezinye zeengcebiso ezilungiselelwe ngu-Igor Gamanenko, i Semalt Umphathi Wempumelelo yoMthengi, ukukhusela wena kunye newebhusayithi yakho.

I-script yesayithi

yomnqamlezo

Ezi ntlobo zokuhlaselwa zifake iikhowudi zeJavaScript ezinokubakho kwiphepha lewebhu,isebenza kwii-intanethi ngokungaziwa, kwaye iyakushintsha okuqukethwe kwewebhu, okanye ukutshintsha ulwazi olubukhali lokubuyisela kwi-hacker - alt.com..IwebhusayithiUmlawuli kufuneka aqinisekise ukuba abasebenzisi abakwazi ukufaka ngokukhawuleza okuqukethwe kweJavaScript kwikhasi lakho. Ukusebenzisa izixhobo ezifana noKhuselo loKhuselekoUmgaqo-nkqubo uqondisa isiphequluli sewebhu ukukhawulela indlela kunye neyiphi iJavaScript isebenza kwiphepha.

Imiyalezo yephutha

Umlawuli wewebhusayithi kufuneka alumkele ulwazi oluboniswe kuweimiyalezo yesiphoso. Mane unikeze iimpazamo ezilinganiselwe kubasebenzisi bakho, ukuqinisekisa ukuba abanikanga idatha eyimfihlo kwiinkonzo zakho ezifanaiiphasiwedi okanye iifayile ze-API.

Amaphasiwedi

Kubaluleke kakhulu ukusebenzisa iiphasiwedi eziyinkimbinkimbi ukufikelela kumaseva wakho okanyekwicandelo lomlawuli webhsayithi. Abasebenzisi kufuneka bakhuthazwe ukuba basebenzise iiphasiwedi ezinamandla ukukhusela iakhawunti zabo. Udibaniso lwamanzi,i-lowercase, amanani kunye nabalinganiswa abakhethileyo bakha iphasiwedi ephephile. Amaphasiwedi kufuneka agcinwe esebenzisa i-algorithm ye-hashing. Iwebhusayithiukhuseleko lunokuphuculwa ngokusebenzisa ityuwa entsha kunye neyodwa kwiphasiwedi.

Ukulayisha ifayile

Ukukhusela umzamo wokuqhawula, kucetyiswa ukuba ugweme ukufikelela ngokuthe ngqo ukulayishwaiifayile. Naliphi na ifayile elayishwe kwiwebhusayithi yakho kufuneka igcinwe kwifolda eyahlukileyo ngaphandle kweWebroot. Iskripthi esahlukileyo kufuneka sibeidalwe ukulandelela iifayile ezivela kwifolda yangasese kwaye zibanceda kwi-browser.

I-HTTPS

Yimigaqo-nkqubo, enika ukhuseleko kwiwebhu. Iqinisekisa abasebenzisi ukubabafikelela kumncedisi abakulindeleyo nokuba akukho nkunkuma inokuyithintela umxholo abahamba ngawo. Iwebhusayithi exhasa inkxasoamakhadi okanye ezinye iifom zentlawulo kufuneka zisebenzise i-cookie yangempela ithunyelwe naliphi na isicelo somsebenzisi. Oku kunceda ukuqinisekisile izicelo ngoko ukuvalaukuhlaselwa.

Sebenzisa izixhobo zokukhusela iwebhusayithi

Emva kokuba uyenzile yonke imilinganiselo engentla, ukuvavanya ukhuseleko lakho kwiwebhusayithiluleke kakhulu. Kuyenziwa ngokusetyenziswa kwezixhobo zokuvavanya ukungena, ezibandakanya i-Netsparker, i-OpenVAS, i-Headers Head.io ne-Xenotix XSSIsiCwangciso soPhulo. Iziphumo zokusebenzisa izixhobo zibonisa uluhlu olubanzi lwezinto ezinokuxhalabisa kunye nezisombululo eziphambili.

November 28, 2017
I-Semalt Expert: I-Surefire Ways Ukukhusela I-Site esuka kwi-Hackers
Reply