Back to Question Center
0

I-Semalt Expert: I-Surefire Ways Ukukhusela I-Site esuka kwi-Hackers

1 answers:

Uninzi lwabantu bacinga ukuba i-website yabo ayinanto ebalulekileyo yokuhlaselwa. Iwebsite ingabaukutshatyalaliswa ngumnxeba ukusebenzisa iseva ukudlulisa ugaxekile okanye ukuyisebenzisa njengesixhasi sexeshana ukufumana iifayile ezingekho mthethweni. Hackers ihlose iwebhusayithiamaseva kumabhaknini am, asebenze njengeebhodnetshi okanye umfuno we-ransomware. AbaHackers basebenzisa izikripthi ezenziwe ngokuzenzekelayo ukuphula i-intanethi kumzamo wokuukuxhaphaza ubunzima kwisofthiwe.

Ngezantsi ezinye zeengcebiso ezilungiselelwe ngu-Igor Gamanenko, i Semalt Umphathi Wempumelelo yoMthengi, ukukhusela wena kunye newebhusayithi yakho.

Iprojekti ye-up-to-date

Isofthiwe esetyenziswayo yomncedisi kunye nayiphi na isofthiwe yokuxhaswa kufuneka ihlaziywe rhoqo.Naluphina ubungozi kwesoftwe lunikeza abahlaseli ithuba elilula lokusebenzisa nokubonakalisa izizathu zabo ezimbi. Ukuba inkampani yokubamba ilawulakwiwebhusayithi yakho, ngoko unganenkxalabo njengoko iqumrhu lomncedisi lifanele linyamekele ukhuseleko lwewebhu. Zonke izicelo zeqela kufuneka zibeihlaziywa rhoqo ukuba isebenzise iipatches ezintsha zokukhusela.

injola ye-SQL

Abahlaseli baxhaphaza ukusebenzisa ukuhlaselwa ngamagciwane ukwenzela ukusetyenziswa kweziko lewebhu. Ukusebenzisa umgangathoI-Transact SQL yenza kube lula ukungenazi ngokungenayo iikhowudi ezinobungakanani kwisicatshulwa esingasetyenziselwa ukusetyenziswa kwetafile okanye ukucima idatha. Kuthintela oku, sebenzisa rhoqo imibuzo ephakanyisiweyo njengaleyo iboniswe ngezantsi:

$ stmt = $ pdo-> ulungiselele ('HLOLA * KUYA kwitheyibhile INYE ikhol = =: value');

$ stmt-> yenza (uluhlu ('value' => $ parameter));

I-script yesayithi

yomnqamlezo

Ezi ntlobo zokuhlaselwa zifake iikhowudi zeJavaScript ezinokubakho kwiphepha lewebhu,isebenza kwii-intanethi ngokungaziwa, kwaye iyakushintsha okuqukethwe kwewebhu, okanye ukutshintsha ulwazi olubukhali lokubuyisela kwi-hacker..IwebhusayithiUmlawuli kufuneka aqinisekise ukuba abasebenzisi abakwazi ukufaka ngokukhawuleza okuqukethwe kweJavaScript kwikhasi lakho. Ukusebenzisa izixhobo ezifana noKhuselo loKhuselekoUmgaqo-nkqubo uqondisa isiphequluli sewebhu ukukhawulela indlela kunye neyiphi iJavaScript isebenza kwiphepha.

Imiyalezo yephutha

Umlawuli wewebhusayithi kufuneka alumkele ulwazi oluboniswe kuweimiyalezo yesiphoso. Mane unikeze iimpazamo ezilinganiselwe kubasebenzisi bakho, ukuqinisekisa ukuba abanikanga idatha eyimfihlo kwiinkonzo zakho ezifanaiiphasiwedi okanye iifayile ze-API.

Amaphasiwedi

Kubaluleke kakhulu ukusebenzisa iiphasiwedi eziyinkimbinkimbi ukufikelela kumaseva wakho okanyekwicandelo lomlawuli webhsayithi. Abasebenzisi kufuneka bakhuthazwe ukuba basebenzise iiphasiwedi ezinamandla ukukhusela iakhawunti zabo. Udibaniso lwamanzi,i-lowercase, amanani kunye nabalinganiswa abakhethileyo bakha iphasiwedi ephephile. Amaphasiwedi kufuneka agcinwe esebenzisa i-algorithm ye-hashing. Iwebhusayithiukhuseleko lunokuphuculwa ngokusebenzisa ityuwa entsha kunye neyodwa kwiphasiwedi.

Ukulayisha ifayile

Ukukhusela umzamo wokuqhawula, kucetyiswa ukuba ugweme ukufikelela ngokuthe ngqo ukulayishwaiifayile. Naliphi na ifayile elayishwe kwiwebhusayithi yakho kufuneka igcinwe kwifolda eyahlukileyo ngaphandle kweWebroot. Iskripthi esahlukileyo kufuneka sibeidalwe ukulandelela iifayile ezivela kwifolda yangasese kwaye zibanceda kwi-browser.

I-HTTPS

Yimigaqo-nkqubo, enika ukhuseleko kwiwebhu. Iqinisekisa abasebenzisi ukubabafikelela kumncedisi abakulindeleyo nokuba akukho nkunkuma inokuyithintela umxholo abahamba ngawo. Iwebhusayithi exhasa inkxasoamakhadi okanye ezinye iifom zentlawulo kufuneka zisebenzise i-cookie yangempela ithunyelwe naliphi na isicelo somsebenzisi. Oku kunceda ukuqinisekisile izicelo ngoko ukuvalaukuhlaselwa.

Sebenzisa izixhobo zokukhusela iwebhusayithi

Emva kokuba uyenzile yonke imilinganiselo engentla, ukuvavanya ukhuseleko lakho kwiwebhusayithiluleke kakhulu. Kuyenziwa ngokusetyenziswa kwezixhobo zokuvavanya ukungena, ezibandakanya i-Netsparker, i-OpenVAS, i-Headers Head.io ne-Xenotix XSSIsiCwangciso soPhulo. Iziphumo zokusebenzisa izixhobo zibonisa uluhlu olubanzi lwezinto ezinokuxhalabisa kunye nezisombululo eziphambili.

November 28, 2017
I-Semalt Expert: I-Surefire Ways Ukukhusela I-Site esuka kwi-Hackers
Reply