Back to Question Center
0

Semalt: Amanyathelo okwenzayo ukukhusela iWebhusayithi yakho ukusuka kwi-Hackers

1 answers:

Olunye uloyiko olukhulu lokuba abanikazi bewebhusayithi kufuneka bahlale kunye nalo mbono womntu oguqulaumsebenzi, okanye ukuwuphelisa ngokupheleleyo. Ukwakhiwa komxholo kwiwebhusayithi kuthatha umsebenzi onzima, kwaye kufuneka kwenziwe okufanayo ukukhusela.

Ngaphandle kokuqhuba izixhobo zokugcina izixhobo, nolu luhlu lweengcebiso ezilungiselelwe nguMichael Brown, Semalt Umphathi weNtuthuko yoMthengi, oza kufikeleleka ukuqinisekisa ukuba ukhuseleko lakho lewebhu:

1. Ukuhlaziya zonke iipulatifti kunye neempendulo

Phakathi kwezinto ezilungileyo ukuzenza kukuhlaziywa zonke iiplatifti kunye neempendulo ezifakwe kwisipheqululirhoqo. Isizathu kukuba ezi zixhobo zihlala zikhowudi zomsunguli ovulekile, ezifumaneka kubaphuhlisi abaneenjongo ezilungileyo kunyebahlaseli. Abahlaseli bewebhusayithi bangayiphonsa ikhowudi, bekhangela nawaphi na ubuthathaka okanye amacandelo angayisebenzisa ithuba lokungena nokulawulalewebhu. Ukuhlaziywa akuthathi ixesha elide lokugqiba kwaye kunceda ukunciphisa ngokumalunga nale mngcipheko ngempumelelo.

2. Faka iifowuni zokukhusela apho kusebenza khona

Emva kokuzama ukuhlaziywa kwangaphambili, qiniseka ukuba umkhangeli-mkhuseleko unokhuselekoiiplagi ezifakwe ukukhusela nayiphi na imizamo yabagxeki ukuba bangene ngaphandle kwemvume. Iiplagi zokhuseleko zijongana nobuthathaka obukhoyonasiphi na isakhelo kunye nokuphazamisa nayiphi na imisebenzi yokukhangela. Ngenye indlela, i-SiteLock iyithuluzi eliya kwinqanaba elongezelelweyo ukulungiselela rhoqoIingxelo zokubeka iliso emva kokuba zikhuphe iinzame zokuqhawula imizamo. Ukuba impumelelo yezoshishino incike ekusebenzeni kakuhle kwewebsite, ke yiSayithiLocklubaluleke kakhulu.

3. Sebenzisa i-HTTPS

Xa usebenzisa i-HTTPS, umntu unokuphawula ukuba uphawu oluhlaza luvela kwibar yomshicileliUkuxwayisa ukuba umntu uza kunika ulwazi olubukhali kwiwebhusayithi. Iincwadana ezincinci ezintlanu zibonakaliso ezibalulekileyo zokhuselekokwaye kukhuselekile ukubonelela ngolwazi oluceliwe..Ukuba isayithi leshishini lifuna ukuba iindwendwe zibonelele ngolwazi lwabucala, ngokokufuneka ityalwe kwisitifiketi se-SSL. Iza ngeendleko ezongezelelweyo kodwa ihamba ixesha elide ekwakheni ukwethembeka kwesiza nokwenzalukhuselekile ngakumbi.

4. Imibuzo eneParameterized

Iindawo ezininzi eziqhelekileyo zewebhusayithi ezinezityalo ezininzi ezixhatshazwayo zixhomekeke kwi-SQLinjections. I-injection ye-SQL yimiba kwiifom zewebhu okanye iimpawu ze-URL ezinika ukungena kolwazi olungaphandle ukunikezela ulwazi xa zikhonasekhohlo ukuvula. Yintoni eyenzekayo kukuba abo bahlaseli bewebhusayithi bayifaka ikhowudi kwiziko lewebhu lewebhu elivumela ukuba bafumane lula xa kunokwenzekabafuna. Ingxaki kubaphathi bewebhusayithi njengoko kufuneka ukuba balondoloze ulwazi oluyimfihlo abathengi abathemba ukuba benze. IiparameteriImibuzo iqinisekisa ukuba ikhowudi esetyenzisiweyo kwiwebhusayithi ichanekile kwaye ke anikezeli indawo yokongeza. Abahlaseli bewebhu bafumana oku kunzima ukubetha.

5. Umgaqo-nkqubo woKhuseleko (Content CSP)

Esinye isiqhelo esivakalayo ukuba i-website ye-hackers isebenzisa ukuhlaselwa kwe-cross-script (XXS). Ngabo, balawula ukutshitshisa kakubi iJavaScriptikhowudi kumaphepha ewebhu. Isicwangciso se parameteri esetyenziswe kunye neCSP evumela umsebenzisi ukuba achaze iindawo ezisemgangathwenikufuneka zibheke njengemithombo esemthethweni yeempendulo ezisebenzayo xa zihlala kwiphepha kufuneka zanele. Isikhangeli siyakunyanelisa yonke intoabanye abangabandakanyi uluhlu lwemiyalelo bavunyelwe ukwenza utshintsho kumakhasi ewebhu.

6. Amaphasiwedi akhuselekileyo

Abantu bakhetha ukukhetha amaphasiwedi abayifumana lula ukukhumbula. Nangona kunjalo, umntu kufuneka enze umgudu wokucinga ngephasiwedi ekhuselekile.Ixesha elide ligama lephasiwedi, libhetele. Kufuneka kusetyenziswe abalinganiswa, iinombolo kunye neeleta. Iiphasiwedi ezibonakalayo zibeka intembekokwiwebhusayithi. Ngendlela efanayo, qalisa imfuneko efanayo kwiiphasiwedi abasebenzisi abasebenzisayo.

7. Vala phantsi kwekhowudi kunye neemvume zefayili

Iifayili nganye kunye nefolda equlethwe kwiwebhusayithi inezihlomelo zemvume kunye nokulawula ukuba ngubani onokufunda, ukubhala okanye ukuwenza. Nikaokwazi ukufikelela kulowo nalowo mvume ngokusetyenziselwa umsebenzisi kunye neqela abahlala kulo.

November 28, 2017
Semalt: Amanyathelo okwenzayo ukukhusela iWebhusayithi yakho ukusuka kwi-Hackers
Reply