Back to Question Center
0

Zvidzidzo zvitatu zveWeb Web Application Security Kuti Urambe Uchifunga. Semalt Expert Anoziva Nzira Yokudzivisa Kuva Nechirwere Chevadzivisi veCyber

1 answers:

Muna 2015, Ponmon Institute yakabudisa zvitsva kubva pakuongorora "Mari yeCyber ​​Crime",izvo zvavakanga vaita. Izvo hazvina kushamisika kuti mari yehutachiona hwekunyadzisa yakawedzera. Zvisinei, mifananidzo yacho yakanga ichiderera - tavolini di qualità.Cybersecurity Ventures (global conglomerate) mishonga iyo inodhura ichasvika $ 6 triliyoni pagore. Paavhareji, zvinotora sanganoMazuva makumi matatu nemakumi matatu ekudzosera shure mushure mehutachiona hwepabhesi nemari yekugadziriswa pamadhora madhora mazana matanhatu nemakumi matanhatu nemashanu.

Waiziva here kuti kuramba kwebasa (DDOS kutambudza), web based breaches uye yakaipainsiders inowedzera 55% yehutachiona hwemhosva yose? Izvi hazviiti chete kutyisidzira data yako asi zvinogona kuita kuti uwane mari.

Frank Abagnale, Mutungamiri Wekubudirira Kwevatereji Semalt Digital Services, inopa kuongorora zvinotevera zvitatu zvinokanganisa zvakaitwa muna 2016.

Chiitiko chekutanga: Mossack-Fonseca (Mapeji ePanama)

MaPanama Papers yakavhiringidzika akapinda muchiedza muna 2015, asi nekuda kwemamiriyoni ezvinyorwa zvaifanira kucheneswa kuburikidza, zvakasvibiswa muna 2016. Kuburitsa kwakaratidza kuti vezvematongerwe enyika, vatengesi vebhizimisi,vanozivikanwa uye chimiro che creme chevanhu vanochengetedza mari yavo kune dzimwe nyika. Kakawanda, izvi zvakanga zvakanyarara uye zvakayambuka tsikamutsara. Kunyange zvazvo Mossack-Fonseca yaiva sangano rakanyatsozivikanwa muchivande, ruzivo rwekuchengetedza ruzivo rwakanga rwava kusina.Pakutanga, WordPress image slide plugin yavakashandisa yakanga isina nguva. Chechipiri, vakashandisa Drupal ane makore matatu neavo vanozivikanwa.Zvinoshamisa kuti sangano rehurumende rehurongwa harugadzirise nyaya idzi.

Zvidzidzo:

  • > nguva dzose chengetedza kuti mapurisa ako eCMS, plugins nemitambo inogara ichivandudzwa..
  • > ramba ruchienderera mberi nekutyisidzira kwekuchengetedzwa kweCMS. Joomla, Drupal, WordPress nezvimwemaitirwo ane zvinyorwa zveizvi
  • > chengetedza mapurani ose usati waita uye uite kuti

Chipiri chepiri: PayPal's profile picture

Florian Courtial (aFrench software engineer) akawana CSRFkusvibiswa muNewPain site itsva, PayPal.me. Iko pasi rese yekubhadhara mari yakawanda isina kuzarurirwa PayPal.me kuti iite zvirikurumidza kubhadhara. Zvisinei,PayPal.me inogona kushandiswa. Florian akakwanisa kuchinja uye akatobvisa chikwangwani che CSRF nekudaro nekuvandudza mufananidzo wemufananidzo wemufananidzo. Sezvazviriyakanga iri, chero munhu aigona kutevedzera mumwe munhu nekuita mifananidzo yavo iri paIndaneti kutaura zvakadai kubva pa Facebook.

Zvidzidzo:

  • > inoshandisa mazita echikwereti eCRRF akasiyana-siyana evashandisi - izvi zvinofanira kunge zvakasiyana uye zvichishandurwa pose pavanenge apinda.
  • > chiratidzo pane chikumbiro chega-kunze kweiyo pamusoro apa, idzi zviratidzo zvinofanirawo kuwanikwaapo iyo inoshandiswa nevashandi. Inopa humwe huviriro.
  • > kupera nguva - kunoderedza kushungurudzika kana bhuku richiramba risina basa kwenguva yakati.

Chechitatu nyaya: Hurumende yeRussia Foreign Affairs Inotarisana neCXSS Embarrassment

Nepo huzhinji hwekutsvaga webhutori hunofanirwa kukanganisa mararamiro ehurumende, mukurumbira,uye mutengesi, zvimwe zvinoreva kunyadziswa. Nyaya iripo, nhanho isina kumboitika muRussia. Izvi ndizvo zvakaitika: muAmerican hacker(akatumidza zita rokuti Jester) akashandisa nzvimbo yepamuchinjiki scripting (XSS) kudzvinyirira yaakaona paIndaneti yeRussia Ministry Ministry website. Thejester yakasika dummy website iyo yakaratidza maonero echibvumirano chepamutemo kunze kwemusoro wepamusoro, iyo yaakagadzirirwa kuitakusekwa navo.

Zvidzidzo:

  • > sanitize HTML markup
  • > usaisa data kunze kwekuti iwe uchitsigira
  • > shandisa JavaScript isatiza usati wapinda dambudziko risina kukwana mumatauri emitauro (JavaScript) emitauro
  • > zvidzivirire kubva kuDOM yakagadzirirwa XSS kushaya simba
November 28, 2017