Izinhlelo zokusebenza zewebhu yizinhlelo ezivumela abasebenzisi ukuthi basebenzisane namaseva wewebhu. Zisebenza kwiziphequluli zewebhu ngosizo lwamaskripthi- kanye nemibhalo eseceleni eseva.
Ukwakhiwa kohlelo lokusebenza lwewebhu kuqukethe:
Isendlalelo seklayenti / sesethulo siqukethe amadivayisi lapho uhlelo lokusebenza lusebenza khona. Amadivayisi anjalo afaka ama-laptops, amaphilisi, ama-smartphone, njll.
Isendlalelo somqondo webhizinisi sinezendlalelo ezimbili:
Isendlalelo se-log-server logic esinezinto eziphatha izicelo nezimpendulo, nokubhalwa kwekhodi okufundayo futhi kubuyisele idatha kusiphequluli
Isendlalelo somqondo webhizinisi oqukethe idatha yohlelo lokusebenza
Isendlalelo semininingwane siqukethe ungqimba lwe-B2B kanye neseva yedatha lapho kugcinwa khona imininingwane yenhlangano.
I-OWASP umphakathi ovulekile ozinikele ekwenzeni izinhlangano zikwazi ukukhulelwa, ukuthuthukisa, ukuthola, ukusebenza, kanye nokugcina izinhlelo zokusebenza ezingathenjwa.
Iphrojekthi ye-OWASP Top 10 ikhiqiza idokhumenti echaza izinsongo zokuphepha zohlelo lokusebenza eziyishumi eziphezulu.
Idokhumenti yakamuva ibala izinsongo zokuphepha eziyishumi eziphezulu ezilandelayo:
Ukuhlaselwa ngomjovo ukuhlasela lapho umhlaseli afaka khona idatha enonya emiyalweni nasemibuzweni ebese isetshenziswa kuhlelo.
Lokhu kuhlasela kuhlose izinkambu zokufaka noma amaphuzu wokufaka wohlelo bese kuvumela abahlaseli ukuthi bakhiphe imininingwane ebucayi.
Ukuhlaselwa komjovo okusetshenziswa kakhulu yile:
Ubuqiniso obuphukile busho izinsongo nobungozi ekuqinisekisweni nasekuphathweni kweseshini.
Abahlaseli basebenzisa lobu bucayi ukuzenza izisulu zabo.
Okunye ukukhubazeka okukhona kufaka:
Izinsongo zokuvezwa kwedatha ezibucayi zenzeka ezinhlelweni ezisebenzisa ikhodi yokubethela ebuthakathaka yokubethela kwedatha nokugcina.
Lokhu kuba sengozini kwenza abahlaseli bakwazi ukuqhekeka kalula ukubethela bese beba idatha.
Ukuhlaselwa kwebhizinisi langaphandle leXML ukuhlasela lapho umhlaseli esebenzisa ithuba le-XML parser elungiswe kahle elibangela ukuthi uhlelo luhlolisise okokufaka kweXML okuvela kumthombo ongathembekile.
Ukulawulwa kokufinyelela okuphukile kusho izinsongo nobungozi ekulawulweni kokufinyelela. Abahlaseli basebenzisa lobu bungozi ukuze bagweme ubuqiniso futhi bathole amalungelo wokuphatha.
Ukulungiswa okungalungile kokuphepha kubhekisa ebucayini obukhona ezinhlelweni ezinesitaki sohlelo olungalungiselelwe kahle.
Ezinye zezinkinga ezidala ukuba sengozini kokulungiswa kokungalungiswa kahle zifaka:
Ukuhlaselwa kwe-Cross-Site Scripting ukuhlasela lapho umhlaseli efaka khona imibhalo emakhasini ewebhu asetshenziswa ohlelweni lwenhloso.
Ukwehliswa kwesithunzi okungavikelekile kubhekisa ekubeni sengozini abahlaseli abakusebenzisayo ngokujova ikhodi enonya kudatha eyenziwe nge-serial ethunyelwa kulitshe.
Ngenxa yokuba sengozini kokungabi namandla kwempahla, imininingwane enziwe nge-serial yenziwe yaba yicingo ngaphandle kokuthi kutholakale ikhodi enonya, evumela umhlaseli ukuthi athole ukufinyelela okungagunyaziwe kohlelo.
Ukusebenzisa izinto ezinobungozi obaziwayo kuvumela abahlaseli ukuthi babaxhaphaze futhi benze ukuhlasela.
Ukungena nokuqapha okunganele kwenzeka lapho uhlelo lokusebenza luhluleka ukungena kwimicimbi enobungozi nemisebenzi. Lokhu kudala ubunzima ekutholeni ukuhlaselwa kohlelo.
Indlela Yokugenca Isicelo seWebhu inikeza abahlaseli ngezinyathelo okufanele bazilandele ukuze bahlasele ngempumelelo.
Lezi zinyathelo yilezi:
Ingqalasizinda yewebhu yokunyathelisa ngezinyawo isiza umhlaseli ukuqoqa imininingwane mayelana nengqalasizinda yewebhu ekhonjiwe futhi abone ubungozi obungasetshenziswa.
Kule nqubo, umhlaseli wenza:
Imininingwane eqoqwe esinyathelweni sezinyathelo ivumela abaduni ukuba bayihlaziye, bathole ubungozi bokusebenzisa kabi, futhi basebenzise amasu ahlukahlukene ukuqala ukuhlasela kuseva.
Abahlaseli bahlaziya uhlelo lokusebenza lwe-web lokukhomba ukukhomba ubungozi balo nokulusebenzisa.
Ukugenca uhlelo lokusebenza, abahlaseli kudingeka:
Abahlaseli bazama ukudlula ukulawulwa kohlangothi lwamakhasimende kokufaka nokuxhumana komsebenzisi.
Ukudlula izilawuli eziseceleni kwamakhasimende, abahlaseli bazama uku:
Abahlaseli bazama ukuxhaphaza ubuthakathaka obukhona ezindleleni zokufakazela ubuqiniso.
Ngokusebenzisa ubungozi obunjalo, abahlaseli bayakwazi ukwenza:
Ukuhlaselwa kokugunyazwa kungukuhlasela lapho umhlaseli efinyelela khona uhlelo lokusebenza nge-akhawunti esemthethweni enamalungelo alinganiselwe abese esebenzisa leyo akhawunti ukukhulisa amalungelo.
Ukwenza ukuhlaselwa kokugunyazwa, umhlaseli usebenzisa le mithombo elandelayo:
Abahlaseli bahlaziya iwebhusayithi eqondiwe ngomzamo wokufunda imininingwane ngokulawulwa kokufinyelela okusetshenzisiwe.
Phakathi nale nqubo, abahlaseli bazama ukufunda ngokuthi ngubani okwazi ukufinyelela kumaphi amasethi wedatha, ukuthi ubani onamazinga okufinyelela, nokuthi angakhuphula kanjani amalungelo.
Abahlaseli basebenzisa ukuba sengozini ekuqinisekisweni nasekuphathweni kweseshini ukuzenza izisulu zabo.
Inqubo yokukhiqiza ithokheni evumelekile yeseshini inezinyathelo ezimbili:
Ngethokheni evumelekile, abahlaseli bayakwazi ukwenza ukuhlasela okufana neMITM, ukudunwa kweseshini, nokuphindwa kweseshini.
Abahlaseli basebenzisa okokufaka kwamafomu okungagunyaziwe ukufaka imijovo nemiyalo enonya.
Amakhono amabi wokufaka amakhodi angenza uhlelo lokusebenza lube sengozini ngenxa yamaphutha alo. Uma umhlaseli ephumelela ekuboneni amaphutha anjalo, bayakwazi ukuwaxhaphaza bese beqala ukuhlasela.
Abahlaseli benza ukuhlaselwa kokuxhumeka kwe-database ukuthola ukulawula i-database futhi ngaleyo ndlela bathole ukufinyelela kulwazi olubucayi.
Abahlaseli bakhomba izinsiza zewebhu ezihlanganiswe kuhlelo lokusebenza lewebhu ukuthola nokusebenzisa ubungozi bengqondo yohlelo lokusebenza.
Bese basebenzisa amasu ahlukahlukene ukwenza ukuhlaselwa kwesicelo.