Ucwaningo oluningiliziwe mayelana nobuthakathaka obuqhubekayo be-XSS

Informatec Digital » Izinsiza » Ucwaningo oluningiliziwe mayelana nobuthakathaka obuqhubekayo be-XSS

Eminyakeni yamuva, i ukuphathwa kobuthakathaka kuzinhlelo zokusebenza zewebhu Sekuyiyona nto eza kuqala ekuphepheni kwe-inthanethi. Izinhlangano zithembela kakhulu kumapulatifomu aku-inthanethi ukuze zinikeze izinsizakalo, ziphathe idatha ebucayi, futhi zisebenzise ibhizinisi lazo lansuku zonke, ngakho-ke noma yikuphi ukwephulwa kokuphepha kungaholela ekulahlekelweni kwedatha, ekulahlekelweni kwezimali, kanye nomonakalo wedumela. Kulesi simo, i-Cross-Site Scripting (XSS), ikakhulukazi uhlobo lwayo oluqhubekayo, isalokhu ingenye yezinsongo eziyinselele kakhulu okufanele ziphathwe.

Nakuba i-XSS ibilokhu yaziwa kusukela ekuqaleni kokuphequlula iwebhu, Ubuthakathaka obuqhubekayo be-XSS buyaqhubeka nokuvela Lokhu kwenzeka ngokuphindaphindiwe ezindaweni zangempela: izinhlelo zokusebenza zebhizinisi, amaphothali ezinkampani, izinhlelo zokulawula ukufinyelela, ngisho namapulatifomu abalulekile ahlobene ne-biometrics. Isizathu akusikho nje kuphela ubunzima bobuchwepheshe, kodwa futhi nokuhlanganiswa kwamasu okuhlasela ashintsha njalo, usayizi wohlelo lokusebenza okhulayo, imikhuba emibi yokuthuthukisa, kanye nokuntuleka kwezilawuli zokuphepha eziqinile kokubili ku-frontend kanye ne-backend.

Ukubaluleka kokufunda ubuthakathaka obuqhubekayo be-XSS

Ukuhlaziywa okuhlelekile kobuthakathaka obuqhubekayo be-XSS kusenza siqonde ukuthi zivela kanjani, ukuthi zixhashazwa kanjani, nokuthi zingancishiswa kanjani ngempumeleloUcwaningo olunzulu ngalesi sihloko alugcini nje ngokuchaza le nkolelo-mbono, kodwa kunalokho luxhumanisa ukuhlonza amaphutha, ukuhlolwa kwengozi abangela wona, kanye nokusetshenziswa kwezinyathelo zobuchwepheshe nezenhlangano ezinciphisa indawo yokuhlasela kuzinhlelo zokusebenza zewebhu zanamuhla.

Ukuphathwa kobungozi kuyingxenye yesu lenkampani lokuphepha kwe-inthanethi, njengoba lihlanganisa izinqubo ukuhlonza, ukuhlola, ukubeka phambili kanye nokulungisa ubuthakathaka kusofthiwe kanye nengqalasizinda. Uma kukhulunywa nge-XSS, lezi zinqubo kumele zihlanganise ubuchwepheshe bokuthuthukiswa obusetshenziswayo (izinhlaka ezifana I-Django, imitapo yolwazi, izinjini zethempulethi) kanye nemikhuba yansuku zonke yokuhlela, ukuhlola, kanye namaqembu okusebenza.

Kulesi simo samanje, lapho ukuxhumana okuningi kwabasebenzisi kwenzeka ngeziphequluli, Ukusetshenziswa ngempumelelo kwe-XSS eqhubekayo kungavula umnyango wokufinyelela okungagunyaziwe, ukwebiwa kobunikazi, kanye nokuphathwa kabi kwedatha.Lolu hlobo lwesigameko lungaholela ekufakweni kolwazi olubalulekile, ukuguqulwa noma ukususwa kwamarekhodi, ukufakwa kwamafayela anonya, ngisho nokunyakaza okuseceleni kwezinye izinhlelo ezixhunyiwe.

Ngokombono wokusebenza, ukungabi nezinqubo ezisebenzayo zokuthola nokunciphisa i-XSS Lokhu kuthinta ngqo ukuqhubeka kwebhizinisi: ukuphazamiseka kwensizakalo, ukulahlekelwa ukwethenjwa kwamakhasimende, izinhlawulo zomthetho, kanye nezindleko ezihambisana nokusabela ezigamekweni. Ngakho-ke, kubalulekile ukubhekana nalezi zingqinamba ezigabeni zokuqala zomjikelezo wokuphila kwesofthiwe, kusukela ekwakhiweni nasekuthuthukisweni kuya ekuhlolweni nasekusetshenzisweni.

Iyini i-XSS eqhubekayo futhi kungani iyingozi kangaka?

I-Cross-Site Scripting noma i-XSS ibhekisela, ngokwemigomo ejwayelekile, ku ukufakwa kwekhodi esebenzisekayo kusiphequluli somsebenzisi I-XSS Eqhubekayo (ebizwa nangokuthi i-XSS egciniwe) iyinhlobo elimaza kakhulu ngoba umthwalo okhokhelwayo ononya ugcinwa kuseva, ngokuvamile kusizindalwazi noma kwenye indawo yokugcina, futhi unikezwa bonke abasebenzisi abafinyelela okuqukethwe okuthintekile.

Kulesi simo, umhlaseli uthumela idatha eshintshiwe endaweni yokufaka isicelo (isibonelo, ifomu lephrofayela, inkambu yokuphawula, noma igama lesisebenzi), futhi leyo datha igcinwa ngaphandle kokuhlanzwa okufanele. Kamuva, uhlelo lokusebenza lubonisa lokho okuqukethwe kwabanye abasebenzisi ngaphandle kokunciphisa amathegi noma izikripthi.ngakho-ke isiphequluli sichaza umthwalo okhokhelwayo njengekhodi esemthethweni (ngokuvamile iJavaScript) bese siwusebenzisa ngemvume yomongo wekhasi.

Imininingwane ebalulekile ye-XSS eqhubekayo ukuthi Akudingeki ukuxhumana okuqondile nokuqondile nesisulu ngasinye.Uma iskripthi esinonya sesigciniwe ohlelweni, sizosebenza kubo bonke abasebenzisi abavakashela leyo ngxenye yesayithi esengozini. Lokhu kwandisa ukufinyelela okungenzeka kokuhlaselwa, ikakhulukazi ezinhlelweni zokusebenza ezinethrafikhi ephezulu noma lapho abaphathi abaningi nabasebenzisi abanamalungelo aphezulu befinyelela khona isayithi njalo.

Ngalezi zindleko zokukhokha ezinonya, kungenzeka ukufeza izinhloso eziningi: ukweba amakhukhi eseshini, ukubamba iziqinisekiso, ukuqondisa kabusha kumawebhusayithi akhohlisayo, ukushintsha isikhombimsebenzisi ukuze ukhohlise umsebenzisi, ukulayisha izinsiza zangaphandle, noma ukuqala ezinye izigaba zokuhlasela okuyinkimbinkimbi kakhulu. Isiphequluli siba yindlela efanelekile yokungena ngoba ithembela okuqukethwe okukhonzwa uhlelo lokusebenza, futhi umsebenzisi, naye, uthemba ukuthi basebenzisana nesayithi elisemthethweni. Ukuqonda ukuphepha kwesiphequluli sewebhu kuyisihluthulelo sokunciphisa le ngozi.

Lolu hlobo lokuba sengozini luvame ukubhekwa njengolubi kakhulu emndenini we-XSS ngoba Kunciphisa kakhulu ukungezwani komhlaseli.Ukufakwa okukodwa okuphumelelayo kuzokwanela ukwenza ukuxhashazwa kutholakale kunoma yisiphi isivakashi sekhasi elisengozini, ngaphandle kwesidingo semikhankaso eyenziwe ngokwezifiso yokuthumela izixhumanisi ezinonya kumuntu ngamunye ohlosiwe.

Ezinye izinhlobo ze-Cross-Site Scripting: ezibukisiwe nezisekelwe ku-DOM

Ukuze uqonde ngokugcwele ububanzi be-XSS eqhubekayo, kuyasiza ukuyiqhathanisa nezinye izinhlobo zakudala zokubhala izikripthi zesayithi elihlukile. Nakuba zonke zihlanganyela umsuka wenkinga—ukuqinisekiswa kwedatha okungekuhle kanye nokuhlanzwa— Ziyahlukahluka ngendlela umthwalo ohamba ngayo kanye nokuthi inkinga yokuphepha ikuphi..

I-XSS ebonisiwe cishe i- Uhlobo oluvame kakhulu lokuba sengozini kwe-XSS kuzinhlelo zokusebenza ezicubungula amapharamitha athunyelwe kuma-URL noma amafomuKulesi simo, ikhodi enonya ayigcinwa unomphela kuseva, kodwa ihamba, isibonelo, kupharamitha yentambo yombuzo. Uhlelo lokusebenza luthatha lelo nani, lulifaka ngqo empendulweni ye-HTML ngaphandle kokulinciphisa, bese isiphequluli silisebenzisa lapho liveza ikhasi.

Njenge-vector "yohambo oluya nokubuya", i-XSS ebonisiwe ivame ukusetshenziswa ngokuthumela isisulu isixhumanisi esenziwe ngokukhethekile - nge-imeyili, imiyalezo esheshayo, imidiya yezenhlalo, njll. - equkethe umthwalo onobungozi ku-URL. Uma umuntu echofoza, ikhasi elinemithwalo yokulayisha efakiwe kanye nesiphequluli lizosebenzisa iskripthiLokhu kungaholela ekwebiweni kwamakhukhi eseshini, ekutholakaleni kwamathokheni, ekuqoqweni kwedatha ebucayi, ngisho nasekuthathweni kolwazi lwekhadi lesikweletu, kuye ngomongo wesicelo.

Ngakolunye uhlangothi, i-XSS esekelwe ku-DOM incike endleleni i-front end yohlelo lokusebenza elawula ngayo i-Document Object Model isebenzisa i-JavaScript noma amanye ama-API ohlangothini lweklayenti. Kulezi zimo, ubungozi abukho kakhulu empendulweni yeseva, kodwa ekhodini esebenza kusiphequluli., ethatha idatha emithonjeni efana ne-URL, i-hash, i-localStorage noma amasimu okufaka, bese iyifaka ku-DOM ngaphandle kokubalekela izinhlamvu eziyingozi.

Isibonelo esivamile se-XSS esekelwe ku-DOM yileso lapho iskripthi esiseceleni kweklayenti sifunda khona ipharamitha evela ku-URL bese siyifaka njenge-HTML ekhasini sisebenzisa imisebenzi engaphephile. Nakuba umthwalo okhokhelwayo ungahamba naku-URL, ukuxhashazwa kwenzeka kuphela kusipheqululingaphandle kokuthi iseva ibonise ngqo umthwalo empendulweni yayo. Lo mehluko usho ukuthi ukuhlaziywa kudinga amathuluzi athile okuhlola ohlangothini lweklayenti.

Izimbangela ezivamile zobuthakathaka obuqhubekayo be-XSS

Isizathu sokuthi i-XSS eqhubekayo isekhona ezindleleni zesimanje akukhona nje ukuntuleka kokunaka: kuyinhlanganisela yezici zobuchwepheshe kanye nezokuhlela. Esinye sezimbangela ezivame kakhulu ukuthi Ukuqinisekiswa kanye nokuhlanzwa kwedatha yokufaka kuphathiswe kuphela i-frontendUmqondo uwukuthi "uma ifomu likhawulela insimu, selivele livikelwe." Le ndlela ayinele, ngoba umhlaseli angavimba noma akhe izicelo ngaphandle kokudlula ku-interface esemthethweni.

Uma i-backend ingaphindi noma iqinise izilawuli ezibekwe ohlangothini lweklayenti, ivula umnyango wokuthi imithwalo enobungozi ithunyelwe ngamathuluzi okuvimba ithrafikhi, izikripthi ezenziwe ngokwezifiso, noma amanye amaklayenti. Iseva kumele ihlale icabanga ukuthi idatha etholiwe kungenzeka ukuthi ishintshiwe.futhi basebenzise izithiyo zabo zokuqinisekisa, zokuhlunga, kanye nezokufaka ikhodi ngaphambi kokugcina noma ukubuyisela ulwazi kusiphequluli.

Esinye isizathu esivamile sihlobene nobunzima bezinhlelo zokusebenza zesimanje. Njengoba zikhula ngokusebenza, ukuhlanganiswa kwezinkampani zangaphandle, kanye nezendlalelo zokwethula, Inani lamaphuzu okufaka idatha nalo liyakhula, kanye namathuba okuthi amanye azohlala engavikelekile.Amafomu okuphatha, amaphaneli okuphatha angaphakathi, amamojula angabuyekezwanga kahle, noma imisebenzi "ebalulekile" ingaba izixhumanisi ezibuthakathaka ngenxa yokuntuleka kokubuyekezwa okuqondile kokuphepha.

Okungeziwe kulokhu umthwalo wekhodi yakudala. Izinhlangano eziningi zigcina izinhlelo zokusebenza ezaqala eminyakeni edlule, nge imikhuba yentuthuko engazange icabangele ukuphepha ngendlela ehlelekileKuvamile ukuthola amamojula anwetshiwe ngaphandle kokulungiswa okujulile, lapho izintambo ze-HTML zihlanganiswa khona nedatha yomsebenzisi ngaphandle kokubalekela imisebenzi, noma lapho kuthenjelwa khona izibikezelo ezingasasebenzi endaweni yamanje.

Okokugcina, ukuntuleka kolwazi nokuqonda kuyisici esibalulekile. Uma abathuthukisi, abahloli, nabaphathi bengakayifaki ngaphakathi amaphethini okuhlasela ahlobene ne-XSS kanye namasu okunciphisa, Ukwehluleka kokuqinisekisa kungenzeka kakhulu ukuthi kwethulwe noma kunganakwa.Ukuqeqeshwa okuqhubekayo kanye nokuqinisa amakhono akhethekile okuphepha kwe-inthanethi kubalulekile ekunciphiseni le ngozi yesakhiwo.

Isibonelo esisebenzayo: I-XSS eqhubekayo kwipulatifomu yokuphatha i-biometric

Isibonelo esichazayo sobukhulu balezi zimo zobuthakathaka singatholakala ku- Ukutholwa kwe-XSS eqhubekayo ebalulekile kupulatifomu ye-ZKTeco WDMS 5.1.3Lolu hlelo lusetshenziswa kabanzi ekuphatheni idatha ye-biometric nokulawula ukufinyelela kwabasebenzi. Lezi zinhlobo zezindawo zisingatha ulwazi olubucayi oluhlobene nokuvikeleka ngokomzimba kwezikhungo namarekhodi axhumene nabantu bangempela.

Ukuhlaziywa okwenziwe yithimba locwaningo elikhethekile kuthole inkinga ethile enqubweni yokuphathwa kwedatha yabasebenzi. Ngemva kokungena ngemvume, ideshibhodi yohlelo lokusebenza inikeze imenyu lapho abasebenzisi bangabuka khona, bashintshe, futhi basuse ulwazi oluthile lomsebenzisi ngamunye. Insimu ethi “Emp Name” noma “EName” yaba yinto ebalulekile ophenyweni, njengoba kwavumela ukuguqula igama elihlotshaniswa nerekhodi.

Ekuqaleni, umthwalo omncane onobungozi wahlolwa ngqo kusuka ku-interface, kwembulwa umkhawulo wezinhlamvu ezingaba ngu-40 ezibekwe yifomu. Nokho, lo mkhawulo wawusebenza kuphela ohlangothini lweklayenti. Ngokuvimba ithrafikhi, abacwaningi bakwazile ukuguqula isicelo ngaphambi kokuba sifike kuseva., esikhundleni sokuqukethwe kwensimu ngomthwalo okhokhelwayo omude ohlanganisa ikhodi yeJavaScript.

Inkinga enkulu kwakuwukuthi uhlelo lokusebenza luqinisekise ukufakwa kwedatha kuphela ku-frontend, ngaphandle kokubeka izilawuli ezilinganayo noma eziqinile ku-backend. Ngenxa yalokho, iseva yamukele isicelo esishintshiwe futhi yagcina okuqukethwe njengoba nje kufikile. Kamuva, lapho kutholwa futhi kuboniswa igama lesisebenzi kwezinye izingxenye zesixhumi esibonakalayo, uhlelo lokusebenza lwalifaka ekhasini ngaphandle kokulinciphisa.okuvumela isiphequluli ukuthi sisebenzise iskripthi esigciniwe.

Lokhu kuziphatha kuqinisekisile ukuba khona kwe-XSS eqhubekayo: Umthwalo okhokhelwayo ononya wawuqoshwa ohlelweni futhi wasetshenziswa njalo lapho omunye umsebenzisi ebuka irekhodi elithintekile.Esimweni esifana ne-ZKTeco WDMS, lapho abaphathi nabaqhubi bethola khona ulwazi lwabasebenzi njalo, amathuba okufaka engozini ama-akhawunti anamalungelo aphezulu ayekhathaza kakhulu.

Isiphetho sombiko besicacile: ukuqinisekiswa kwe-frontend kuyadingeka ukuthuthukisa ulwazi lomsebenzisi nokunciphisa amaphutha amancane, kodwa Akunakubhekwa njengesinyathelo sokuphepha esaneleKubalulekile ukuphinda noma ukuqinisa izilawuli ohlangothini lweseva, ukusebenzisa ukuhlanzwa okufanele, nokubuyekeza indlela idatha yomsebenzisi enikezwa ngayo ekubukweni ukuze ivinjwe ukuthi ingahunyushwa njengekhodi esebenzisekayo.

Umthelela wangempela wokuxhashazwa okuqhubekayo kwe-XSS okuphumelelayo

Uma umhlaseli esebenzisa ngempumelelo ubuthakathaka be-XSS obuqhubekayo, imiphumela ingadlulela ngale kokushintsha okubonakalayo okulula ekhasini. Ngokusebenzisa ikhodi ngaphakathi komongo wesiphequluli sesisulu, Kungenzeka ukufinyelela ulwazi olubucayi olulayishwe uhlelo lokusebenzanjengamathokheni weseshini, idatha yomuntu siqu, izilungiselelo zangaphakathi, noma ngisho nolwazi lwezezimali.

Ngaleyo datha, umhlaseli angenza sengathi uyisisulu kusevisi, eba iziqinisekiso, noma andise amalungelo. Uma i-akhawunti esengozini inamalungelo okuphathaUbubanzi besigameko bukhula ngokushesha: ukuguqulwa okukhulu kwamarekhodi, ukudalwa kwabasebenzisi abanonya, ukuguqulwa kwamapharamitha okucushwa, noma ukufakwa kweminyango yangemuva okusiza ukufinyelela okungagunyaziwe esikhathini esizayo.

Ngaphezu kwalokho, i-XSS eqhubekayo ivumela umsebenzisi ukuthi aqondiswe kumasayithi alawulwa umhlaseli, lapho ukuhlaselwa kungafakwa khona imikhankaso yobugebengu bokweba imininingwane ebucayi kakhulu, i-malware, noma amathuluzi engeziwe okuxhaphazaNgale ndlela, ukwehluleka okulula ekuqinisekisweni kwensimu kuba yindawo yokuqala yochungechunge lokuhlaselwa okuxhunyiwe.

Ezindaweni eziyinkimbinkimbi zezinkampani, ukuxhashazwa kwe-XSS kungenza kube lula ukunyakaza okuseceleni: uma umsebenzisi okwazi ukufinyelela amathuluzi amaningi angaphakathi esengozini, Kungenzeka ukushintshanisa nezinye izinhlelo, izinhlelo zokusebenza, noma izizindalwazi ngokusebenzisa iziqinisekiso noma amathokheni abiwe. Lokhu kusho ukuthi umthelela awusagcini nje ngokusetshenziswa okusengozini, kodwa udlulela kuyo yonke imvelo yedijithali yenhlangano.

Ngaphezu komonakalo wezobuchwepheshe, kunomthelela oqondile edumeleni nasekulandeleni imithetho. Ukudalulwa kwedatha yomuntu siqu noma eyimfihlo kungabangela izibopho zesaziso kuziphathimandlaIzijeziso zomthetho (isibonelo, ezivela emithethweni yokuvikela idatha) kanye nokulahlekelwa ukwethenjwa ngamakhasimende kanye nabalingani. Ukuphatha kahle lobu buthakathaka akusabi yindaba yobuchwepheshe kuphela futhi kuba yinto ebalulekile eqondiswe kahle.

Izindlela ezinhle kakhulu zokunciphisa nokuphatha i-XSS ngokuphephile

Ukunciphisa amathuba okubhekana ne-XSS eqhubekayo kudinga ukwamukela indlela ephelele yokuphepha ekuthuthukisweni nasekusebenzeni kwezinhlelo zokusebenza zewebhuAkwanele ukusebenzisa ama-patches ahlukene; kuyadingeka ukwethula izilawuli ezingeni lokwakha, ukufaka amakhodi, ukuhlola kanye nokusebenza okuqhubekayo ukuze ukuvikelwa kusebenze kahle futhi kuqhubeke isikhathi eside.

Ezingeni lobuchwepheshe, enye yezinyathelo ezibalulekile ukusungula ukuqinisekiswa kokufaka okuqinile kanye nokuphuma komphumelaYonke idatha enikezwe ngumsebenzisi noma evela emithonjeni yangaphandle kufanele ibhekwe njengengathembekile, iqinisekiswe ngokuya ngomongo (uhlobo lwedatha olulindelwe, ubude, ifomethi) futhi, ukuthi izoboniswa nini ku-interface, ifakwe ikhodi efanele (isb., ukubaleka kwezinhlamvu ze-HTML, kusetshenziswa ama-API aphephile namathempulethi avimbela ukwenziwa okuqondile kwekhodi efakiwe).

Okubaluleke ngokulinganayo ukusebenzisa inqubomgomo eqinile ye ukuzivikela okujulile phakathi kwe-frontend ne-backendIklayenti lingasebenzisa izilawuli ukusiza umsebenzisi (imikhawulo yobude, amafomethi, izinkambu ezidingekayo), kodwa iseva kumele ibe nezwi lokugcina: qinisekisa wonke amapharamitha atholiwe, yenqabe okufakiwe okungahambisani nemithetho echaziwe, futhi ungalokothi ucabange ukuthi umsebenzisi uzoziphatha ngendlela "esemthethweni".

Ukulungiselela izihloko zokuphepha, njenge-Content-Security-Policy (CSP), nokusebenzisa i- i-firewall yesicelo sewebhu Bangakwazi ukukhawulela lokho isiphequluli esivunyelwe ukukulayisha nokukwenza, okunciphisa umthelela ongaba khona we-XSS. I-CSP eklanywe kahle ingavimba ukwenziwa kwezikripthi eziku-inthanethi noma ukukhawulela imithombo yezinsiza yangaphandle, okwenza kube nzima kakhulu ukuthi umthwalo onobungozi ufinyelele imigomo yawo. Nakuba kungathathi indawo yokuqinisekiswa okufanele, kuyisendlalelo esengeziwe esiwusizo kakhulu.

Ngokombono wenhlangano, kuyalulekwa ukufaka ukubuyekezwa kokuphepha kulo lonke umjikelezo wokuphila kwentuthuko: ukuhlaziywa kwekhodi engaguquki, ukuhlolwa kokungena, ukubuyekezwa ngesandla kwezingxenye ezibucayi kakhulu, kanye nokusebenzisa iziqondiso ezifana ne-OWASP Top 10 kanye nezinsizakusebenza ukuhlola ukuthi iwebhusayithi iphephile futhi ithembekile yini. Ukuqeqeshwa kanye nokukhulisa ulwazi konjiniyela, abahloli, kanye nabaphathi Futhi kwenza umehluko; ukuqonda ukuthi i-XSS isebenza kanjani, ukuthi yimaphi amaphethini ekhodi ayenza ibe lula, nokuthi alungiswa kanjani kusiza amaqembu ukuhlanganisa ukuphepha emisebenzini yawo yansuku zonke.

Okokugcina, sungula inqubo yokuphatha ubuthakathaka ehlanganisa isitokwe sempahla, ukubeka phambili ubungozi, ukuthunyelwa kwe-patch, kanye nokuqinisekiswa kwangemva kokuqinisekiswa Kubalulekile ukuqinisekisa ukuthi ubuthakathaka obutholakele abunakwa. Ezindaweni lapho kusetshenziswa khona amapulatifomu ezinkampani zangaphandle noma imikhiqizo yezentengiselwano, kubaluleke ngokulinganayo ukuhlala usesikhathini ngezibuyekezo zokuphepha ezikhishwe umenzi futhi uzisebenzise ngokushesha.

Impi yokulwa ne-XSS eqhubekayo ayinqotshwa ngesenzo esisodwa, kodwa ngokugcina isimo sengqondo esiqhubekayo sokuthuthuka, ukuhlanganisa ukusungula izinto ezintsha kwezobuchwepheshe, ubuchwepheshe babasebenzi kanye nesimo esicacile sokubhekana nezinsongo ze-cyber ezithinta izinhlelo zokusebenza zewebhu.

Kukho konke esikubonile, kusobala ukuthi Ubuthakathaka obuqhubekayo be-XSS buhlala buyingozi enkulu kunoma iyiphi inhlangano ethembele kuzinhlelo zokusebenza zewebhu.ikakhulukazi lapho begcina ulwazi olubucayi noma bephatha izinqubo ezibalulekile zebhizinisi. Ukuqonda umehluko phakathi kwezinhlobo ze-XSS, ukufunda ngezibonelo zomhlaba wangempela njengezinkundla zokuphatha ze-biometric, ukusebenzisa imikhuba emihle yokuqinisekisa, kanye nokuqinisa ukuphepha kokubili i-frontend kanye ne-backend kuyizinyathelo ezibalulekile zokugcina ubuqotho, ubumfihlo, kanye nokutholakala kwezimpahla zedijithali endaweni exhunyiwe esiyihamba nsuku zonke.

I-athikili ehlobene:

Isithwebuli sokuzivikela esisebenzayo kanye nobuthakathaka sama-API