Uma iphupho lakho lizoba umzingeli we-bug, kungaba ngokoqobo…
Ukuzingela iphutha lokufunda akuyona into enzima.
Udinga nje ukuqhubekela phambili endaweni efanele.
Ngakho, Le ndatshana ingakusiza kancane.
Ukuba ngumzingeli we-bug, Akudingeki ube ne-degree enkulu yasekolishi noma iziqu.
Uma uzinikele kukho.
Ungakufunda ngokuqinisekile.
Empeleni ukuphepha kwe-cyber kunethuba elibanzi kakhulu ngokuzayo.
Ungasibona isidingo sokuphepha kwe-cyber kule nkinga ye-coronavirus.
Ngubani umzingeli we-bug?
Ake ngichaze njengoba uneminyaka emihlanu.
Ake sicabange,
Insizakalo entsha / iwebhusayithi / uhlelo lokusebenza lwethulwa.
Inamaphutha athile aziwa njengengcupheko.
Okungenzeka uma kutholwe ngabaduni ababi (Izigqoko ezimnyama), ngokuqinisekile ingadala ukulimala kwaleyo nkonzo.
Ngakho, umdubuli omuhle (isigqoko esimhlophe) Thola amaphutha (ukuba nengcupheko) futhi esikhundleni sokuyisebenzisa okuhle.
Bayayibika kuwebhusayithi noma i-service admin.
Ukuze umqondisi angalungisa ubungozi futhi wenze insiza yabo iphephe kakhudlwana.
I-White Hacker Emhlophe ethola futhi ibike ubungozi kunkampani ethile ibizwa ngokuthi yi-bug Hunter.
Ungashayela ubungozi njenge-bug futhi.
Kepha abazingeli be-bug abayenzi ukuzingela iphutha mahhala.
Banethemba lokuthola umvuzo ngokushintshana.
Futhi bayakuthola.
Umphathi ukhokha i-bug Hunter ngokuya ngobulukhuni besiphazamiso abasitholayo.
Ezinye zezimbungulu ezibucayi kakhulu ziyi-CSRF, I-XSS, Umjovo we-SQL, njll.
Phezulu 5 Amathuluzi amahle kakhulu wokuzingela ama-bug! [2020]:
Nalu uhlu lwamanye amathuluzi wokuzingela ama-bug asetshenziswa kakhulu.
Uma ufuna ukufunda ukuzingela kwe-bug.
Ngokuqinisekile udinga ukubafunda bonke.
Futhi, Akunzima kakhulu ukufunda la mathuluzi.
Bangakusiza kakhulu ohambweni lwakho.
Ukuze ufunde la mathuluzi abhalwe ngezansi,
Ungasesha ku-Google, I-YouTube, futhi uthole izinsizakusebenza ngangokunokwenzeka.
#1 Burp Suite![]()
Ithuluzi elidume kakhulu phakathi kwabaduni.
I-Burp Suite isuselwe kuJava.
Uhlaka lokuhlolwa kwewebhu.
Ukuphepha Professional Sebenzisa leli thuluzi kaningi.
Isebenza njenge-interction proxy.
I-Burp Suite ikusiza ekuboneni ubungozi futhi uqinisekise ama-veector wokuhlasela athinta izinhlelo zokusebenza zewebhu.
Leli thuluzi lithwebula futhi lihlaziye okuthunyelwe ngakunye futhi lithola isicelo sokuthunyelwa futhi litholwe yisiphequluli kuwebhusayithi.
#2 I-OWASP ZAP
Orvelip (Vula iphrojekthi yokuphepha yohlelo lokusebenza lweWebhu) yinhlangano engenzi inzuzo egxile ekuthuthukiseni ukuphepha kwesoftware.
Kumahhala ngokuphelele njengoba kuyingxenye yomphakathi we-OWASP.
Ngaphezu kwalokho, Kungumthombo ovulekile.
Ungenza ukuskena okuzenzakalelayo okuzenzakalelayo futhi okusebenzayo ngaleli thuluzi.
Abantu baze basebenzise njengenye indlela yokusebenza kwe-butp.
I-Burp Suite Professional ayikhokhelwa.
Ngakho, I-OWASP ZAP ingakusiza kulokho.
#3 Uhlobo lwenhlanzi
I-CRIRB isithwebuli sokuqukethwe kuwebhu.
Kubukeka kutholakala (kanye / noma okufihliwe) Izinto zeWebhu.
Ngokuyisisekelo isebenza ngokwethula ukuhlaselwa okususelwa kwesichazamazwi ngokumelene neseva yeWebhu futhi ihlaziye impendulo.
Kepha ayitholakali eGui.
Ungayisebenzisa esigungwini sakho se-Linux.
I-Dirb Main Inhloso ukusiza ekucwaningweni kwesicelo sewebhu seWebhu.
Ikakhulu ekuhlolweni okuhlobene nokuphepha.
Ihlanganisa ezinye izimbobo ezingambozwanga izikena ze-classic web sengcunability.
#4 Ukubamba umbagula
I-GoBuster iyithuluzi elisetshenziselwa amandla brute-force:
- Uwobanzi (Izincwajana zemininingwane namafayela) Kusayithi le-Web.
- Isizinda se-DNS (Ngokuxhaswa kwe-Wildcard).
- Amagama wokubamba ama-Virtual kumaseva wewebhu ahlosiwe.
Lokhu kungasetshenziswa kakhulu ukusiza uhambo lwakho lwe-bug Hunter.
#5 Uhlobo
I-NMAP iyisithwebuli senethiwekhi yamahhala futhi esivulekile.
I-NMAP iyindlela emfushane ye-Internet Mapper.
Abaphathi benethiwekhi basebenzisa i-NMAP ukukhomba ukuthi yimaphi amadivayisi asebenza ezinhlelweni zawo, Ukuthola Amandla Atholakala kanye Nezinsizakalo abazinikezayo, Ukuthola amachweba avulekile nokuthola ubungozi bokuphepha.
I-NMAP isiza abacwaningi bezokuphepha ekutholeni amachweba kuseva.
Yize i-NMAP ivele eminyakeni edlule futhi ivumelana nezimo ngokweqile, Ehlelweni liyithuluzi le-port-scan, Ukuqoqa imininingwane ngokuthumela amaphakethe avusekayo kumachweba wohlelo.
Ilalela izimpendulo futhi inqume ukuthi amachweba avulekile, kuvaliwe noma kuhlungwa ngandlela thile kusho imbangela ye-firewall.
Isiphetho:
Abantu bavame ukukuthola kunzima ukuqala uhambo lwabo lwe-bug Hunter.
Ngenxa nje yokuntuleka kwesiqondiso esifanele.
Ngaphezu kwalokho, Uma unikezelwa akekho ongakuvimba.
"Kholwane nje kuwe."
Kukhona ezinye izifundo zamahhala kuwebhu.
Okungakusiza ukuba ufunde kabanzi mayelana nokuzingela iphutha.
Iseluleko esisodwa esivela kumlobi, "The more the, umzingeli ongcono we-bug ".
Ngakho, Qhubeka ufunde. Siyethemba ukuthi uthole ukubaluleka esihlokweni sethu, Uma kunjalo nisabelane ngakho kubo bonke abangane bakho nezihlobo ubazise ngakho.
