Mmetụta
Ndị na-awakpo nwere ike iji enweghị isi nchekwa nchekwa iji mee scripting Cross-Site (XSS), clickjacking, na igwe-na-n'etiti ọgụ [S1][S3]. Na-enweghị nchebe ndị a, enwere ike ịfesa data onye ọrụ nwere mmetụta, yana iguzosi ike n'ezi ihe nke ngwa ahụ nwere ike imebi site na ederede ọjọọ etinyere na gburugburu ihe nchọgharị [S3].
Ihe kpatara ya
Ngwá ọrụ mmepe nke AI na-ebutekarị koodu arụ ọrụ karịa nhazi nchekwa. N'ihi ya, ọtụtụ ndebiri emepụtara AI na-ahapụ isi okwu nzaghachi HTTP dị egwu nke ihe nchọgharị ọgbara ọhụrụ na-adabere na ya maka nchekwa-n'omimi [S1]. Ọzọkwa, enweghị Integrated Dynamic Application Security Test (DAST) n'oge usoro mmepe pụtara na-adịkarịghị amata oghere nhazi ndị a tupu ebuga [S2].
Concrete ndozi
- Tinye isi ihe nchekwa *: Hazie sava weebụ ma ọ bụ usoro ngwa ka ịgụnye
Content-Security-Policy,Strict-Transport-Security,X-Frame-Options, naX-Content-Type-OptionsZXCVIZ. - Akara akpaaka *: Jiri ngwaọrụ na-enye akara nchekwa dabere na ọnụnọ nkụnye eji isi mee na ike iji nọgide na-enwe ọnọdụ nchekwa dị elu [S1].
- Nyochaa na-aga n'ihu : Jikọta ihe nyocha akpaghị aka na-adịghị ike n'ime pipeline CI/CD iji nye visibiliti na-aga n'ihu n'ime elu mbuso ngwa ngwa [S2].
Kedu ka FixVibe si nwalee ya
FixVibe ekpuchilarị nke a site na modul nyocha nke headers.security-headers. N'oge nyocha nkịtị, FixVibe na-ebute ebumnuche dị ka ihe nchọgharị wee lelee HTML bara uru yana nzaghachi njikọ maka CSP, HSTS, X-Frame-Options, X-Content-Type-Options,Policy-Options. Modul ahụ na-egosipụtakwa isi mmalite ederede CSP na-adịghị ike ma na-ezere ihe nhụsianya ụgha na JSON, 204, redirect, na nzaghachi njehie ebe ndị isi naanị akwụkwọ anaghị etinye.