Home > Developer > Web Develop

EXP9 Web Security Basics Practice

Source: Internet
Author: User
Tags sql injection attack csrf attack
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

First, the basic question answer 1. SQL injection attack principle, how to defend?
    • A SQL injection attack is the goal of tricking a server into executing a malicious SQL command by inserting a SQL command into a Web form to submit or entering a query string for a domain name or page request.
    • The main protection against SQL injection attacks is to start with code:
    1. With precompiled statement set PreparedStatement, it has the ability to handle SQL injection, as long as it uses its Setxxx method to pass values. Its principle is that SQL injection only to the SQL statement Preparation (compilation) process has a destructive effect, and PreparedStatement is ready, the execution phase is only the input string as data processing, and no longer the SQL statements prepared for parsing, so also avoids the SQL injection problem;
    2. Filter incoming parameters with regular expressions and filter for some keywords containing SQL injection;
    3. Adopt the method of string filtering;
    4. The function called in the JSP checks if it contains illegal characters and prevents SQL from being injected from the URL.
2. What is the principle of XSS attack and how to defend it?
    • The SS is a code injection that allows a malicious user to inject code into a Web page and be successfully executed by the browser, and other users will be affected when they view the page. Such attacks typically include HTML and client-side scripting languages. The main purpose of XSS attack is to find a way to obtain the cookie of the target attack website, because the cookie is equivalent to the seesion, and with this information can log on to the website in any PC that can connect to the Internet, and do some damage in the identity of others.
    • Defenses can be carried out in the following two ways:
    1. Filter parameters before a form submission or URL parameter is passed
    2. Check the contents of user input for illegal content, such as angle brackets, quotation marks, etc., strictly control the output.
3. CSRF attack principle, how to defend?
    • We know that XSS is a cross-site scripting attack that executes an attacker's script in the user's browser to obtain information such as its cookie. Instead, CSRF is borrowing the user's identity to send a request to Web server because the request is not intended by the user, so it is called "cross-site request forgery".
    • The defense of CSSRF can be carried out from a few aspects;
    1. Referer, token or verification code to detect user submissions;
    2. Try not to expose the user's privacy information in the link of the page, for the user to modify the deletion and other operations preferably use post operation;
    3. Avoid general-purpose cookies and strictly set the domain of cookies.
Second, the practice content 1. About Webgoat
    • Webgoat is an application platform developed by the OWASP Organization for Web vulnerability experiments to illustrate security vulnerabilities in Web applications. Webgoat is running on a platform with a Java virtual machine, there are many training courses available, including XSS, thread safety, SQL injection, and so on, our experiment is on the Webgoat platform.
    1. Webgoat is divided into simple version and Development Board, simple version is a Java jar package, only need to have a Java environment, we do in the command line: Java-jar Webgoat-container-7.0.1-war-exec.jar run Webgoat:
    1. Open will find their virtual machine is not installed, I am using Yang Zhenghui shared WebGoat7.1 downloaded, put it in the home, re-enter Java-jar Webgoat-server-7.1-exec.jar (because the version of 7.1 is downloaded, so the version number in the command needs to be changed again)
    1. Open Browser, enter Localhost:8080/webgoat
    1. Select the default account, password to log on successfully
2. SQL Practice Numeric SQL injection
    • The principle is that there is an SQL statement here
    • SELECT * from Weather_data WHERE station = [Station]
    • Can intercept messages Add Station field to a permanent 101 OR 1=1
    • You can use the debugging tools from the Firefox developer on Kail to open the text box.
    • Modify the original statement to: SELECT * from Weather_data WHERE station = 101 OR 1=1

    • As 1=1 Heng set up, click Go to see all the city's weather, success.

Log Spoofing
    • Log forgery, the purpose is to inject a malicious string, according to the rules forged a log, the username input
    • Zh%0d%0alogin succeeded for Username:admin
    • Where%0d and%0a are CRLF newline characters, the output shown is

    • The second line is the one we just forged.

XPATH Injection
    • The meaning of the problem is your account number and password is mike/test123. Your goal is to try to view data from other employees.
    • Or do you need to build a wing-
    • CC ' or 1=1 or ' a ' = ' a

String SQL Injection
    • Character injection, which is similar to the previous number injection method, constructs a permanent, or uses the previous ' or 1 = ' 1
    • ' CC ' OR ' 1 ' = ' 1
    • SELECT * from user_data WHERE last_name = ' cc ' OR ' 1 ' = ' 1 '

Lab:sql injectionstage 1:string SQL Injection
    • Use string SQL injection to bypass authentication.
    • Log in as user Neville, enter ' or 1=1 in the password field--Never do SQL injection, but find login failed. The maximum length of password found is 8, changing the maximum length to 100

    • Log in again, success

EXP9 Web Security Basics Practice

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
ccna security practice questions ccna security practice test comptia security practice test security online practice exam security practice questions comptia security practice comptia security practice questions

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More