Common Vulnerabilities in web development

One, SQL injection vulnerability  
SQL injection Attack (SQL injection), called injection attack, SQL injection, is widely used to illegally obtain control of the site, is a security vulnerability that occurs at the database layer of the application. In the design of the program, ignoring the input string in the entrainment of SQL instructions, run by the database is mistaken for a normal SQL command, so that the database is attacked, may lead to data theft, change, delete, and further cause the site to be embedded malicious code, the insertion of backdoor procedures and other hazards.  
Typically, the location of SQL injection includes:  
(1) Form submissions, mainly post requests, also include get requests,  
(2) URL parameter submission, mainly GET request parameters;  
(3) cookie parameter submission;  
(4) Some modifiable values of the HTTP request header, such as Referer, User_agent,  
(5) Some edge input points, such as some file information for. mp3 files.  
Common precautionary methods  
(1) All query statements use parameterized query interfaces provided by the database, and parameterized statements use parameters instead of embedding user input variables into SQL statements. Currently, almost all database systems provide a parameterized SQL statement execution interface, which can be used to prevent SQL injection attacks very effectively.  
(2) escapes the special characters (' "<>&*;, etc.) into the database, or encodes the conversion.  
(3) Confirm that each type of data, such as numeric data, must be a number, and the storage fields in the database must correspond to the int type.  
(4) The length of the data should be strictly specified to prevent the longer SQL injection statements from being executed correctly.  
(5) The encoding of each data layer of the website is uniform, it is recommended to use UTF-8 encoding, and the upper and lower layer encoding inconsistency may cause some filtering models to be bypassed.  
(6) strictly restricts the operation rights of the database of site users, giving the user only the right to meet their work, so as to minimize the risk of injection attacks on the database.  
(7) Prevent the Web site from displaying SQL error messages, such as type errors, field mismatches, and so on, preventing attackers from using these error messages for some judgment.  
(8) It is recommended that some specialized SQL injection detection tools be used to detect and fix these SQL injection vulnerabilities before the website is published.

Second, cross-site scripting vulnerability  
Cross-site scripting attacks (Cross-site scripting, often referred to as XSS) occur on the client side and can be used for attacks such as stealing privacy, phishing scams, stealing passwords, and spreading malicious code.  
The techniques used by XSS attacks are mainly HTML and JavaScript, including VBScript and ActionScript. XSS attacks on the Web server, although there is no direct harm, but it through the Web site to spread, so that the use of the site users are attacked, resulting in the site user account is stolen, resulting in a more serious harm to the site.  
XSS types include:  
(1) Non-persistent cross-site: The reflective cross-site scripting vulnerability, which is currently the most common cross-site type. Cross-site code usually exists in the link, when requesting such a link, the cross-site code is reflected back through the server, such cross-site code is not stored on the server (such as the database). The example given in the above section is such a situation.  
(2) Persistent cross-site: This is the most direct cross-site type that is compromised, and the cross-site code is stored on the server side (such as in a database). The common situation is that a user posts in the Forum, if the forum does not filter the user input JavaScript code data, it will cause other users to browse this paste browser will execute the user's embedded JavaScript code.  
(3) Dom cross-site (Dom XSS): A cross-site vulnerability that occurs in the client DOM (Document Object model), largely because of security issues caused by client script processing logic.  
commonly used anti-XSS techniques include:  
(1) As with SQL injection prevention, assume that all inputs are suspect and must be rigorously checked for script, IFrame, and so on in all inputs. The inputs here are not just input interfaces that the user can interact with directly, but also variables in the cookie in the HTTP request, variables in the HTTP request header, and so on.  
(2) not only to verify the type of data, but also to verify its format, length, scope, and content.  
(3) Do not validate and filter data only on the client, the key filtering steps are performed on the server.  
(4) The output of the data also to check, the database value is likely to be in a large site in many places have output, even if the input is encoded and other operations, at the output point in the various areas also need to conduct security checks.  
(5) tests all known threats before publishing the application.

Third, weak password vulnerability
Weak passwords (weak password) are not strictly and accurately defined, and are often considered weak passwords that are easily guessed or cracked by someone else (they might know you well). Setting a password usually follows these guidelines:
(1) Do not use the empty password or the system default password, these passwords all week, is a typical weak password.
(2) The password length is not less than 8 characters.
(3) The password should not be a sequential character (for example: AAAAAAAA) or a combination of certain characters (for example: Tzf.tzf.).
(4) The password should be a combination of the following four types of characters, uppercase (A-Z), lowercase (A-Z), Numbers (0-9), and special characters. Each type of character contains at least one. If a class of characters contains only one, then the character should not be the first character or the trailing character.
(5) The password should not include the name of the person, parents, children and spouse and the date of birth, anniversary, login, e-mail address and other information related to me, as well as the words in the dictionary.
(6) A password should not be a word that replaces certain letters with numbers or symbols.
(7) Password should be easy to remember and can be entered quickly, to prevent others from behind you easy to see your input.
(8) Change the password once in at least 90 days to prevent the intruder from being discovered from continuing to use the password.

Iv. HTTP Header Tracking Vulnerability
The http/1.1 (RFC2616) specification defines the HTTP trace method, primarily for the client to test or obtain diagnostic information by submitting a trace request to the Web server. When a Web server enables trace, the submitted request header is fully returned in the contents of the server response (Body), where the HTTP header is likely to include session tokens, cookies, or other authentication information. An attacker could exploit this vulnerability to spoof legitimate users and obtain their private information. This vulnerability is often used in conjunction with other methods to effectively attack, because HTTP trace requests can be initiated through client browser scripts (such as XMLHttpRequest) and can be accessed through the DOM interface, so it is easily exploited by attackers.
The HTTP trace method is typically disabled by the method that defends the HTTP header trace vulnerability.

V. STRUTS2 REMOTE Command Execution vulnerability
Apachestruts is an open source architecture for building Java Web applications. Apache struts has an input filtering error that can be exploited to inject and execute arbitrary Java code if a conversion error is encountered.
Most of the remote Code execution vulnerability of Web sites is due to the fact that the Web site uses Apache Struts xwork as the Web application framework, because the software has a high-risk vulnerability to remote code, resulting in a security risk to the website. CNVD has disposed of a number of such vulnerabilities, such as the existence of a remote command execution Vulnerability (cnvd-2012-13934) on the "GPS vehicle satellite positioning System" website, ASPCMS message This Remote Code execution Vulnerability (cnvd-2012-11590), and so on.
To fix this type of vulnerability, simply upgrade Apache struts to the latest version of Apache official website: http://struts.apache.org

Vi. File Upload Vulnerability
File upload vulnerability is usually caused by the file upload path variable filter in the webpage code, if the file Upload function implementation code does not strictly restrict the user to upload the file suffix and file type, the attacker can upload arbitrary files through the Web Access directory, including the site backdoor file (Webshell), The Web server is then remotely controlled.
Therefore, in the development of the Web site and application process, you need to strictly restrict and verify the uploaded files, prohibit uploading malicious code files. At the same time restricting the execution of the relevant directory permissions to prevent Webshell attacks.

VII. Private IP Address Disclosure vulnerability
An IP address is an important indicator of a network user, and is an attacker who needs to know before attacking. Get more methods, attackers will be different network conditions, such as: the use of ping in the LAN, ping the other side of the network name and obtain IP, on the Internet using the IP version of QQ direct display. The most effective way is to intercept and analyze each other's network packets. Attackers can find and directly through the software to resolve intercepted packets of the IP header information, and then based on this information to understand the specific IP.
For the most efficient "packet analysis method", it is possible to install some software that automatically removes the IP information sent from the packet header. However, the use of these software has some drawbacks, such as: expensive resources, reduce computer performance, access to some forums or websites will be affected, not suitable for Internet cafes users and so on. Today's personal users adopt the most common method of hiding IP is to use a proxy, since the use of proxy server, the "forwarding service" will be sent out of the packet has been modified, resulting in "packet Analysis" method invalidation. Some easy to leak user IP network software (QQ, MSN, ie, etc.) support the use of proxy way to connect the Internet, especially QQ using "ezProxy" and other agent software connection, IP version of QQ can not display the IP address. Although the agent can effectively hide the user IP, but the attacker can also bypass the proxy to find the other person's real IP address, under what circumstances users use how to hide the IP, also depends on the situation.

Eight, unencrypted login requests
Because the Web configuration is insecure, the login request transmits sensitive fields such as usernames and passwords unencrypted, and attackers can eavesdrop on the network to rob the sensitive information. It is recommended that you encrypt and then transfer such as SSH.

Ix. Sensitive Information Disclosure vulnerability
SQL injection, XSS, directory traversal, weak passwords can lead to the disclosure of sensitive information, and attackers can obtain sensitive information through vulnerabilities. Different defense methods for different causes

Ten, CSRF
Http://www.cnblogs.com/hyddd/archive/2009/04/09/1432744.html

Common Vulnerabilities in web development