Web Security Study Notes

Directory background
Simplest Web physical architecture
Attack methods Overview
Web software security attack protection
Browser security attacks
Cookie counterfeiting
Hide variable Modification
Cross-Site Scripting
Server Security Attacks
Buffer Overflow
Authentication Evasion
Illegal Input
Authorization Evasion
SQL Injection
Sensitive and abnormal information leakage
Upload attack
Credit
Database Security Attacks
Connection string Leakage
Storage data leakage and tampering
Network Security Attacks
Denial of Service Attack
Transfer array leakage and tampering
Remarks background returned directory

I am ashamed to say that in my six years of web programming, I have never really learned web security knowledge systematically (except for authentication and authorization). This month I read a book titled the path to Web security design. most of the content in this book is translated from the official Microsoft documentation. This book is not gold-intensive, but it cannot be said that it has no gains. This article briefly records my notes on Web security.

This article does not involve security management and configuration of IIS, Windows, and SqlServer. It is recommended that you only discuss programming-related security issues.

Simplest Web physical architecture return directory

You must understand the HTTP protocol. Read this article: HTTP protocol details, which are summarized as follows:

• Communication between browsers and serversStateless.
• By controlling the HTTP Request Header, you can control the client cache, Cookie, Request Encoding, and corresponding encoding.
• The request content submits data (POST and GET) to the server, and the response content sends data to the browser.
• The Cookie is contained in each request and response, so the client and server can access it.
• Generally, cookies are used to maintain a browser session (there are other methods ).

Attack methods overview returned directory

Here is a general introduction: website security.

Web software security attack protection return directory browser security attack return directory Cookie counterfeit return directory

Definition

Unexpected Cookie modification value.

Scenario

The server stores the user's authorization information in cookies, and the client uses these cookies to determine whether the navigation is displayed or not. If a program maliciously modifies a Cookie, the permission is elevated.

Attack methods

• The injected Javascript code.
• Use a browser debugging tool.
• Local viruses.

Protection measures

• Try to set the Cookie to HttpOnly, And the browser cannot forge the Cookie.
• Prevents Javascript injection.

Hide variable modification return directory

Definition

Unexpected changes to hidden variables.

Scenario

The discount calculation of an order is completely dependent on a variable of the client. This variable is generated from the server, and all logic is calculated on the client. The server only accepts the final calculation result. If a program maliciously modifies a variable, it bypasses some business logic.

Attack methods

• The injected Javascript code.
• Use a browser debugging tool.

Protection measures

• Prevents Javascript injection.
• The key functions should not be controlled by the client, but by the server.

Directory returned by XSS attacks

Definition

Malicious submission of Javascript code.

Scenario

In the comment function of a blog, if a user maliciously submits Javascript code, if the Javascript code is not filtered, in extreme cases, the Code hijacks all sessions of users accessing this page, access and modify any data.

Attack methods

• The injected Javascript code.
• Use a browser debugging tool.

Protection measures

• Verify and filter malicious input on the server.
• Enable ValidateRequest = "true ".
• Use this. Server. HtmlEncode for the output.

Server Security Attacks return directory Buffer Overflow return directory

Definition

Some input may cause the server stack overflow, which directly causes the server to be unavailable.

Scenario

The program provides a computing-intensive function, which does not limit user input. The user enters an invalid value intentionally or unintentionally, resulting in a buffer overflow.

Attack methods

• Illegal input.

Protection measures

• Verify and filter malicious input on the server.
• Use anti-counterfeit programming.

Directories returned from authentication Evasion

Definition

Some URLs are not displayed on the home page navigation interface. The system only performs authentication and authorization management on the navigation page. These URLs that are not displayed in the navigation page may be analyzed by malicious users and accessed directly.

Scenario

User management is divided into three pages: List. aspx and New. aspx. The program only authenticates and authorizes List. aspx. Some users directly access New. aspx and perform the add operation.

Attack methods

• Direct address access.

Protection measures

• Sort out the overall structure of the website and manage all pages for authentication and authorization.

Invalid input returned directory

Definition

The disease is easy to avoid. Many attack methods are caused by illegal input.

Scenario

The program only verifies the input on the client, and the server does not perform any verification. malicious programs can directly submit illegal input to the server without bypassing the client logic, which can easily lead to various security problems.

Attack methods

• The injected Javascript code.
• Use a browser debugging tool.

Protection measures

• Verify and filter malicious input on the server.
• Prevents Javascript injection.

Authorization escape return directory

Definition

Some URLs are not displayed on the home page navigation interface. The system only performs authentication and authorization management on the navigation page. These URLs that are not displayed in the navigation page may be analyzed by malicious users and accessed directly. Another possibility is that the system only performs authorization management on the client, and the server code does not perform authorization verification. Malicious users can easily escape authorization.

Scenario

When a user does not have the Create permission, the system only disables the browser button and does not authorize the server. Then, the user can execute Create by using the browser debugging tool to enable the button.

Attack methods

• Direct address access.
• Modify the client code.

Protection measures

• Sort out the overall structure of the website and manage all pages for authentication and authorization.
• Perform authorization management on the server.

SQL Injection return directory

Definition

For webpages that interact with the background database, if you do not fully judge the validity of user input data, the application may have security risks. Users can submit a specially crafted database query code in a URL or form input box where normal data can be submitted, so that the background application can execute the attacked SQL code. Attackers can obtain the results returned by the program, obtain Sensitive data he wants to know, such as the administrator password and confidential commercial data.

Scenario

The server program uses String concatenation to construct SQL statements, which may cause SQL injection attacks.

Attack methods

• Maliciously submit SQL snippets.

Protection measures

• Verify and filter malicious input on the server.
• Do not splice SQL parameters. Use DbParameter to set parameters.
• Minimize SQL Server access account permissions.

Returned directory for sensitive information leakage

Definition

Unhandled exceptions are directly displayed in the browser, which results in leakage of sensitive information. for end users, it also makes them feel that the system is not secure and easy to use.

Scenario

For development reasons, in some scenarios, the browser directly displays backend exceptions to the browser, such as NullReferenceException.

Attack methods

• At the top of the call, all exceptions are handled.
• In the lower layer of the call, appropriate exception information is encapsulated.

Protection measures

• Define a reasonable Exception Handling Policy.
• Exceptions must not be directly displayed in the browser across boundaries.

Upload attack return directory

Definition

Users maliciously upload plug-ins, Trojans, and other programs.

Scenario

You have implemented an upload function, and the results do not have sufficient control over the uploaded files. For example, some malicious users upload malicious scripts and then execute these scripts.

Attack methods

• Upload malicious files.

Protection measures

• Verify and filter malicious input on the server, for example, suffix restriction.
• Scan and disinfect uploaded files.

Return directory

Definition

Some users are reluctant to admit that they have performed some operations for some reason. Of course, some operations may be performed without their awareness.

Scenario

The user accidentally deleted the operation and immediately found that the operation was wrong. Then he called the after-sales service and said there was a problem with the system.

Attack methods

• The interface guidance is not friendly enough, which may easily lead to misoperations. In order to shirk responsibility, the interface can be used for credit.
• The user executes the operation maliciously and then denies the operation.

Protection measures

• Improve the ease of use of the interface.
• The reminder for key operations should be clear enough.
• Operation logs must be left for all operations.

Database Security Attacks return directory connection string leakage return directory

Definition

The database connection string contains the username and password. The information is stored in the configuration file in plain text, which can be viewed by O & M and developers. As the team members move, sensitive information may also be exposed.

Scenario

Directly configure the connection string in Web. Config, and the file is not encrypted.

Attack methods

• Unencrypted connection string.
• The configuration file is not encrypted.

Protection measures

• Encrypted connection string.
• Encrypt the configuration file.

Storage data leakage and tampering return directory

Definition

Some sensitive information needs to be stored in the database. If the information is stored as plain text, many people can see the information. In extreme cases, some hackers have attacked the server, you can also see the data.

Scenario

To encrypt passwords and key financial information, the tax bureau will check the accounts.

Attack methods

• Unencrypted sensitive data.
• The encryption method is too simple.

Protection measures

• Encrypt sensitive data.
• Use irreversible encryption for some data, such as passwords.
• Use reversible encryption for certain data, such as financial data.

Network security attack return Directory DoS attack return directory

Definition

Malicious users attempt to attack servers, networks, and systems. The ultimate goal is to make the system unavailable and stop external services.

Scenario

Malicious users try to send requests to the server without limit in concurrency, try to maximize the server load, and finally stop the system from providing external services.

Attack methods

• Attack network.
• Attack the server.
• Attack System.

Protection measures

• Identifies and intercepts malicious requests at the program level.
• Purchase third-party security software.

Transfer array leakage, tampering returned directory

Definition

Malicious proxy servers or routers intercept user requests and read or modify sensitive data.

Scenario

You found a free WIFI in the cafe, and then secretly accessed it. You are still secretly happy. When you use this free WIFI for online surfing, all your information will be intercepted by WIFI. If you are a malicious user, the results can be imagined.

Attack methods

• Kidnap a router.
• Free WIFI scam.
• Is the encrypted transmission protocol.
• Unencrypted transmission data.

Protection measures

• Enhance client route security management.
• Select the proxy server with caution.
• Use secure transmission protocols, such as SSL.

Remarks returned directory

This is a Hello, World in terms of security. In the future, I will take a good look at the security knowledge. Now I have found two good resources, such:

• Security in the. NET Framework.
• . NET Security Overview.

 

Frame address: http://happy.codeplex.com
Blog: http://www.cnblogs.com/happyframework