20159302 "cyber attack and Prevention" Fifth Week study summary

Summary of teaching material Contents 1. Review of basic knowledge

Through learning the content of teaching materials, master the basic operating mode of the website, and understand its structure way. Such as:

The process is: first, the client sends the request in the browser, the related forms, the data to the server, and then the server according to the data transmitted by the corresponding handler processing, and then call the database content feedback to the server, the server will be the data obtained from the database encapsulated processing and then sent to the browser user. This completes a request/response process.

At present: The mainstream front-end technology has html5+css3+javascript. The HTML language is a Hypertext Markup language whose structure includes the " Head" section (English: Head), and the "Subject" section (English: Body), where the "Head" section provides information about the Web page, and the "main" part provides the specific content of the Web page. In general website building process Use this language for site layout, such as using Div. CSS is a cascading style sheet, a computer language used to represent file styles such as HTML or XML (a subset of the standard Universal Markup Language). The ability to control the placement of objects in a Web page with precise pixel-level controls, support for almost all font-size styles, a capability to edit web-page objects and model styles, and a preliminary interaction design are the best performance design languages available today based on text presentation. JavaScript is proposed by Netscape and applied to the construction of the site, a literal translation script language, is a dynamic type, weak type, prototype-based language, built-in support type. Its interpreter, known as the JavaScript engine, is widely used as a scripting language for clients in the browser, and is used on HTML pages to add dynamic functionality to HTML pages. The JavaScript framework that is commonly used today is jquery and so on.

Server language mainly includes PHP, Java, C #, JSP and so on. A brief introduction to the PHP language, PHP (foreign name: Php:hypertext Preprocessor, Chinese name: "Hypertext Preprocessor") is a common open source scripting language. The grammar absorbs the C language, Java and Perl features, is conducive to learning, widely used, mainly for the field of web development. PHP's unique syntax mixes the syntax of C, Java, Perl, and PHP's own creation. It can execute Dynamic Web pages more quickly than CGI or Perl. PHP is a dynamic page compared to other programming languages, PHP is to embed the program into the HTML document execution, execution efficiency than the full HTML markup of the CGI is much higher; PHP can also execute compiled code, compile can achieve encryption and optimize the code to run, so that the code runs faster. At present, PHP framework commonly used is thinkphp, yii and so on. It is worth mentioning that more than 80% of the domestic website is written in PHP. And the server is generally built using Apache, Tomcat and so on.

Database: Common database has MySQL, SQL Server, Mogodb and so on. MySQL is a free open source database system, the following brief introduction: It is a relational database management system. In WEB applications MySQL is one of the best RDBMS (relational database Management system, relational databases management systems) application software. The associated database saves data in different tables rather than putting all of the data in a large warehouse, which increases speed and increases flexibility. The SQL language used by MySQL is the most commonly used standardized language for accessing databases. MySQL software uses a dual licensing policy, which is divided into community and commercial version, due to its small size, fast, low total cost of ownership, especially the open source, the development of the general small and medium-sized web site to choose MySQL as the site database.

The foreground page interacts with the server using the HTTP protocol, the HTTP protocol is the Hypertext Transfer Protocol, the TCP 80 port is used by default, HTTP is relatively simple, stateless, ASCLL-based protocol, the HTTP protocol uses a Uniform resource identifier, All resources within its scope are defined uniformly, and then a simple request/response pattern is used to request a resource that responds to resources if the resource exists. However, the protocol is less secure, and there are many ways to protect it, such as SSL or cookies.

2. Security threat Analysis

Analysis and summary, from the perspective of security technology to analyze web security there are several threats.

1) attack against authentication mechanism: attack means to confirm user, service or application identity mechanism, including brute force enumeration, imperfect weakness of authentication mechanism, attack password recovery verification, etc.

2) The attack of the authorization mechanism: it is used to confirm whether the user, the service or the application has the privilege mechanism to perform the request action, including the Trust/session prediction, using the authentication mechanism imperfect weaknesses, etc.

3) Client attack: Disturb or infiltrate attack means of attacking Web site client user, including content spoofing, cross-site scripting attack, etc.

4) Command execution attack: The attack means of executing remote command on the Web site, including buffer overflow, formatted string, LDAP injection, operating system command injection, SQL injection, SSI injection, etc.

5) Information exposure: Access to the Web site specific system Information attack means, including directory enumeration, information disclosure, path traversal, resource location predictable and so on.

6) Logical attack: The attack means of disturbing or penetrating the Web application logic process, including function abuse, denial of service attack, imperfect anti-automatic program, imperfect processing and verification process, etc.

3.web Application Safety Precautions

1) Use HTTPS as much as possible to protect the confidentiality, integrity, and identity authenticity of Web site transmissions.

2) manage the Web site through an encrypted connection channel, avoid using unencrypted Telnet, FTP, HTTP, etc. for Web site management, and use security protocols such as SSH and SFTP.

3) Set Mac-ip mappings for static bindings, prohibit ARP spoofing in the service network segment, deploy firewalls or intrusion detection systems at the gateway, and so on.

4) Be sure to turn on the log function, do a good job of logging and security audit.

4.SQL Injection Attack method

1) SQL injection

Code injection is one of the most popular attack methods for Web applications, and code injection attacks enable Web applications to execute malicious instructions and code injected by an attacker by exploiting the input of the Web application to validate the non-integrity vulnerability, resulting in compromised information disclosure, privilege elevation, or unauthorized access to the system. The main reason is that user input is not properly filtered to eliminate string escape characters in the SQL language, such as quotation marks, double quotes, anti-quotes, etc., or there is no strict type judgment. The principle of SQL injection is to enter a well-constructed SQL query command into the user input interface provided by the Web application, attack and exploit the imperfect input authentication mechanism, so that the injected code can execute the unexpected attack operation behavior.

2) Find injection point '

SQL injection points exist in dynamic Web pages, as long as the parameters can generate SQL statements and access the database, there may be injection, commonly injected into the input ' 1 ' = ' 1 ',

3) Determine the database type

Use the system variables of the database server to judge

Using the database server's system table to judge

4) in the background database, the administrator user password Word to guess

The Administrator account has special permissions and features for managing and maintaining Web applications, such as uploading/downloading files, directory browsing, modifying configuration, and so on, and these administrator accounts are usually in the database, through SQL injection to the backend administrator account, you can control the entire site through the administrator's privileges. The administrator's account cracking includes table name guessing, field name guessing, and user name and password guessing.

5) Upload backdoor to get default account permissions

By uploading the backdoor to the script directory under the WWW directory, the attacker can access it, thereby obtaining the privileges of the default account to perform such functions as upload/download.

6) Local privilege elevation

5. Precautionary measures

The precautionary measures mainly include the following points:

1) Use type-safe parameter encoding mechanism

2) All user input from outside, need to complete check

3) Replace dynamic SQL statements with stored procedures, precompiled SQL, and ADO Command objects

4) Strengthen the configuration and connection of SQL database server

20159302 "cyber attack and Prevention" Fifth Week study summary