One, asp.net Web application architecture Security Risks
1. Main threats to the assembly: unauthenticated access, reverse engineering, code injection, obtaining program information through exceptions, and not audited access.
2. Security risks between clients and Web applications: Code injection (cross-site scripting or buffer overflow attacks), network monitoring (password and sensitive application data detection), parameter cracking (form field, query string, Cookie, view state, HTTP header information), Session state variable ID acquisition, Information acquisition (usually using exceptions).
3. Security risks between Web application clients and Enterprise Services: Non-audit access, cracked configuration data, network monitoring, unconstrained agents, data replication.
4. Security risks between Web service clients and their services: non-audit access, parameter cracking, configuration data acquisition, network supervisor, message reply.
5. Remoting between the client and the server security risks: Non-audit access, parameter cracking, serialization, network monitoring.
6. Security risks between clients to data: Non-audit access, SQL injection, cracking data model and link details, network Monitoring, cracking configuration data, cracking surface dry application data.
* ASP. NET Security Architecture considerations
1. Authenticate users in the browser;
2. In the browser and firewall path 1 protect sensitive data 2) block parameter cracking 3 prevent session attacks and cookie failback attacks
3. On Web application side 1 provide security Configuration 2 handle exception 3) Audit User 4 Validate input
4. Application server 1) authentication and audit upload Identity 2 review and record activities and transactions
5. Protecting sensitive data between application servers and databases
6. Encrypt or hash encrypted sensitive data in the database
Two, asp.net Web application security hidden Trouble prevention method
1. Prevent cross-site scripting attacks (cross-site scripting Attack)
Attack method: Get sensitive data in a page by entering script or HTML content.
Threat Index: 6
Attack Result: Application denial of service or reboot, get error stack information (※) speculate code for next attack.
※ Note: If the customerrors is not turned off in the asp.net configuration file, it can cause a dangerous risk by displaying the error line code or database connection string when a system exception occurs.
Preventative measures: ASP.net control validation or server-side input validation.
The user input is validated by the combination of client and server-side authentication, which verifies that the input string contains HTML special symbols by comparing the consistency of the control input and its HTML decoding value, which is used as a basis to convert the HTML special symbol to prevent the script from triggering when the postback is sent.
2. Prevent SQL injection attacks (SQL injection Attack)
Attack method: Through the screen input or URL parameter modification, using its SQL query as a special condition, will input the SQL text injection and return the results of the attack.
Threat Index: 9
Attack result: Sensitive data can be queried and system data can be modified.
Precautions: Use database parameter objects in data updates and queries or use custom methods to transform input parameters to invalidate injected SQL.
3. Validate user Input
Client-side validation as a secondary (server-side validation is especially important when client JavaScript is disabled)
Client-side validation is primarily responsible for verifying the type, length, and correlation of user input (this feature is provided by the system extension control);
Server-side validation is divided into two parts:
1) Input Validation
Input validation requires the user to enter the text of the HTML special characters to verify that contains special characters to throw the system error, the length of the data control as far as possible in the screen through the control of the allowable input length control;
2) Data validation
Verify the data type, length, etc.; This validation behavior is performed on the object.
4. Use the hash algorithm to save the password
Using ASP.net membership to manage users, user password using hash algorithm and salt encryption, high security;
For other passwords that need to be saved, the system infrastructure will provide a hash encryption algorithm for non-reverse encryption, as authentication credentials, or first to be used in an unsecured data store.
5. Data security
1 Encrypt sensitive data: the infrastructure should provide hash encryption algorithm to support data encryption.
2 XML Data security: Preventing XML data attacks.
Attack method: XPath injection and XXE (extended XML entity) injection attack.
Threat Index: 8
Attack Result: Get XML file information.
Precautions: Do not store sensitive information in XML, sensitive information in all configuration files needs to be encrypted, and validation is required for data to be written to XML.
3 ViewState Data security: Prevents sensitive data from viewstate.
Attack method: Obtain sensitive information by decoding viewstate.
Threat Index: 6
Attack Result: Obtain sensitive information in viewstate.
Precautions: Disable viewstate or avoid, using simple controls to save sensitive information in encrypted mode.
Associated problem: Attention to processing of sensitive data when using JSON strings.
6. Store security information to the registry and configuration files
Controls the access of the remote user to the profile and protects the sensitive data in the configuration file.
7. Revise the configuration file before publishing again
To prevent error stack information from being inferred and attacked by other means of information seizure, the asp.net Web application should fix the configuration file before it is published.
Error stack information speculative attack
Attack method: Causes the system exception, through the error page the stack information guesses the code to carry on the next attack.
Threat Index: 6
Attack Result: Infer system version and code logic.
Precautions: Capturing system exceptions using a consolidated page for processing does not represent error stack information, setting the custom error node to <customerrors mode= "off"/> To prevent error messages from being represented to remote users, and to turn off debug switches < Compilation defaultlanguage= "VB" debug= "false"/> prevents the source code from being leaked or injected into code by debugging information.
You should also turn off trace optimization performance and prevent method attackers from using trace to infer Code execution procedures and details: <trace enabled= "false" requestlimit= "ten" pageoutput= "false" TraceMode = "SortByTime"/>
For Web services to prevent a remote user from using the WSDL description for speculative attacks.
Attack method: Access Web service WSDL file for Web service-related information.
Threat Index: 4
Attack Result: Get Web service method description, infer Web service parameter, proceed next attack.
Precautions: Specifies that the Web method description is not represented in the configuration file, and the configuration file is modified as follows:
Copy Code code as follows:
<webServices>
<protocols>
<remove name= "Documentation"/>
</protocols>
</webServices>
8. Session with session but not using cookieless
Reason: Cookieless's session will expose SessionID in the URL, making it easy for others to exploit.
9. Prevention Direction Project
Attack method: Get assembly using tools to reverse engineer.
Threat Index: 9
Attack Result: Understand program logic, steal development results.
Precautions: Strong encryption and obfuscation works at the time of release.
Reference:
asp.net security:8 Ways to avoid Attack
http://www.devx.com/security/Article/20898/1954
"Hacking exposed Web 2.0:web 2.0 security Secrets and Solutions", Rich Cannings, Himanshu Dwivedi, Zane-lackey,2008.< /c3>