Count the top ten security threats in Web 2.0

Source: Internet
Author: User
Tags ldap xml attribute

Web2.0 is a new term used to describe new-generation network applications. Start.com, Google Maps, writely, and Myspace.com are typical web. 0. The continuous advancement of technology has promoted the development of Web applications. In terms of network services, it enhances the core technical components of the server, while in terms of clients, Ajax and rich network applications (RIA) Improve the client user interfaces in the browser.

XML has a huge impact on the presentation layer and transport layer (HTTP/https. After soap becomes a special choice for XML-based transmission mechanisms, XML replaces the HTML language in the presentation layer to some extent.

  Web2.0 focus-Reorganizing the industry

Technological changes bring new security concerns and new attack vectors. Typical worms, such as yamanner, Samy, and spaceflash, are attacking clients in Ajax architectures that contain confidential information. They provide attack channels.

On the server side, XML-based network services are replacing some of the key functions. It provides distributed applications that can be accessed through network service interfaces. Users can remotely activate get, post, or soap-based methods from the browser. This capability brings new defects to various applications. On the other hand, more available attack vectors are added using the RIA frameworks of XML, XUL, Flash, applets, and javascripts. Ria, Ajax, and network services add new dimensions to the security of network applications.

10 attacks are listed below:

1. Cross-Site Scripting in Ajax

Several months ago, many cross-site scripting attacks were discovered. In such attacks, the victim's browser containing information runs malicious Java Script code from a specific website. The yamanner worm is a recent example. It uses cross-site scripting in Ajax calls of Yahoo Mail to attack victims. Another recent example is the Samy worm, which uses the Myspace.com cross-site scripting vulnerability to attack. Ajax runs on the client, which allows attackers to exploit the script written incorrectly. Attackers can write malicious links to fool users who are not on standby and allow them to access specific webpages through a browser. Traditional applications also have such vulnerabilities, but Ajax adds more vulnerabilities to them.

 2. xml poisoning

In many Web2.0 applications, XML is transmitted between servers and browsers. Network applications receive XML blocks from Ajax clients. This XML block is very likely to be infected. This technology is not widely used to apply recursive loads multiple times to produce similar XML nodes. If the processing capability of the machine is weak, this will cause the server to reject the service. Many attackers also create XML documents with incorrect structures, which disrupt the logic of the dependency Profiling Mechanism Used on the server. There are two types of server-side profiling mechanisms: Sax and Dom. Network services also use the same attack vector because the network service receives soap messages, while soap is XML messages. Using xmls at the application layer gives attackers more opportunities to use this new attack vector.

XML external entity reference is an XML Attribute that can be forged by attackers. This allows attackers to exploit unsatisfactory file or TCP connection defects. XML Schema poisoning is another attack vector of XML poisoning, which can change the execution process. This vulnerability can help attackers obtain confidential information.

3. Malicious Ajax Code Execution

Ajax calls are very imperceptible, and end users cannot determine whether the browser is using the XMLHTTP request object to send a non-recorded call. When the browser sends an Ajax call to any website, the website responds to each request with cookies. This may lead to potential leakage. For example, John has logged on to his bank and has passed Server Authentication. After the authentication process is completed, he will get a session cookie. The Bank page contains a lot of key information. Now, he browsed his webpage and kept his bank account logon status. He may just access an attacker's webpage on which the attacker writes an imperceptible Ajax code without John's consent, it can send back-end calls to John's bank webpage, so it can obtain key information from the Bank page and send the information to the attacker's website. This will lead to leakage of confidential information and even lead to security breakthroughs.

4. RSS/atom Injection

This is a new Web2.0 attack. RSS feedback is a common means for people to share information in portals or online applications. The network application receives the feedback and sends it to the browser of the client. People can insert text Javascript in the RSS feed to attack users' browsers. When an end user accessing a website loads a webpage with the RSS feed, the script runs-it can install software on the user's computer or steal cookies. This is a fatal client attack. Worse, it mutates. As RSS and atom feedback become integrated components in network applications, it is necessary to filter specific characters before the server publishes data to end users.

  5. WSDL scan and enumeration

WSDL (Network Service Definition Language) is an interface of network services. This document provides key information such as technology, open methods, and innovative forms. This is very sensitive information and can help people decide what weakness to use to attack. If you keep unnecessary functions or methods on, this will cause potential disasters for network services. It is very important to protect the WSDL file or restrict access to it. In actual situations, it is likely to find some vulnerabilities that use the WSDL scan.

  6. Confirmation of clients in Ajax conventional programs

Web-based applications use Ajax regular programs to perform many operations on the client, such as confirmation of the client data type, content check, and data domains. Under normal circumstances, the server should also back up the client check information. Most developers do not do this; the reason for doing so is that they assume that such confirmation is the responsibility of Ajax regular programs. Avoid sending post or get requests directly to applications based on AJAX validation. These applications are the main sources of attacks that come with confirmation, such as SQL injection and LDAP injection, they can all attack the key sources of network applications. This increases the number of potential attack vectors that can be exploited by attackers.

  7. Network Service Routing Problems

The Network Service Security Protocol includes the WS-routing service. WS-routing allows the transmission of soap messages in special sequences of different nodes on the Internet. Encrypted information is usually transmitted back and forth on these nodes. Attackers can access the soap messages transmitted between the two endpoints if any of the nodes that interact with each other is attacked. This will cause serious security leakage of soap messages. As network applications were adopted by network service frameworks, attackers began to use these new protocols and new attack vectors.

  8.Network Service Routing Problems

The Network Service receives information and variables from soap messages. It is very possible to modify these variables. For example, "10" is one of multiple nodes in a SOAP message. Attackers can modify points and try different injection attacks, such as SQL, LDAP, XPath, command Line interpreter-and explores attack vectors that can be used to grasp its internal information. Incorrect or incomplete input validation in the Network Service Code makes the network service application easy to leak. This is a new attack vector directed to the network application carried by the network service.

  9. XPath injection in soap messages

XPath is a language used to query XML documents. It is similar to an SQL statement. We provide some information (parameters) and obtain the query results from the database. Many languages support the XPath parsing function. Network applications receive large XML documents. In many cases, these applications obtain input from end users and XPath statements. The sections of these codes have no defense against XPath injection. If XPath is successfully executed, attackers can bypass the authentication mechanism or cause some loss of confidential information. Currently, only a few XPath vulnerabilities can be exploited by attackers. The only way to prevent this attacking vector is to provide appropriate input confirmation when passing the variable value to the XPath statement.

  10. Ria thin client binary Spoofing

Rich network applications (RIA) Use rich UI elements such as flash, ActiveX controls, or applets. These elements are used as the basic interfaces for network applications. This framework has several security issues. The most important one is about session management. It runs in a browser and shares the same session. At the same time, because the client downloads the entire binary element to its host, attackers can reverse the binary file of the project and decompile the code. It is possible to package these binary strings and bypass some authentication logic contained in the Code. This is another interesting attack vector under the Web2.0 framework.

  Conclusion

Ajax, Ria, and network services are three important technical vectors of the Web application space. These technologies are promising. They bring new desktop programs and enhance the overall efficiency and effectiveness of network applications. As these new technologies come with new security problems, ignoring these problems will lead to a huge disaster in the world. In this article, we only discuss 10 types of attacks. But there are actually many other attack vectors. The best way to defend against these new attack vectors is to increase the security awareness of Web2.0, improve the security of code operations and configuration security.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.