Today, with the rapid evolution of Web technology and the vigorous development of e-commerce, many new applications developed by enterprises are Web applications, in addition, Web services are increasingly used to integrate or interact with Web applications. These trends bring about the following problems: the growth of Web applications and services has exceeded the security training and security awareness received by program developers. The security risks of web application systems have reached an unprecedented level. This article analyzes common vulnerabilities and attack methods in Web applications in detail, and comprehensively analyzes the security risks of web application systems.
A Web application system consists of an operating system and a web application. Many programmers do not know how to develop secure applications. They have not been trained in security coding. Their experience may be the development of stand-alone applications or enterprise Web applications that do not consider catastrophic consequences when security defects are exploited.
Most security problems of Web applications belong to one of the following three types:
◆ The server provides services that should not be provided to the public, resulting in security risks.
◆ The server places private data in a publicly accessible area, resulting in leakage of sensitive information.
◆ The server trusts data from untrusted data sources, resulting in attacks.
Many web server administrators have never looked at their servers from another perspective, and have not checked the server's security risks, such as using port scanning programs for system risk analysis. If they did this, they would not run so many services on their own systems, and these services would not have to run on machines that officially provide Web Services, or these services do not need to be open to the public. In addition, they did not modify the banner information of the application that provides external services, so that attackers can easily obtain the version information of the application that the Web server provides external services, find the corresponding attack methods and programs based on the information.
Many Web applications are vulnerable to attacks through servers, applications, and internally developed code. These attacks bypass the Perimeter Firewall security measures because ports 80 or 443 (SSL, secure socket protocol layer) must be open for normal operation of applications. Web Application Security includes illegal input, invalid access control, invalid account and thread management, cross-site scripting attacks, buffer overflow, injection attacks, Exception error handling, insecure storage, and rejection. service Attacks and insecure configuration management. Web application attacks include DoS attacks on applications, modifying web content, SQL injection, uploading webshells, and obtaining control permissions on Web Services.
In short, Web application attacks are different from other attacks because they are difficult to discover and may come from any online users, or even verified users. Web application attacks can bypass the protection of firewalls and intrusion detection products, and enterprise users cannot discover existing web security problems. Of course, enterprises can purchase the web application penetration evaluation service of the Integrity Network Security team to check web Application Security. Integrity Network Security provides professional web penetration assessment security services, comprehensively analyzes web application vulnerabilities, and provides corresponding solutions.
Below we will introduce some common Web server security vulnerabilities:
The purpose of this article is to introduce you to common Web Server Vulnerabilities. I believe I can try to discover some Web Server Vulnerabilities after reading them. However, remember not to search for vulnerabilities. In addition, even if you find a vulnerability, whether it can be exploited is another thing.
Major Web Server Vulnerabilities include physical path leakage, CGI Source Code leakage, directory traversal, arbitrary command execution, buffer overflow, denial of service, SQL injection, conditional competition, and cross-site scripting, it is similar to CGI vulnerabilities, but more places are actually different. However, no matter what the vulnerabilities are, security is an overall truth. Considering the security of Web servers, you must consider operating systems that work with them.
◆ Physical path Leakage
Physical path leakage is generally caused by an error in processing user requests by the Web server. For example, by submitting an ultra-long request or a specially crafted special request, or request a file that does not exist on the Web server. These requests share a common feature, that is, the requested file must belong to a CGI script rather than a static HTML page.
Another case is that some programs that display environment variables on the Web server incorrectly output the physical path of the Web server. This is a design issue.
◆ Directory Traversal
Directory Traversal is rare for Web servers. By attaching ".. /", or append" .. /", or append"... /", such as" .. "or"... // "or even its encoding may lead to directory traversal. The previous situation is rare, but the following situations are much more common. The popular IIS secondary Decoding Vulnerability and Unicode Decoding Vulnerability can both be considered as a deformed encoding.
◆ Execute any command
Execute any command to execute any operating system command. There are two main situations. First, attackers can execute system commands by traversing directories, such as the secondary decoding and UNICODE Decoding Vulnerabilities mentioned above. The other is that the Web server parses user-submitted requests as SSI commands, resulting in arbitrary command execution.
◆ Buffer Overflow
The buffer overflow vulnerability must be familiar to everyone. It is nothing more than that the Web server does not properly process the ultra-long requests submitted by users. Such requests may include ultra-long URLs and ultra-long HTTP Header domains, or other ultra-long data. This vulnerability may cause execution of arbitrary commands or DoS, which generally depends on the constructed data.
◆ DoS
Denial of Service is generated for a variety of reasons, including ultra-long URLs, special directories, ultra-long HTTP Header domains, malformed HTTP Header domains, or DOS device files. The Web server terminates or suspends an error because it is overwhelmed or improperly handled when processing these special requests.
◆ SQL Injection
The SQL injection vulnerability is caused by programming. The background database allows the execution of dynamic SQL statements. Foreground applications do not perform necessary security checks on user input data or page submitted information (such as POST and GET. The characteristics of the database are irrelevant to the programming language of the web program. Almost all relational database systems and corresponding SQL languages face the potential threat of SQL injection.
◆ Conditional Competition
The competition conditions here are mainly for some management servers, which generally run as System or Root. When they need to use some temporary files, but do not check the file attributes before writing these files, it may lead to important system files being overwritten, even obtain control of the system.
◆ CGI Vulnerability
Security Vulnerabilities in CGI scripts, for example, sensitive information is exposed, some normal services provided by default are not closed, some service vulnerabilities are used to execute commands, applications have remote overflow, and non-General CGI program programming vulnerabilities.
The above article briefly analyzes the security risks of Web application systems, and of course there are more security vulnerabilities. Leaf reminds enterprise users based on web application transactions to seek professional security service teams or organizations to evaluate the risks of web application sites to reduce the risks of web application systems.