Entering the Security Hall-read Web intrusion Security Testing and Countermeasures

Preface

I recently read Web intrusion Security Testing and countermeasures, and have gained a lot of inspiration. This book introduces a lot of Web intrusion ideas and well-known security sites outside China, which has broadened my horizons. Here, I have summarized the attack modes mentioned in the book again, and attached some relevant references, hoping to help Web developers and Security testers.

Currently, Web attack methods are changing with each passing day, but many of the basic ideas are derived from the following attack methods. For example, the "SQL injection" and "command injection" mentioned below are:Injecting ideasDifferent expressions. In addition, the purpose of this article is not to "introduce each attack technology in detail", but to "let everyone know what to know if program security is required"

Web intrusion attack methods

I. Test client attacks

1. Search for sensitive information

(1) annotations in HTML code, hiding fields and other sensitive information.

Many tools can help you analyze webpages, such as PageSpy and Firebug.

(2) server error information. For example:

(3) program error prompt.

In the classic example, you need to enter the account and password when logging on to the website. If the server returns an error message "this account does not exist" for the wrong account ", return another correct message "incorrect account and password" for the wrong password ". Then the attacker can guess the user name based on the returned value and continue the next attack.

2. Guess the file and directory

If you have downloaded the Access database of a forum, you should remember this attack method. In addition, if the access to the configuration file is not well protected, the consequences are equally serious.

3. Bypass client input restrictions/verification (client data is untrusted)

There are many ways to bypass client verification or restrictions. You can directly remove the JavaScript script on the web page. Another way is to intercept the sending package and change it directly.

4. Modify Cookie

Have you found any Cookie files on the machine in the university library? Have you ever thought about modifying its expiration time to continue using it?

There are many articles about cookies on the Internet, and a foreign site is also recommended in the book: Dutchduck ., For more information, see.

2. Use Web vulnerabilities for attacks

5. vulnerabilities in third-party libraries/components

The use of third-party resources is inevitable, but you should keep an eye on it:>.

6. Session Hijak)

In addition to listening, session hijacking also takes other forms, such as directly modifying the session ID of a Cookie or modifying the Cookie information of an HTTP packet header. However, a simple hijacking method is usually through listening.

Here, session hijacking was very popular in my high school, because at that time, most LAN components were still using the HUB, making listening very convenient. However, with the popularization of vswitches, session hijacking has gradually become quite secure. Now, session hijacking seems to rise again with the popularity of wireless networks:>

Hamster can be used to hijack a wireless network.

To perform session hijacking in the vswitch environment, you can use: SSCLONE

Measure the test taker's understanding about the monitoring principle: network sniffing technology analysis.

7. Cross-Site attack (XSS)

XSS can be divided into storage-type XSS and reflective XSS based on different usage ".

Stored XSS: attackers enter malicious information in the form of comments or messages. When other users access the website, the server extracts the malicious information from the database, and display it back to the user. This method can be seen as an attacker hanging a malicious script on the website.

Reflected XSS: embeds the script information into the CGI parameter of the URL, and entice you to click the link by email or other means.

Generally, the ultimate objective of XSS is:

(1) stealing personal information.

(2) download viruses and Trojans.

(3) embed spoofing information in a real website.

Currently, there seems to be fewer websites with stored XSS vulnerabilities, but there are still many reflective websites.

8. injection attacks

(1) SQL Injection

(2) Command Injection

(3 )......

In fact, the injection idea is the same, but it should be different. They share the following features: Entering special characters to change the original business process/spoofing server. For more information about SQL Injection, see Advanced SQL Injection In SQL Server Applications.

9. Buffer Overflow

In. NET, Java is prevalent today, buffer overflow issues rarely occur. For more information, see Smashing The Stack For Fun And Profit And Michael Howard's 19 Deadly Sins of Software Security.

In addition, we can use "SPIKE Proxy" to test the buffer overflow problem of Web applications.

10. Invalid Data

Can I use the encoding method to confuse some illegal characters? Will the Web server be abnormal due to the data?

11. Server Detection

Scan servers to check for other vulnerabilities. 0-day is always hacker's favorite! You can find a list of vulnerabilities on similar websites such as BUGTraq and Metasploit.

12. DDOS

Old rogue attack methods:>.

13. Authentication attacks

(1) disguised Encryption

(2) Certification destruction

(3) Cross-Site tracking

(4) brute-force cracking key

Postscript

Although the article is not long, it still takes a lot of time. As an entry-level security article, this article only lists the most basic attack methods, but these attack methods are often the most effective. If you are interested in security, you can leave a message to share your thoughts. In the future, I will continue to sort out some security-related documents:>.

Author: hyddd
Source: http://www.cnblogs.com/hyddd/
This article is copyrighted by the author. You are welcome to repost, assume, or use it for commercial purposes, but you must describe the source of this article (including links ).

Preface

I recently read Web intrusion Security Testing and countermeasures, and have gained a lot of inspiration. This book introduces a lot of Web intrusion ideas and well-known security sites outside China, which has broadened my horizons. Here, I have summarized the attack modes mentioned in the book again, and attached some relevant references, hoping to help Web developers and Security testers.

Currently, Web attack methods are changing with each passing day, but many of the basic ideas are derived from the following attack methods. For example, the "SQL injection" and "command injection" mentioned below are:Injecting ideasDifferent expressions. In addition, the purpose of this article is not to "introduce each attack technology in detail", but to "let everyone know what to know if program security is required"

Web intrusion attack methods

I. Test client attacks

1. Search for sensitive information

(1) annotations in HTML code, hiding fields and other sensitive information.

Many tools can help you analyze webpages, such as PageSpy and Firebug.

(2) server error information. For example:

(3) program error prompt.

In the classic example, you need to enter the account and password when logging on to the website. If the server returns an error message "this account does not exist" for the wrong account ", return another correct message "incorrect account and password" for the wrong password ". Then the attacker can guess the user name based on the returned value and continue the next attack.

2. Guess the file and directory

If you have downloaded the Access database of a forum, you should remember this attack method. In addition, if the access to the configuration file is not well protected, the consequences are equally serious.

3. Bypass client input restrictions/verification (client data is untrusted)

There are many ways to bypass client verification or restrictions. You can directly remove the JavaScript script on the web page. Another way is to intercept the sending package and change it directly.

4. Modify Cookie

Have you found any Cookie files on the machine in the university library? Have you ever thought about modifying its expiration time to continue using it?

There are many articles about cookies on the Internet, and a foreign site is also recommended in the book: Dutchduck ., For more information, see.

2. Use Web vulnerabilities for attacks

5. vulnerabilities in third-party libraries/components

The use of third-party resources is inevitable, but you should keep an eye on it:>.

6. Session Hijak)

In addition to listening, session hijacking also takes other forms, such as directly modifying the session ID of a Cookie or modifying the Cookie information of an HTTP packet header. However, a simple hijacking method is usually through listening.

Here, session hijacking was very popular in my high school, because at that time, most LAN components were still using the HUB, making listening very convenient. However, with the popularization of vswitches, session hijacking has gradually become quite secure. Now, session hijacking seems to rise again with the popularity of wireless networks:>

Hamster can be used to hijack a wireless network.

To perform session hijacking in the vswitch environment, you can use: SSCLONE

Measure the test taker's understanding about the monitoring principle: network sniffing technology analysis.

7. Cross-Site attack (XSS)

XSS can be divided into storage-type XSS and reflective XSS based on different usage ".

Stored XSS: attackers enter malicious information in the form of comments or messages. When other users access the website, the server extracts the malicious information from the database, and display it back to the user. This method can be seen as an attacker hanging a malicious script on the website.

Reflected XSS: embeds the script information into the CGI parameter of the URL, and entice you to click the link by email or other means.

Generally, the ultimate objective of XSS is:

(1) stealing personal information.

(2) download viruses and Trojans.

(3) embed spoofing information in a real website.

Currently, there seems to be fewer websites with stored XSS vulnerabilities, but there are still many reflective websites.

8. injection attacks

(1) SQL Injection

(2) Command Injection

(3 )......

In fact, the injection idea is the same, but it should be different. They share the following features: Entering special characters to change the original business process/spoofing server. For more information about SQL Injection, see Advanced SQL Injection In SQL Server Applications.

9. Buffer Overflow

In. NET, Java is prevalent today, buffer overflow issues rarely occur. For more information, see Smashing The Stack For Fun And Profit And Michael Howard's 19 Deadly Sins of Software Security.

In addition, we can use "SPIKE Proxy" to test the buffer overflow problem of Web applications.

10. Invalid Data

Can I use the encoding method to confuse some illegal characters? Will the Web server be abnormal due to the data?

11. Server Detection

Scan servers to check for other vulnerabilities. 0-day is always hacker's favorite! You can find a list of vulnerabilities on similar websites such as BUGTraq and Metasploit.

12. DDOS

Old rogue attack methods:>.

13. Authentication attacks

(1) disguised Encryption

(2) Certification destruction

(3) Cross-Site tracking

(4) brute-force cracking key

Postscript

Although the article is not long, it still takes a lot of time. As an entry-level security article, this article only lists the most basic attack methods, but these attack methods are often the most effective. If you are interested in security, you can leave a message to share your thoughts. In the future, I will continue to sort out some security-related documents:>.