1, problem: no validated input
Test method:
Data types (string, integer, real, etc.)
Allowed character sets
Minimum and maximum length
Whether to allow null input
Whether the parameter is required
Repeat whether to allow
Range of values
A specific value (enumerated type)
Specific patterns (regular expressions)
2, problem: problematic access control
Test method:
Mainly used to verify the user identity and permissions of the page, copy the page's URL address, close the page, to see if you can directly enter the copy of the good address
Example: A link from one page to another can see the URL address
Enter this address directly, you can see your own page information without permission,
3 wrong authentication and session management
Analysis: Account list: The system should not allow users to browse to all of the site's accounts, if you must have a user list, it is recommended to use some form of kana (screen name) to point to the actual account.
Browser cache: Authentication and session data should not be sent as part of get, should use post,
4 Problem: Cross-site scripting (XSS)
Analysis: An attacker who uses a cross-site script to send malicious code to a user who is not aware of, stealing any information on his machine
Test method:
HTML Tags: <...>, .....
• Escape character:& (&);< (<);> (>); (space);
• scripting language :
• Special characters: ' < >/
• Minimum and maximum length
• Whether null input is allowed
Example: the input box for the grid, Label, Tree view class is not validated and the input content is parsed in HTML syntax
5, buffer overflow
Analysis: Users use buffer overflows to break the stack of Web applications, and by sending specially written code into a Web program, an attacker can let a Web application execute arbitrary code.
6, injection-type vulnerability.
Example: A page that validates a user's login,
If you are using an SQL statement that:
Select * FROM table A where username= ' + username+ ' and pass word ....
SQL input ' or 1=1―― can be attacked without entering any password
7, improper handling of exceptions
Analysis: The program throws an exception when it gives a more detailed internal error information, exposing the execution details should not be displayed, the site has a potential vulnerability,
8, unsafe storage
No key data is encrypted
Example: View-source:http address to view source code
Enter the password on the page, the page is displayed is * * * *, right-click, view the source file can see the password just entered,
9, Denial of service
Analysis: An attacker could generate enough traffic from one host to run out of malicious applications, eventually crippling the program. Need to do load balancing to deal with.
10, insecure configuration management
Analysis: Link strings in config and user information, messages, data storage information need to be protected
What programmers should do: Configure all of the security mechanisms, turn off all unused services, set role rights accounts, use logs and alerts.