Security Test Learning Note II (Analysis of top 10 vulnerabilities)

1, problem: no validated input

Test method:

Data types (string, integer, real, etc.)

Allowed character sets

Minimum and maximum length

Whether to allow null input

Whether the parameter is required

Repeat whether to allow

Range of values

A specific value (enumerated type)

Specific patterns (regular expressions)

2, problem: problematic access control

Test method:

Mainly used to verify the user identity and permissions of the page, copy the page's URL address, close the page, to see if you can directly enter the copy of the good address

Example: A link from one page to another can see the URL address

Enter this address directly, you can see your own page information without permission,

3 wrong authentication and session management

Analysis: Account list: The system should not allow users to browse to all of the site's accounts, if you must have a user list, it is recommended to use some form of kana (screen name) to point to the actual account.

Browser cache: Authentication and session data should not be sent as part of get, should use post,

4 Problem: Cross-site scripting (XSS)

Analysis: An attacker who uses a cross-site script to send malicious code to a user who is not aware of, stealing any information on his machine

Test method:

HTML Tags: <...>, .....

• Escape character:& (&);< (<);> (>); (space);

• scripting language :

　　

• Special characters: ' < >/

• Minimum and maximum length

• Whether null input is allowed

Example: the input box for the grid, Label, Tree view class is not validated and the input content is parsed in HTML syntax

5, buffer overflow

Analysis: Users use buffer overflows to break the stack of Web applications, and by sending specially written code into a Web program, an attacker can let a Web application execute arbitrary code.

6, injection-type vulnerability.

Example: A page that validates a user's login,

If you are using an SQL statement that:

Select * FROM table A where username= ' + username+ ' and pass word ....

SQL input ' or 1=1―― can be attacked without entering any password

7, improper handling of exceptions

Analysis: The program throws an exception when it gives a more detailed internal error information, exposing the execution details should not be displayed, the site has a potential vulnerability,

8, unsafe storage

No key data is encrypted

Example: View-source:http address to view source code

Enter the password on the page, the page is displayed is * * * *, right-click, view the source file can see the password just entered,

9, Denial of service

Analysis: An attacker could generate enough traffic from one host to run out of malicious applications, eventually crippling the program. Need to do load balancing to deal with.

10, insecure configuration management

Analysis: Link strings in config and user information, messages, data storage information need to be protected

What programmers should do: Configure all of the security mechanisms, turn off all unused services, set role rights accounts, use logs and alerts.