Web front-End Pen Questions (3)--front-end security issues

1.XSS

Cross Site scripting attacks (Scripting), which are not confused with the abbreviations of cascading style sheets (cascading style Sheets, CSS), are abbreviated as XSS for cross-site scripting attacks.

A malicious attacker inserts malicious HTML code into a Web page, and when the user browses to the page, HTML code embedded inside the Web is executed to achieve the special purpose of the malicious attacker.

Type:

(1) attacks from within

Mainly refers to the use of the vulnerability of the program itself, the construction of cross-site statements, such as: Dvbbs showerror.asp the existence of cross-site vulnerability.

(2) attacks from outside, mainly refers to the construction of the XSS cross-Site Vulnerability Web page or to find a non-target outside the Web site has a cross-site vulnerability. If we are going to infiltrate a site, we construct a Web page with a cross-site vulnerability, and then construct the cross-site statement, which, by combining other technologies, such as social engineering, will trick the administrator of the target server into opening. 2.SQL Injection

SQL injection: This is done by inserting a SQL command into a Web form to submit or entering a query string for a domain name or page request, eventually reaching a malicious SQL command that deceives the server.

Solution:

(1) Validation of user input through regular expressions, such as whether to include characters with single quotation marks and double "-", or whether there are SQL reserved words

(2) data query through parameterized stored procedures, LINQ to SQL

(3) Parameterized SQL statements

3.CSRF

CSRF (Cross-site request forgery cross-site solicitation forgery, also known as "one click Attack" or session riding, usually abbreviated as CSRF or XSRF, is a malicious use of the site. Although it sounds like a cross-site script (XSS), it is very different from XSS and is almost at odds with the way it is attacked.

XSS leverages trusted users within the site, while CSRF leverages trusted sites by disguising requests from trusted users. Compared to XSS attacks, csrf attacks are often less prevalent (and therefore have very few resources to protect against them) and are difficult to guard against, so they are considered more dangerous than XSS.

Characteristics:

1. Compromising websites with user identities
2. Use the site's trust in user identities
3. Spoof the user's browser to send an HTTP request to the target site
4. Alternatively, a GET request can be triggered by an IMG tag, which can be used to implement a CSRF attack.

Precautionary measures:

For Web sites, switching a persisted authorization method (such as a cookie or HTTP authorization) to an instantaneous authorization method (providing a hidden field in each form) will help the site prevent these attacks. A similar approach is to include the secret information in the form, the user-specified code name as a validation outside of the cookie. Another option is to "double-commit" cookies. This method works only with Ajax requests, but it can be used as a global remediation method without changing a large number of form. If an authorized cookie is being read by the JavaScript code before the form post, then the restriction cross-domain rule will be applied. If the server needs to include a request for an authorization cookie in the POST request body or URL, the request must come from a trusted domain because the other domain cannot read the cookie from the trusting domain. Contrary to the usual trust idea, using post instead of the Get method does not provide effective protection. Because JavaScript can use forged post requests. Nonetheless, requests that cause "side effects" to security should always be sent using post. The Post method does not leave the data tail in the Web server and proxy server logs, but the Get method leaves the data tail. Although CSRF is a fundamental issue for Web applications, not a user's problem, users can protect their accounts on websites that lack secure design: By logging out of the site before browsing other sites or by clearing the browser's cookie after the end of the browser session.

Web front-End Pen Questions (3)--front-end security issues