Home > Developer > Web Develop

HTTP Knowledge Popularization series: Web Attack technology

Source: Internet
Author: User
Tags session id
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

  2. There is no security issue in the HTTP protocol itself, and resources such as servers and clients that apply the HTTP protocol and Web applications running on the server are the targets of the attack.
  4. Web sites make almost all of the security features of Session management, encryption processing, and so on. The HTTP protocol itself does not have these features.
  6. Loading the attack code within the HTTP request message can initiate an attack on the Web application.
  8. Web-based attack mode
    1. An active attack is an attack pattern in which an attacker enters an attack code by directly accessing the application.
    2. A passive attack is an attack pattern that executes an attack code using a full set of policies.
  10. Implementing a Web application's security policy can be broadly divided into the following two parts.
    1. Client Authentication
    2. Web application side (server side) validation
      1. Input value Validation
      2. Output value escape
  12. A cross-site scripting attack is an attack that runs illegal HTML-tagged live JavaScript through a Web site that has a security vulnerability that registers a user's browser.
    1. Using false input forms to defraud users of personal information
    2. Use a script to steal a user's cookie value and be shouted to help an attacker send a request without knowing it.
    3. Displays a forged article or picture.
  14. SQL injection refers to the database that is used by the Web app, and attacks that are generated by running illegal SQL.
    1. Illegally viewing or tampering with data in a database
    2. Bypass Certification
    3. Execute the program associated with the database server business, etc.
  16. An OS command injection attack is a means of executing an illegal operating system command through a Web application to achieve an attack.
  18. An HTTP header injection attack is an attack in which an attacker adds an arbitrary response header or subject by inserting a newline within the response header field.
  20. Message header injection refers to the message-sending feature in a web app that an attacker initiates by adding any illegal content to the message header to or subject.
  22. A directory traversal attack is an attack on a file directory that is not intended to be exposed, which is accessed through an illegal truncation of its directory path.
  24. A remote file containment vulnerability is an attack that allows an attacker to run arbitrary scripts after a file has been read by a specified external server's URL when a portion of the script's content needs to be read from another file.
  26. Forced browsing security breaches refer to files that are otherwise not voluntarily disclosed, from files placed in the public directory of the Web server.
  28. An incorrect error message handling security vulnerability is a Web application that contains information that is useful to an attacker in the error message.
  30. Open redirection refers to a jump function that redirects any URL.
  32. Session hijacking means that an attacker gets the user's session ID by some means and illegally uses the session ID to disguise the user's intent to reach the attack.
  34. For a session hijacking that steals the target session ID as an active attack, a session pinning attack forces the user to use the session ID specified by the attacker, which is a passive attack.
  36. Cross-site request forgery attack is a passive attack in which an attacker enforces certain status updates, such as unexpected personal information or setting information, to a user who has completed authentication by setting a good trap.
  38. Password cracking attack is to calculate the password, breakthrough authentication.
    1. Pass the password on the network trial and error
      1. Poor Lifting method
      2. Dictionary attacks
    2. The decryption of the encrypted password
  40. Click Hijacking refers to the use of transparent buttons or links as traps, covering the Web page.
  42. A Dos attack is an attack that keeps a running service in a stopped state. DDoS refers to Dos attacks initiated by multiple computers.
  44. A backdoor is a hidden portal for development settings, which does not use the restricted function as normal steps.

HTTP Knowledge Popularization series: Web Attack technology

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
http trace xss attack web technology books web hosting knowledge base articles example of knowledge web pages web griffin series hindi web series online web series movie

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More