1. SQL injection file write (user authentication required)
Workaround: Through the establishment of a filter method, all user input information to clean up filtering. Filtering the dangerous characters contained by user input can prevent malicious users from causing the application to perform unplanned tasks, such as starting arbitrary SQL queries, embedding JavaScript code that will be executed on the client, running various operating system commands, and so on.
It is recommended to filter out all of the following characters:
[1] | (vertical bar symbol) [2] & (& Symbol) [3]; (semicolon) [4] $ (dollar sign) [5]% (percent sign) [6] @ (at sign) [7] ' (single quote) [8] "(quotation mark) [9] \ ' (backslash escaped single quotation mark) [10] \" (Backslash escape quotes) [one] <> (angle brackets) [12] () (brackets) [13] + (plus sign) [+] CR (carriage return, ASCII 0x0d) [[] LF (line feed, ASCII 0x0a) [16], (comma) [17] \ (backslash)
Note This issue will always be reported when Rational AppScan standard is turned on. Therefore, this issue requires user authentication. Specifically, refer to http://www-01.ibm.com/support/docview.wss?uid=swg21472385
2. Session not updated
Workaround: Add the following code to the login page
Resolves security issues, the session is not updated request.getsession (). invalidate ();//empty sessioncookie[] cookies = request.getcookies ();//Get Cookieif ( Null! = Cookies &&cookies.length> 0) {for (Cookie cookie:cookies) {cookie.setmaxage (0);//Let Cookies expire}}
3. Cross-site request forgery
Solution: In the filter to increase the request response information source to determine the filter;
Addressing security issues: cross-site request forgery of String referer = Req.getheader ("Referer"); REFRESH String serverName = Request.getservername (); if (null! = Referer&&referer.indexof (serverName) < 0) { req.getrequestdispatcher (Req.getrequesturi ()). Forward (req, response); }
4. Cross-site Scripting
Workaround: Through the establishment of filter method, the request response information source is increased to filter and filter all user input information. Filtering the dangerous characters contained by user input can prevent malicious users from causing the application to perform unplanned tasks, such as starting arbitrary SQL queries, embedding JavaScript code that will be executed on the client, running various operating system commands, and so on. The concrete implementation can refer to the combination of 1. SQL injection file writes with 3. Cross-site request forgery resolution;
5. Decrypted Login Request
Workaround:
1. The password entered by the user is MD5 encrypted on the page and fed back to the password input box.
2. Manually generate SSL secure access certificate; This does not introduce, related methods can be found online;
3. Change the product HTTP access mode to SSL secure access, and add the following code to Server.xml under the Conf folder of the APACHE-TOMCAT application server:
<!--set SSL (HTTPS) security access, Access port: 8443-><connectorport= "8443" minsparethreads= "5" maxsparethreads= "75" Enablelookups= "true" disableuploadtimeout= "true" acceptcount= "maxthreads=" "" Scheme= "" https "secure=" true " Sslenabled= "true" ciphers= "Ssl_rsa_with_rc4_128_sha, tls_rsa_with_aes_128_cbc_sha,tls_dhe_rsa_with_aes_128_cbc_ SHA, Tls_dhe_dss_with_aes_128_cbc_sha,ssl_rsa_with_3des_ede_cbc_sha, ssl_dhe_rsa_with_3des_ede_cbc_sha,ssl_dhe_ Dss_with_3des_ede_cbc_sha "keystorefile=" Keystore/server.keystore "keystorepass=" 123456 "clientAuth=" false " Sslprotocol= "TLS"/>
(Note: Keystore/server.keystore is the certificate store path; 123456 is the certificate password;)
4. Add the following code to the product Web. xml file:
<!--security issues: Decrypted login request, change to SSL secure access mode--><security-constraint><web-resource-collection>< web-resource-name>ssl</web-resource-name><url-pattern>/*</url-pattern></ web-resource-collection><user-data-constraint><transport-guarantee>confidential</ Transport-guarantee></user-data-constraint></security-constraint>
6. An unsecured HTTP method is enabled
Workaround: Modify the Web project or server. XML, add Security configuration information, disable unnecessary HTTP methods
<!--address security issues: Enable unsafe HTTP methods--><security-constraint><web-resource-collection><url-pattern>/ *</url-pattern>
7. Missing HttpOnly attribute in session cookie
Workaround: Increase the configuration of the request response header in the filter
Resolves a problem where users ' cookies can be compromised, reducing cross-site scripting attacks
Resp.setheader ("Set-cookie", "Name=" +newsimpledateformat ("Yyyy-mm-ddhh:mm:ss"). Format (new Date ()) + "; Secure; HttpOnly ");
8. Discovery of WEB Application source code disclosure Patterns
Workaround: Clean up some source code that appears in the code comment;
9. Automatically fill in HTML attributes that are not disabled for the password field
Workaround: Increase the autocomplete= "off" property in the Password input box
10. Discover internal IP leak mode
Workaround: Clear the IP address that appears in the Code;
11. Application Test Script detected
Workaround: To clean up the test script files appearing in the code, the script files mainly include test.php, test.asp, test.cgi, test.html, etc., and modify some sensitive character file names including: test, old, etc.
12.Unix file parameter changes
Workaround: By creating a filter method, increase the input information for all users to include ".." (Two dots) string for cleanup filtering. The concrete implementation can refer to the combination of 1. A workaround for SQL injection file writes;
13.Windows file parameter changes
Workaround: By creating a filter method, increase the input information for all users to include ".." (Two dots) string for cleanup filtering. The concrete implementation can refer to the combination of 1. A workaround for SQL injection file writes;
14. Link injection (facilitates cross-site request forgery)
Workaround: Through the establishment of filter method, the request response information source is increased to filter and filter all user input information. Filtering the dangerous characters contained by user input can prevent malicious users from causing the application to perform unplanned tasks, such as starting arbitrary SQL queries, embedding JavaScript code that will be executed on the client, running various operating system commands, and so on. The concrete implementation can refer to the combination of 1. SQL injection file writes with 3. Cross-site request forgery resolution;
15. Fishing by Frame
Workaround: Through the establishment of filter method, the request response information source is increased to filter and filter all user input information. Filtering the dangerous characters contained by user input can prevent malicious users from causing the application to perform unplanned tasks, such as starting arbitrary SQL queries, embedding JavaScript code that will be executed on the client, running various operating system commands, and so on. The concrete implementation can refer to the combination of 1. SQL injection file writes with 3. Cross-site request forgery resolution;
16. Insufficient account blockade
Workaround: To limit the number of user login errors, and in a certain period of time do not allow re-login;
17. File Replacement Version detected
Workaround: Clean up all files in the product that start with "Copy of", "_", ".", "~" and "old";
18. Discover e-mail address patterns
Workaround: Clear the e-mail address that appears in the Code;
19.HTML Comment sensitive information disclosure
Workaround: Clear the sensitive information that appears in the code comment, including: source code, e-mail, IP address of the comment;
Reprinted from: http://p.primeton.com/articles/53c64b6ee13823319f000048
Solutions to data standards and quality AppScan (test) security issues