Solutions to data standards and quality AppScan (test) security issues

1. SQL injection file write (user authentication required)

Workaround: Through the establishment of a filter method, all user input information to clean up filtering. Filtering the dangerous characters contained by user input can prevent malicious users from causing the application to perform unplanned tasks, such as starting arbitrary SQL queries, embedding JavaScript code that will be executed on the client, running various operating system commands, and so on.

It is recommended to filter out all of the following characters:

[1] | (vertical bar symbol) [2] & (& Symbol) [3]; (semicolon) [4] $ (dollar sign) [5]% (percent sign) [6] @ (at sign) [7] ' (single quote) [8] "(quotation mark) [9] \ ' (backslash escaped single quotation mark) [10] \" (Backslash escape quotes) [one] <> (angle brackets) [12] () (brackets) [13] + (plus sign) [+] CR (carriage return, ASCII 0x0d) [[] LF (line feed, ASCII 0x0a) [16], (comma) [17] \ (backslash)

Note This issue will always be reported when Rational AppScan standard is turned on. Therefore, this issue requires user authentication. Specifically, refer to http://www-01.ibm.com/support/docview.wss?uid=swg21472385

2. Session not updated

Workaround: Add the following code to the login page

Resolves security issues, the session is not updated request.getsession (). invalidate ();//empty sessioncookie[] cookies = request.getcookies ();//Get Cookieif ( Null! = Cookies &&cookies.length> 0) {for (Cookie cookie:cookies) {cookie.setmaxage (0);//Let Cookies expire}}

3. Cross-site request forgery

Solution: In the filter to increase the request response information source to determine the filter;

Addressing security issues: cross-site request forgery of   String referer = Req.getheader ("Referer");   REFRESH     String serverName = Request.getservername (); if (null! = Referer&&referer.indexof (serverName) < 0) {            req.getrequestdispatcher (Req.getrequesturi ()). Forward (req, response);     }

4. Cross-site Scripting

Workaround: Through the establishment of filter method, the request response information source is increased to filter and filter all user input information. Filtering the dangerous characters contained by user input can prevent malicious users from causing the application to perform unplanned tasks, such as starting arbitrary SQL queries, embedding JavaScript code that will be executed on the client, running various operating system commands, and so on. The concrete implementation can refer to the combination of 1. SQL injection file writes with 3. Cross-site request forgery resolution;

5. Decrypted Login Request

Workaround:

1. The password entered by the user is MD5 encrypted on the page and fed back to the password input box.

2. Manually generate SSL secure access certificate; This does not introduce, related methods can be found online;

3. Change the product HTTP access mode to SSL secure access, and add the following code to Server.xml under the Conf folder of the APACHE-TOMCAT application server:

<!--set SSL (HTTPS) security access, Access port: 8443-><connectorport= "8443" minsparethreads= "5" maxsparethreads= "75" Enablelookups= "true" disableuploadtimeout= "true" acceptcount= "maxthreads=" "" Scheme= "" https "secure=" true " Sslenabled= "true" ciphers= "Ssl_rsa_with_rc4_128_sha, tls_rsa_with_aes_128_cbc_sha,tls_dhe_rsa_with_aes_128_cbc_ SHA, Tls_dhe_dss_with_aes_128_cbc_sha,ssl_rsa_with_3des_ede_cbc_sha, ssl_dhe_rsa_with_3des_ede_cbc_sha,ssl_dhe_ Dss_with_3des_ede_cbc_sha "keystorefile=" Keystore/server.keystore "keystorepass=" 123456 "clientAuth=" false " Sslprotocol= "TLS"/>

(Note: Keystore/server.keystore is the certificate store path; 123456 is the certificate password;)

4. Add the following code to the product Web. xml file:

<!--security issues: Decrypted login request, change to SSL secure access mode--><security-constraint><web-resource-collection>< web-resource-name>ssl</web-resource-name><url-pattern>/*</url-pattern></ web-resource-collection><user-data-constraint><transport-guarantee>confidential</ Transport-guarantee></user-data-constraint></security-constraint>

6. An unsecured HTTP method is enabled

Workaround: Modify the Web project or server. XML, add Security configuration information, disable unnecessary HTTP methods

<!--address security issues: Enable unsafe HTTP methods--><security-constraint><web-resource-collection><url-pattern>/ *</url-pattern>

7. Missing HttpOnly attribute in session cookie

Workaround: Increase the configuration of the request response header in the filter
Resolves a problem where users ' cookies can be compromised, reducing cross-site scripting attacks
Resp.setheader ("Set-cookie", "Name=" +newsimpledateformat ("Yyyy-mm-ddhh:mm:ss"). Format (new Date ()) + "; Secure; HttpOnly ");

8. Discovery of WEB Application source code disclosure Patterns

Workaround: Clean up some source code that appears in the code comment;

9. Automatically fill in HTML attributes that are not disabled for the password field

Workaround: Increase the autocomplete= "off" property in the Password input box

10. Discover internal IP leak mode

Workaround: Clear the IP address that appears in the Code;

11. Application Test Script detected

Workaround: To clean up the test script files appearing in the code, the script files mainly include test.php, test.asp, test.cgi, test.html, etc., and modify some sensitive character file names including: test, old, etc.

12.Unix file parameter changes

Workaround: By creating a filter method, increase the input information for all users to include ".." (Two dots) string for cleanup filtering. The concrete implementation can refer to the combination of 1. A workaround for SQL injection file writes;

13.Windows file parameter changes

Workaround: By creating a filter method, increase the input information for all users to include ".." (Two dots) string for cleanup filtering. The concrete implementation can refer to the combination of 1. A workaround for SQL injection file writes;

14. Link injection (facilitates cross-site request forgery)

Workaround: Through the establishment of filter method, the request response information source is increased to filter and filter all user input information. Filtering the dangerous characters contained by user input can prevent malicious users from causing the application to perform unplanned tasks, such as starting arbitrary SQL queries, embedding JavaScript code that will be executed on the client, running various operating system commands, and so on. The concrete implementation can refer to the combination of 1. SQL injection file writes with 3. Cross-site request forgery resolution;

15. Fishing by Frame

Workaround: Through the establishment of filter method, the request response information source is increased to filter and filter all user input information. Filtering the dangerous characters contained by user input can prevent malicious users from causing the application to perform unplanned tasks, such as starting arbitrary SQL queries, embedding JavaScript code that will be executed on the client, running various operating system commands, and so on. The concrete implementation can refer to the combination of 1. SQL injection file writes with 3. Cross-site request forgery resolution;

16. Insufficient account blockade

Workaround: To limit the number of user login errors, and in a certain period of time do not allow re-login;

17. File Replacement Version detected

Workaround: Clean up all files in the product that start with "Copy of", "_", ".", "~" and "old";

18. Discover e-mail address patterns

Workaround: Clear the e-mail address that appears in the Code;

19.HTML Comment sensitive information disclosure

Workaround: Clear the sensitive information that appears in the code comment, including: source code, e-mail, IP address of the comment;
Reprinted from: http://p.primeton.com/articles/53c64b6ee13823319f000048
Solutions to data standards and quality AppScan (test) security issues