First, website attack and defense
Attack:
1. XSS attack: Dangerous character escapes, HttpOnly
2. Injection attack: Parameter binding
3, CSRF (cross-site request forgery): Token, verification code, Referer Check
4. Other vulnerability attacks
- Error Code
- HTML annotations
- File Upload
- Path traversal
Defense:
1. Web Application firewall: modsecurity
2. Website security vulnerability Scan
Second, information encryption technology and key management
1, one-way hash encryption
2. Symmetric encryption
3. Asymmetric encryption
4. Key Security Management
Third, information filtering and anti-spam
1, text matching: Regular, trie algorithm, multi-level hash, noise reduction pretreatment
2, Classification algorithm: Sample---"Classification algorithm training---" Garbage classification model---"matching pending information; Bayesian algorithm
3. Blacklist
4, e-commerce risk control
(1) Account risk
(2) Buyer risk
(3) Seller risk
(4) Trading risk
(1) Rule engine
(2) Statistical model
Study Note 8: "The Core principles and case analysis of large web site technology architecture": the security architecture of the website