Three simple steps to help enterprises solve Web Service Security Protection Problems

Bkjia.com comprehensive report] Gartner recently published a survey showing that 75% of malicious attacks are targeted at Web applications, and only a few of them are targeted at the network layer. According to the survey data, nearly 2/3 of Web sites are quite vulnerable to different levels of malicious attacks. This means that the security defense of Web websites should be the focus of enterprises' informatization construction. However, in fact, most enterprises spend a lot of investment on network and server security, hackers are given the opportunity not to guarantee the security of Web services in a true sense.

According to the Report provided by OWASP, a world-renowned Web security research organization, the two most serious threats to Web business systems are injection vulnerabilities and cross-site scripting vulnerabilities.

Injection Vulnerability attacks. In particular, the SQL injection vulnerability mainly aims to directly execute database statements by using the program of the target website without filtering special characters or verifying the validity of characters entered by the user, as a result, the website has security risks by verifying that user input uses a negative or positive security policy to effectively detect and intercept injection attacks.

Cross-site scripting (XSS) attacks mean that the target website does not effectively filter or convert the variable code submitted by the user. Attackers can insert malicious Web code, which is usually a constructed javascript statement ), user sessions are hijacked, webpage information is tampered with, or even worms are introduced. by verifying that user input uses a negative or positive security policy, the system effectively detects and intercepts cross-site scripting (XSS) attacks.

From the past security events, Web attacks can cause extremely serious consequences. By using the above methods, a legitimate and normal website is attacked and malicious code is embedded into the webpage using the obtained permissions, download the malicious program to a host with a client vulnerability for attack purposes. For example, you can steal various user accounts, such as machine logon accounts, user online banking accounts, and various administrator accounts. Control enterprise data, including the ability to read, tamper with, add, and delete enterprise sensitive data. Theft of important information with commercial value. Illegal transfer. Website Trojans. Control victim machines to launch attacks to other websites ......

In view of the above analysis of common Web attacks, it is imperative to protect the Web and client. Therefore, security experts from Lenovo Wangyu use the BKJIA security channel, the following suggestions are provided to information managers of enterprises:

First, solve the Web server security issues.The specific solution can be combined with source code audit and intrusion protection system deployment. Source Code audit is performed by professional security personnel to check the security of the source code of Web applications, performs security tests on the input and output functions of the program to maximize the security of the Web program's own code, and deploys an intrusion protection system, provides active protection against cross-site scripting, SQL injection, Cookie injection, parameter tampering, and other Web attacks.

Second, the security of the Web browser client is solved.It mainly prevents remote malicious code execution vulnerabilities. The principle is to construct specially designed format error data, trigger system vulnerabilities by attackers, and change the code execution path in the client software, attackers can exploit malicious code or programs with formatted error data. If the client browser has an unpatched malicious code execution vulnerability or zero-day vulnerability, When you access a website infected with malicious code, the website automatically runs malicious code of the attacker in the browser that logs on to the user, and uses Web browser vulnerabilities to install malicious viruses and Trojans, such as password theft of malware. These malicious behaviors are executed by exploiting the browser's system background vulnerabilities. All these malicious behaviors do not require any user interaction. Therefore, we should try to use a Web browser that has adopted conventional stack protection measures to prevent stack-based and heap-based buffer overflow attacks. Currently, Microsoft IE browser of the latest version provides data-based Execution Protection (DEP) or does not execute NX) memory protection measures, on Internet Explorer 8, you can enable the "enable memory protection to help reduce online attacks" option on the Internet Control Panel to effectively prevent remote code attacks. In addition, we recommend that you deploy a unified Intranet management system, monitors and upgrades key applications and system patches from time to ensure client and Intranet security.

Thirdly, it aims to prevent Trojans and viruses.We recommend that you install terminal anti-virus and firewall software and keep updates from time to time, enable the virus and Trojan Protection Policy of the intrusion protection system, and establish a unified virus protection system, such as deploying network anti-virus at network boundaries, protects key servers and clients, detects and monitors network connections, and ensures that security risks are within a controllable range.

In fact, a number of well-known domestic vendors, including Lenovo Wangyu, have proposed a series of security solutions to address the current Web security situation. These solutions provide comprehensive evaluation and analysis on the current situation of enterprise IT applications from multiple perspectives to fully understand the risks faced by the system, only by combining security assessment, security repair, and deployment of corresponding products can you maximize the security of Web system applications.