Web Security test Content

First, you need to understand the web

The web is divided into several layers, a picture wins thousands of words:

The truth is this: It is impossible to do safety research if you do not understand these subjects.

In this way, the web has eight layers (if the browser is counted in, on the nine-storey, nine-yang martial ... ）！！！ There are dozens of main components on each floor!!! What's the deal?
Don't worry, a general rule Lawspirit pass , this is the horizontal layer, vertical is the data flow ! Take care of the data flow: from the horizontal layer, top to bottom → from bottom to top, take a serious look at how the data is handled at each layer.

In the data flow, there is a key to the HTTP protocol, from top to bottom → from bottom to top of the end (that is, request response), through the Baidu/google some introductory HTTP protocol, probably understand, and then Chrome browser F12 actually look at the "Network" tab in the HTTP request response, In a few hours, you probably know the HTTP protocol thing. (This is the essence of fast research.)

Once you understand the HTTP protocol, you will understand the "input and output " of the security terminology.

The hacker submits the "special data" through the input , the special data is processed at each layer of the data stream , if a layer is not handled well, in the output , there will be the corresponding layer of security issues.

Understand this, even if you get started.

Remember: All the security issues are reflected in the "input and Output" , all the security issues are in the "Data Flow" throughout the process.

Remember: The two key points of"Data Flow", "Input and output" .

Second, the Web site system architecture

From the structure of the above Web site, the security of the Web mainly exists in: client browser, Web front-end security, Web backend security, server operating system security, database security

Third, web testing concerns

Web applications can conduct security testing according to the following scenario, a comprehensive security audit that lists directories, and specific test tools and methods that can be determined based on the project's own search

Test Objects : Servers (host), servlet containers, databases, third-party services and interfaces, Web applications (various files that handle dynamic requests. ASP. PHP jsp, etc.)

1. Application deployment Environment (server):

Operating system user name password strength

Operating system users, user groups, and permissions settings

System Vulnerabilities and Patches

System Port Security

Application deployment Environment directory and file security

Firewall and network Port settings

2. Database :
Database server version and vulnerability

User name

Password settings

Database user rights settings and authorization settings

Database server port and network connection settings

3. Web Application Security Testing:

SQL injection

Form Vulnerability

Cookie Spoofing

Session Test

Log file test

Cross-site attack (ZAP)

Authentication and session attacks (Hackbar)

Unsafe Object Direct Reference attack (BURP)

CSRF (Tamper Data)

4. Third-party services and interfaces

System/Service version and vulnerability
Security Configuration Test
Data Transfer Security Test
Data legitimacy Testing
Data integrity Testing

Web Security test Content