Web security knowledge Q &

Q:

What is a trojan?

A:

The name Trojan comes from ancient Greek legends. in the Internet era, it usually refers to controlling another computer through a specific program (Trojan program. A Trojan usually has two executable programs: one is the client, that is, the control side, and the other is the server side, that is, the control side. To prevent trojans from being discovered, the trojan designer uses multiple methods to hide the Trojan. Once a trojan service is run and connected to the control terminal, its control end will have most of the Operation permissions of the server, such as adding a password to the computer, browsing, moving, copying, deleting files, and modifying the registry, change the computer configuration.

 

Q:

What is website Trojan?

A:

"Trojan" means that after hackers intrude into some websites, they embed their own webpage Trojans into the homepage of the hacked website. When visitors browse the webpage, they will be implanted with Trojans, hackers can achieve ulterior motives through remote control. A webpage Trojan is a combination of a Trojan and a webpage. When a webpage is opened, it also runs a Trojan. The principle of Web Trojan is to use ActiveX Control of IE browser. After a web Trojan is run, a download prompt is displayed. Only after you click OK will the trojan be run. This kind of Web Trojan still has a little value in use when the network security awareness is generally low, but its disadvantage is obvious, that is, the ActiveX control download prompt will appear. Of course, few people will click the inexplicable ActiveX Control download Confirmation window. In this case, a new webpage Trojan is born. This kind of Web Trojans usually take advantage of the vulnerabilities in the IE browser. They are not prompted during operation, so they are extremely concealed.

 

Q:

How can I find my website infected with Trojans?

A:

If a server is infected with Trojans, such as a "pop-up page", it is easy to detect. If an anti-virus software alarm is detected, the server is found to be infected with Trojans. Due to the constantly updating of vulnerabilities, the types of Trojan horses are changing at all times, and the client reflection is used to identify whether the server is infected with Trojan horses. The correct method is to regularly check server logs and find abnormal information; check the website code frequently and discover the webpage Trojan with professional detection tools, which greatly improves the work efficiency and accuracy.

 

Q:

What is XSS?

A:

Cross-site scripting (XSS) allows attackers to submit malicious scripts to a webpage, so that the original secure webpage has malicious scripts, or directly add webpages with malicious scripts and entice users to open them, after a user accesses a webpage, the malicious script intercepts all session cookies and other session information between the user and the website and sends them to the attacker. Then, the attacker can use the COOKIE to access the website normally. Attackers sometimes submit these malicious scripts to the Forum as a topic to trick website administrators into opening this topic, so as to gain administrator privileges and control the entire website. The cross-site scripting vulnerability is mainly caused by the absence of effective verification of all user input, which affects all Web application frameworks.

 

Q:

What are the dangers of XSS?

A:

The dangers of XSS attacks include:

Theft of various user accounts, such as machine logon accounts, user online banking accounts, and various administrator accounts

Control enterprise data, including the ability to read, tamper with, add, and delete enterprise sensitive data

Theft of important commercial data of an enterprise

Illegal transfer

Force send email

Website Trojans

Control victim machines to initiate attacks to other websites

 

Q:

What should I do if my website is attacked by XSS?

A:

XSS attacks allow hackers to gain access to any user who accesses the webpage of the affected website. Although they do not directly endanger the security of the website, they affect the website reputation and, if website administrators mistakenly access the malicious page, there is also the possibility of permission leakage. If you confirm that your website is under XSS attack, you must first clear the malicious scripts that have been added by the hacker, second, you need to modify the source code or use professional security hardware products, such as intrusion prevention products, to address these XSS vulnerabilities.

 

Q:

Can XSS attacks be prevented by disabling script execution?

A:

XSS attacks are caused by incomplete Web Page code, which allows attackers to insert malicious scripts into the pages, so that website visitors are attacked when accessing these pages. If script execution is completely disabled in your browser, it can prevent XSS attacks, but at the same time, Normal script-based applications cannot be accessed normally.

 

Q:

How to defend against XSS?

A:

To fundamentally resolve XSS attacks, you must check the source code of Web applications and modify the security vulnerabilities. However, this method causes inconvenience to users, for example: it may take a lot of manpower and financial resources; it may not be possible to find the website developers at the time, website offline, etc. After the code is modified, the filtering conditions and functions are added, it also brings computing pressure to the server. The common solution is to deploy intrusion protection products before the Web server. XSS attacks have many variants and are concealed. Traditional feature matching detection methods cannot effectively defend against these attacks, only intrusion prevention products that use attack techniques to monitor behaviors can precisely detect XSS attacks.

 

Q:

What XSS attack tools are currently highly threatening to Web servers?

A:

Common XSS attack tools on the Internet include sessionIE, Webscan, and XSS Inject attack.

 

Q:

What is SQL injection?

A:

SQL injection is the ability to inject malicious SQL commands into the background database engine using existing applications. SQL Injection uses normal HTTP service ports. On the surface, SQL injection is no different from normal Web access. It is highly concealed and difficult to detect.

 

Q:

What are the dangers of SQL injection?

A:

The main dangers of SQL Injection include:

Operate data in the database without authorization

Malicious webpage content tampering

Add a system account or a database user account without permission

Webpage Trojans

 

Q:

What should I do if my website is attacked by SQL injection?

A:

SQL Injection allows hackers to gain database permissions, steal passwords, and perform operations such as modifying, adding, and deleting database tables. Therefore, if the website is attacked by SQL injection, you must first check the database modification caused by permission leakage of the user based on the log, change the password, and check the page with injection points based on the log, code-level repair or professional security hardware products, such as intrusion prevention products.

 

Q:

Can SQL injection attacks be prevented by prohibiting SQL statement execution?

A:

SQL Injection uses non-strict Web Page code filtering. Attackers can insert special SQL characters and fields into SQL statements by submitting specially constructed SQL statements to access the database abnormally. If you completely disable SQL statements, you can certainly defend against SQL injection, but at the same time, normal database query languages cannot be executed, unless the Web site is a pure static page, otherwise, access will fail. SQL statement execution is prohibited to defend against SQL injection.

 

Q:

Can I completely prevent SQL injection attacks, vulnerability detection, and vulnerability repair?

A:

SQL injection attacks are caused by poor coding, without considering the robustness and security of the Code. Due to the complexity of Web program vulnerabilities, it is difficult for security analysts to thoroughly check and fix SQL injection vulnerabilities through Vulnerability Detection and vulnerability repair. It should be noted that each time a Web system adds a new page or application, it needs to perform another Vulnerability Detection and vulnerability repair.

 

Q:

How to defend against SQL injection?

A:

To fundamentally solve SQL injection attacks, you must check the source code of Web applications and modify the security vulnerabilities. However, this method causes inconvenience to users, for example: it may take a lot of manpower and financial resources; it may not be possible to find the website developers at the time, website offline, etc. After the code is modified, the filtering conditions and functions are added, it also brings computing pressure to the server. The common solution is to deploy intrusion protection products before the database server. SQL injection attacks have many variants and are concealed. Traditional feature matching detection methods cannot effectively defend against these attacks, only intrusion prevention products that use attack techniques to monitor behaviors can precisely detect SQL injection attacks.

 

Q:

What SQL Injection tools are currently highly threatening to Web servers?

A:

A: Some common SQL Injection tools on the Internet include the ah d SQL injection tool, pangolin, NBSI, HDSI, and piaoo injection tool.

 

Q:

What is Shellcode?

A:

Shellcode is actually a piece of code (or data filling) that can be used to send to the server and cause overflow by exploiting a specific vulnerability. It is called the code embedded into the process in the buffer overflow attack. This code can be a pop-up message box for common prank purposes. It can also be used to delete and modify important files, steal data, upload Trojans, and run them, format the hard disk for destruction.

 

Q:

What is DOS./DDOS attacks?

A:

DoS is short for Denial Of Service. DoS refers to the use of network protocol defects to exhaust the resources of the attacked object, in order to make the target computer or network unable to provide normal service or resource access, the target system service system stops responding or even crashes. This attack does not include intrusion into the target server or target network device. These service resources include network bandwidth, file system space capacity, open processes or allowed connections. Such attacks may result in resource shortage. No matter how fast the computer processes, how large the memory capacity is, and how fast the network bandwidth is, the consequences of such attacks cannot be avoided.

 

DDoS (Distributed Denial Of Service) has made another huge step forward in DoS development, this distributed denial of service attack allows hackers to install a large number of DoS service programs on different high-bandwidth hosts (hundreds or even thousands of hosts) that have been intruded and controlled, they wait for commands from the central attack Control Center. The central attack Control Center starts DoS service processes for all controlled hosts in a timely manner so that they can send as many network access requests as possible to a specific target, the formation of a flood of DoS attacks to the target system, violent DoS attacks on the same website. The target website that is attacked will soon lose response and cannot handle normal access in time, or even crash the system.

 

Q:

How to deal with DOS/DDOS attacks?

A:

From the current technical point of view, there is no solution very effective for DoS. Therefore, the best way to prevent DoS attacks is to prevent them from happening. That is to say, the general peripheral host and Server