Webshell Security Detection (2)-deep into the user's heart

Webshell Security Detection (2)-deep into the user's heart
1. What is WEBSHELL? What does it mean?

What is Webshell from different perspectives?

Programmer: an executable web script file. It means a script. Hacker: something that can be used to control the website. Meaning: the website has been fixed. Try to hide your identity and avoid further damages. User (webmaster): When Webshell is found, it is troublesome. Serious administrators will think of many problems. The website has vulnerabilities and has been attacked by others. What should I do? 2. What is the difference between Webshell detection tools and products (systems?

There are a variety of open-source and free tools on the Internet, not to mention their recognition rate. Why are these things just a tool?

The author believes that what is a tool is mainly characterized by the following:

Only targeted problems can be solved. Using tools requires a lot of technical accumulation and security knowledge. (non-professional people cannot use them) only professional results will be presented, it still requires a lot of ability and knowledge to solve the problem. (Not applicable to non-professionals) the tool does not fully consider user requirements and user experience. 3. What are the real needs of users?

Understanding user requirements is indeed an art of deep understanding. user demand analysis actually reflects the vision and capabilities of a product manager or decision maker. Is this requirement just needed? Or not just needed? Are explicit or implicit requirements? Are user requirements or user requirements? How urgent is the demand? What is the frequency of demand? (Currently, we all talk about user stickiness, and low-frequency demand is difficult to sell.) Is it a requirement or a demand? Does it solve users' pain points and itch points? Do not confuse the pain points with the itch points. The pain points are charcoal in the snow, and the itch points are icing on the cake. (A little out-of-the-box, a lot more difficult, fully understand the needs, from the perspective of human nature products can be more accepted by the market ).

For Webshell, why do users want to detect webshells? Why do users want to analyze logs? If the target group is the Webmaster (Administrator), what do they care about. They are actually a series of question marks.

Has our website been hacked? Where did the hacker come from? How did you intrude in? Why attack me? What have you done when you come in? (Who is the hacker? From there? What do you want ?) What are website vulnerabilities? How to fix vulnerabilities and prevent hackers from entering the system? When hackers come in, they may have done a lot of bad things, stolen data, and possibly listened to many sensitive information in the intranet. There are no other vulnerabilities. Do not be attacked again? Is there any security improvement measures such as modifying the system password and setting permissions to avoid system attacks in the same region. ......

To put it simply, how can I avoid the occurrence of similar situations and concern about the hacker's source identity and other information (hacker profiling)

So what are we going to do with the Webshell detection system? It is a platform (or service) that covers the post-event handling of WEB security events ).
Main functions:

Check whether the website has been infiltrated. Find the attacker's IP address based on the traffic. This vulnerability is characterized by external threat intelligence to provide comprehensive information to users. Traffic-based attack scenarios can be restored. Analyze website Vulnerabilities Based on attack scenarios. Provide users with repair and reinforcement solutions based on vulnerabilities. 4. What effect does the user want? The alarm is accurate (the report does not report the Report ). Intuitive and visual alarms. (Visualized) low deployment cost: it is best to deploy the service at zero cost, or to conveniently obtain access alerts (such as SMS notifications ). (Users don't have time to go to the product interface every day. In the future, there will be almost no interface for monitoring product alarm information, or a few visualization charts for the leaders to see, of course, statistical reports are still needed.) Easy to handle alerts: one-click Processing Guide. When I see alerts, I can handle webshell events automatically or manually based on automated one-click scenarios. (Dummies)

Let's say five more things: Useful, nice-looking, easy-to-use, convenient, and easy-to-use.

Introduction:

One feature of the current security attack and defense is that there will be more and more unknown attacks, and the attack tool you are facing may have never been used (or you have never seen the monitoring field of view ), there are more webshell samples in your hands. Attackers can always create a webshell with more lightweight functions. How can they discover unknown webshells? How can we achieve the wide recovery of Skynet without leaking?