The importance of website security and the analysis of security requirement

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

The attack software that is ubiquitous on the internet, the attacker does not need the deep understanding foundation of the network protocol, can complete such attacks as replacing the homepage of the Web site, getting the administrator password, destroying the entire website data and so on. The network layer data generated during these attacks is no different from normal data.

Many people believe that the continuous deployment of firewalls in the network, Intrusion Detection System (IDS), intrusion Prevention system (IPS) and other devices, can improve the security of the network. But why are the application-based attacks still happening? The fundamental reason is that the traditional network security equipment for the application layer of attack prevention, the role is very limited. At present, most firewalls are working in the network layer, through the network layer of data filtering (TCP/IP packet based on the head of the ACL) to achieve access control functions, through the State firewall to ensure that the internal network will not be illegal access to the external network. All processing is at the network layer, and the feature of application layer attack cannot be detected on the network level. Ids,ips through the use of deep packet detection technology to check the network data in the application layer of traffic, and attack feature library to match, so as to identify the known network attacks to the application layer of protection against the attack. However, for unknown attacks, and future attacks, and through flexible coding and packet segmentation to implement the application layer attacks, IDs and IPs are also not effective protection.

Security problems of main websites and their harms

Common web attacks fall into two categories: one is to exploit Web server vulnerabilities, such as CGI buffer overflows, directory traversal exploits, and other attacks, such as SQL injection, Cross-site scripting attacks, etc. Common attacks on Web applications include:

Buffer overflow--an attacker using a request that exceeds the size of the buffer and a constructed binary to allow the server to execute a malicious instruction in the overflow stack

Cookie counterfeiting--carefully modifying cookie data for user impersonation

Authentication evasion-An attacker exploiting insecure certificates and identity management

Illegal input-use all kinds of illegal data in Dynamic Web page input, get server sensitive data

Forced access--access to an unauthorized Web page

Hide variable tampering--modifying hidden variables in Web pages, deceiving server programs

Denial of service attack--constructing a large number of illegal requests to make the Web server inaccessible to the proper user

Cross-site scripting attacks-submitting illegal scripts, stealing user account information when other users browse

SQL injection--construct SQL code for server execution, get sensitive data

Here are two simple attacks to illustrate.

SQL injection

For web pages that interact with the backend database, if there is no comprehensive judgment on the legality of user input data, there is a security risk to the application. A user can submit a carefully constructed database query code in a URL or form input box that can submit normal data, enabling the background application to execute an attacking SQL code, and the attacker obtains some sensitive data, such as an administrator password, confidential business information, and so on, based on the results returned by the program.

Cross-site scripting attacks

Because a Web page can contain text and HTML markup that is generated by the server and interpreted by the client browser. If untrusted content is introduced to a dynamic page, neither the Web site nor the client has enough information to identify the situation and take protective measures. If an attacker knew that an application on a Web site received a Cross-site script submission, he could submit a script that could complete the attack online, such as JavaScript, VBScript, ActiveX, HTML, or Flash. Once the average user clicks on the script submitted by these attackers on the Web page, it executes on the user's client, completing various attacks from intercepting accounts, changing user settings, stealing and tampering cookies to fake ads.

With the development of the attack to the application layer, traditional network security devices can not effectively solve the current security threats, the security problems faced by the application deployment in the network must be solved by a new design of a security firewall with high performance Protection application layer attack. The application firewall processes the application layer by executing requests within the application session. The application firewall specifically protects Web application traffic and all relevant application resources from attacks launched using Web protocols. Applying a firewall can prevent browsers and HTTP attacks that use behavior for malicious purposes. These attacks include data attacks that use special characters or wildcards to modify data, trying to get logical content attacks on command strings or logical statements, as well as targeted attacks with accounts, files, or hosts as their primary targets.

The above content from the original appearance www.chuancaipu.com for you to provide