Shulou(Shulou.com)05/31 Report--

This article mainly explains "what are the common Web security vulnerabilities and testing methods". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "what are the common Web security vulnerabilities and testing methods"?

1. Six basic principles of safety testing:

Authentication: the request for the authenticated user is returned

Access control: access control and data protection for unauthenticated users

Integrity: the user must accurately receive the information sent by the server

Confidentiality: information must be accurately delivered to the intended user

Reliability: what is the frequency of failure? How long does it take for the network to recover from failure? What measures will be taken to deal with catastrophic failures? (personally understand that this place should be more inclined to the scope of fault tolerance and disaster tolerance testing.)

Non-repudiation: the user should be able to prove that the data received is from a specific server

Second, common safety testing content

Authority control

SQL injection

URL security testing

XSS (cross-site scripting attack)

CSRF (cross-site request forgery)

URL Jump vulnerability

Other security considerations

Third, what causes security problems in Web applications? There are generally the following reasons:

1. The complex application system has a large amount of code and many developers, so it is hard to avoid negligence.

2. The system is upgraded repeatedly and the personnel change frequently, which leads to code inconsistency.

3. Historical legacy system, trial run system and other Web systems run together on the same server.

4. The developer has not been trained in security coding or the company does not have a unified security coding specification at all.

5. Testers are inexperienced or released online without professional security assessment and testing.

6. The user's input is not validated. Here are a few examples:

1) never trust the user's input, but verify the user's input

2) the digital input must be a legal number

3) the coded symbols should be specially handled in the character input.

4) verify all input points, including Get,Post,Cookie and other HTTP headers

Fourth, common loopholes in security testing and their solutions:

1. XSS cross-site scripting attack

SS is similar to SQL injection, XSS inserts malicious scripts through web pages, and the main techniques used are front-end HTML and JavaScript scripts. When the user browses the web page, the attack mode that controls the behavior of the user's browser is realized.

A successful XSS can obtain the user's cookie, use the cookie to steal the user's operation rights to the website, or obtain the user contact list, use the identity of the attacker to send a large amount of spam to a specific target group, and so on.

XSS is divided into three types: memory (persistent XSS), reflective (non-persistent XSS), and Dom.

Test method:

In the data entry interface, enter: alert (/ 123 /). If the dialog box pops up after a successful save, it indicates that there is a XSS vulnerability here.

Or change the parameter in the url request to alert (/ 123 /). If a dialog box pops up on the page, it indicates that there is a XSS vulnerability here.

2. SQL injection

SQL injection is a query character submitted or entered for a domain name or page request by inserting a SQL command into an Web form

String, and finally deceive the server to execute malicious SQL commands.

The possible harm caused by SQL injection is as follows: the web page and data are tampered with, the core data is stolen, and the server where the database is located is attacked and become a puppet host.

For example, some websites do not use precompiled sql, and some fields entered by the user on the interface are added to the sql, most likely containing some malicious sql commands. For example, password = "1'OR'1"; you can log in normally even if you don't know the user's password.

Test method:

On the page that needs to be queried, enter simple sql statements such as the correct query condition and 1 to view the response result. If the result is consistent with entering the correct query condition, it indicates that the application has not filtered the user input, and it can be preliminarily judged that there is a SQL injection vulnerability here.

Suggestions for modification:

To verify the user's input, you can use regular expressions, or limit the length; convert the following keywords, etc.

| | alert | and | exec | execute | select | delete | update | update | count | chr | mid | master | truncate | declare | sitename | xp_cmdshell | or | + |, like' | and | exec | execute | create | drop | table from | grant | group_concat | column_name | information_schema.columns | table_schema | union | where | select | select | delete | delete | update | order | order |-- | + |, | | / / |

Instead of using dynamic assembly sql, you can use parameterized sql or directly use stored procedures for data query and access

Do not use database connections with administrator privileges, use separate database connections with limited permissions for each application

The applied exception information should give as few hints as possible, and it is best to wrap the original error message with custom error messages.

3. URL jump loophole

The URL redirect vulnerability, that is, an unverified redirection vulnerability, means that the Web program jumps directly to the URL in the parameters, or the URL of any developer is introduced into the page to direct the program to an insecure third-party area, resulting in security problems.

Test method:

1. Use the package grab tool to grab the request.

two。 Grab the url of 302, modify the destination address and see if it can jump.

Ps: however, many jumps now add a referer check to cause the attacker to fail the jump.

4. File upload loophole

A file upload attack means that an attacker uploads an executable file to the server and executes it.

This kind of attack is the most direct and effective. The uploaded files can be viruses, Trojans, malicious scripts, webshell, and so on.

Webshell is a command execution environment in the form of web files such as asp, php, jsp or cgi, and it can also be said to be a web page backdoor. After preventing or inserting webshell into the affected system, attackers can easily enter the system through webshell to achieve the purpose of controlling the website server.

Test method:

Strictly check the type and size of uploaded files, and prohibit uploading files with malicious code.

To verify the execution permissions of the relevant directories, you can access all directories on the Web server through the browser to check whether the directory structure is returned. If the directory structure is displayed, there may be security problems.

5. CSRF cross-site forgery request attack

CSRF, using the identity of the logged in user, sends a malicious request in the name of the user to complete the illegal operation.

For example, if the user browses and trusts the CSRF vulnerability site A, the browser generates the corresponding cookie, and the user visits the dangerous site B without quitting the site.

Dangerous website B requests to visit website An and make a request. The browser visits website A with the user's cookie information, because website A does not know whether the request is made by the user or dangerous website B, so it will process the request from dangerous website B, thus accomplishing the purpose of simulating user operation. This is the basic idea of CSRF attacks.

Test method:

1. The same browser opens two pages, one page permission expires, whether the other page can be operated successfully, if the operation is still successful, there is a risk.

two。 Use the tool to send the request, do not add the referer field in the http request header, verify the response of the returned message, and should be relocated to the wrong interface or login interface.

Thank you for reading, the above is the content of "what are the common Web security vulnerabilities and testing methods". After the study of this article, I believe you have a deeper understanding of the common Web security vulnerabilities and testing methods, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.