Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "introduction and countermeasures of security vulnerabilities XSS, CSRF, SQL injection and DDOS attacks". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

0x01: XSS vulnerability

1. Introduction to XSS

Cross-site scripting (cross site script), referred to as XSS for short, is a computer security loophole that often appears in web applications, and it is also the most mainstream attack method in web.

XSS means that malicious attackers take advantage of the disadvantage that the website does not escape the data submitted by users or filter insufficiently, and then add some code and embed it into the web page, so that other users will execute the corresponding embedded code when they visit.

2. The harm of XSS attack

Steal user information, such as login account, online bank account, etc.

Use user identity to read, tamper, add, delete data, etc.

Theft of important information of commercial value

Illegal transfer

Force email to be sent

Hang up the horse on the website

Control the victim's machine to attack other websites

3. Prevent XSS solution

The root cause of XSS is that the data submitted by the client is not completely filtered, so the key point is to filter the information submitted by the user.

Mark the important cookie as http only so that the [xss_clean] statement in the js cannot get the cookie.

Users are only allowed to enter the data we expect. For example, the age of the age user only allows the user to enter numbers, and all characters except numbers are filtered out.

Html Encode processing of the data: when the user submits the data, it carries on the HTML coding, converts the corresponding symbol into the entity name, and then carries on the next step processing.

Filter or remove special Html tags.

Filter the label of the js event. For example, "onclick=", "onfocus", etc.

0x02:CSRF attack (cross-site request forgery)

1. Introduction to CSRF

CSRF (Cross-site request forgery) cross-site request forgery, also known as "One Click Attack" or Session Riding, is usually abbreviated to CSRF or XSRF, which is a malicious exploitation of a website.

XSS mainly uses trusted users within the site, while CSRF takes advantage of trusted sites by masquerading requests from trusted users. Compared with XSS attacks, CSRF is more dangerous.

2. The harm of CSRF attack

The main harm comes from attackers stealing the user's identity and sending malicious requests. For example: simulate users to send mail, send messages, as well as payment, transfer and so on.

3. Solutions to prevent CSRF

Important data interaction is received by POST, of course, using POST is not omnipotent, forged a form form can be cracked.

Using CAPTCHA, CAPTCHA verification is performed first whenever data interaction is involved. This method can completely solve the problem of CSRF.

However, for the sake of user experience, the website cannot add CAPTCHA to all operations. Therefore, CAPTCHA can only be used as an auxiliary means, not as the main solution.

Verify the HTTP Referer field, which records the source address of the HTTP request. The most common application is image hotlink protection.

Add a token token for each form and verify it.

0x03:SQL injection vulnerability

1. Introduction

SQL injection is one of the more common network attacks, mainly by inserting SQL commands into the Web form to submit or enter the query string of the domain name or page request to log in without an account, or even tamper with the database.

2. The harm of SQL injection

Database information disclosure: disclosure of privacy information of users stored in the database

Web page tampering: tampering with a specific web page by manipulating the database

The database was maliciously operated: the database server was attacked and the system administrator account of the database was tampered with

The server is remotely controlled and the back door is installed.

Delete and modify database table information.

3. The method of SQL injection

Typically, the locations where SQL is injected include:

Form submission, mainly POST requests, including GET requests

URL parameter submission, mainly GET request parameter

Cookie parameter submission

Some modifiable values of the HTTP request header, such as Referer, User_Agent, etc.

4. Solutions to prevent SQL injection

Validate the user's input and use regular expressions to filter incoming parameters

Use parameterized statements, do not concatenate sql, and can also use secure stored procedures

Do not use database connections with administrator privileges, use database connections with limited permissions for each application

Check the data storage type

Important information must be encrypted

0x04:DDOS attack

1. DOS attacks and DDOS abbreviations

DOS attack (Denial of Service denial of service attack): any attack means that users can not continue to use normal service due to the lack of network security protection measures can be called denial of service attack. Its purpose is to make the network or computer unable to provide normal service by consuming network broadband or system resources.

DDOS (Distributed Denial of Service, distributed denial of service) is called distributed denial of service attack when attackers control puppet hosts on the network and launch them to carry out denial of service attacks on target hosts at the same time.

2. The harm of DDOS

As a result, customers' business is unavailable and their interests are impaired.

A service in the customer network is attacked, the customer network is completely blocked, all services are paralyzed, and the chain reaction is serious.

The political influence caused by the attack and the pressure of public opinion bring loss of reputation to enterprises.

3. How to defend against DDOS attacks

Update system patches in time

Install killing software and hardware and update the virus database in time.

Set complex passwords to reduce the possibility that the system will be controlled

Shut down unnecessary ports and services

Often detect the vulnerability of the network, find problems and fix them in time.

For important web servers, multiple images can be established to achieve load balancing, which can reduce the harm of DDOS to a certain extent.

In short, it is necessary not only to filter and encode and use parameterized statements, but also to encrypt important information, so that SQL injection vulnerabilities can be better solved.

This is the content of "introduction and response to security vulnerabilities XSS, CSRF, SQL injection and DDOS attacks". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.