Shulou(Shulou.com)05/31 Report--

The content of this article mainly focuses on what are the common loophole defense methods in WEB development. The content of the article is clear and clear. It is very suitable for beginners to learn and is worth reading. Interested friends can follow the editor to read together. I hope you can get something through this article!

SQL injection vulnerability

Cause and harm of SQL injection loophole

In the sql query, many programmers will splice the variables into the sql statement and then query, so that if the hacker inserts other sql statements in the parameters, it may cause the password of our site to be queried by the hacker or be dragged out of a large amount of data. If the string splicing is used in the development of the SQL statement, it must be strictly filtered, and the content entered by any user cannot be trusted. Here are several defense methods.

Digital query injection protection

An example of the query is as follows

In the case of such a numeric injection, we can force the incoming parameters to be converted to integers to eliminate SQL statements concatenated by hackers. Modify as follows

This is the result of the normal query on this page.

This is a typical digital injection, and we can see the success of the injection by entering the injection statement.

We cast the type into the code:

When we perform the injection, we can see that the query returns to normal and the injection fails.

Non-digital injection protection-general protection

If the query parameter is not a number, how should we protect it? then universal protection can be used here, which is suitable for both digital and non-digital ones. We know that there are three main ways to obtain parameters in web: get, post, and cookie. Well, the main aspects of our protection are also these three aspects. We can blacklist and filter all the traffic on the site. Of course, this can also block xss vulnerabilities. The specific process is as follows:

Specific implementation code:

test

Similarly, we included our waf.php file on the original website, and in performing the injection operation, we can see that we have intercepted the illegal operation.

Use preprocessing to protect injection

An example of PHP preprocessing query

Advantages of pretreatment

The preprocessing statement greatly reduces the analysis time, making only one query (although the statement is executed multiple times).

Binding parameters reduce server bandwidth, you only need to send the query parameters, not the entire statement.

Preprocessing statements are very useful for SQL injection because the parameter values are sent using different protocols to ensure the legitimacy of the data.

Protection against XSS vulnerabilities

The cause and harm of xss loophole

Xss vulnerabilities, like sql injection, are injection vulnerabilities, mainly because hackers inject malicious js code into web pages, which can cause our cookie to be stolen. Hackers can easily log on to our background through cookie fraud, and hackers can also use js to hang up horses, black hat seo, attack customer computers and other operations that are very harmful. So how to defend, I will explain the two main methods of defense.

Xss classification

Xss is mainly divided into reflective type, storage type, and Dom type.

Escape htmlspecialchars ()

We know that the data queried in the database can be printed on the web page, but the data may be entered by the user in registering or entering other forms, then the user may enter js or html code here, which may cause the code entered by the user to be parsed and executed in the browser, then we can escape it into an unparsed string through htmlspecialchars (), so as to avoid such attacks.

This is a web page that simulates xss vulnerabilities. We carry out simulated attacks and repairs.

We pass in a xss attack code, which shows that the cookie content of the current web page is obtained directly.

What about adding htmlspecialchars () to $id when we output it?

We can clearly see that the browser no longer parses the js code we passed in, but instead outputs it as a normal string.

Universal protection

Filtering can also be achieved by including the universal protection waf.php injected by our sql into this page.

Defense against CSRF vulnerabilities

The cause and harm of CSRF loophole

The main reason for the CSRF loophole is that our website did not validate the form. Is this form submitted by our website itself? if a password-changing form is constructed and placed on other people's websites, our own passwords will be changed when we open this extra-domain form carefully constructed by hackers. Hackers can also spread worms through CSRF vulnerabilities. Sina Weibo has encountered such attacks. Hackers carefully construct the form, and when you open a link to the form, a Weibo is automatically sent, and others open it to do the same.

TOKEN protection

How do we verify that this form is submitted by our own website? then we can generate a hidden input form under each form to store a TOKEN. When we submit the form, we will verify whether the TOKEN is on the SESSION. If we perform the operation of the form, if the TOKEN is not there or did not submit the TOKEN at all, then the form is forged, and we truncate the operation directly. The specific process is as follows:

Protection code writing:

test

We write two files: index.php for submitting the form and xss.php for validating the form.

Index.php

Xss.php

You can see that our code is very simple, as long as we pass the dynamic TOKEN verification, it will output check success, otherwise output NO-TOKEN!

First of all, if we submit the form directly, there is no problem and we will return the success directly.

But what if we delete the token value in F12 and then submit it?

You can see that it will be truncated directly.

Code security in web defense:

Thank you for your reading. I believe you have a certain understanding of "what are the common vulnerability prevention methods in WEB development?" go ahead and practice it. If you want to know more about it, you can follow the website! The editor will continue to bring you better articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.