Logic vulnerabilities-business security issues

Others 2020-04-21 23:20:47 views: null

Business security issues

Some actual problems that may occur in the production environment, I think this is not only targeted by penetration testing engineers, but also some developers need to be aware of

account security

Issues of identity theft such as number theft and database collision

“撞库”攻击的形式
				尝试登录大量【用户名+密码】组合
				利用已泄露的多家网站用户数据库
			“盗号”产生的风险
				用户隐私受影响
				账户资金受影响
				企业投诉和赔付率上升


		对抗手段
			验证码识别云平台
			短信验证码云平台
			访问速率控制	
			秒换代理服务器IP
			 IP限制策略
			 
		用户界面
			PC登录界面
			WAP	
			APP
			联合登录

		防护策略
			图形验证码
			短信验证码

Resource abuse

Swipe / malicious order

			供应商刷单赚取信用
			竞争对手互相下单
			报复性下单

Control inventory affects normal sales

			自动加购物车，自动下单
			购物车过期后，重复上一步骤
			正常用户不能购买
			企业商品无法售出

Malicious call SMS sending interface

			封装多个网站短信发送接口为一个API
			向指定手机发送短信炸弹，强制对方关机
			企业遭受客户投诉导致短信通道被迫关停

Registration check weakly exploited interface

			利用简单的注册判断接口，检查全国手机号是否在网站注册
			放大这个请求，结果是灾难……为盲目“撞库”提前筛选用户名

Malicious registration generates "vest" users

			抢占正常用户资源
			影响企业营销效果
			产生虚假数据
			隐藏的“炸弹”

Gentle Little Xue

Posted 117 original articles · praised 11 · visits 6447

Private letter concerns

Guess you like

Origin blog.csdn.net/weixin_43079958/article/details/105670214

Logic vulnerabilities-business security issues

[Red safety] Web Security Day6 - business logic vulnerabilities offensive and defensive combat

Web Security Testing Study Manual - Business Logic Testing

Business logic vulnerabilities - Register - Login - password change page summary

issues security alerts

JWT security issues

webpack security issues

Internet Security Issues

Network Security Related Issues

Java reflection and security issues

Logic vulnerabilities and unauthorized Notes

Logic vulnerabilities and unauthorized (to be supplemented)

Overview of logic vulnerabilities

Concurrency testing of logic vulnerabilities

Spring Security --- custom login logic

There are hundreds of high-risk vulnerabilities in popular software? Open source security issues cannot be ignored

Server-side verification logic defect - business security test practice (30)

Network Security Advanced Learning Lesson 17 - Business Logic Vulnerability (Payment&&Authentication&&Password Retrieval)

Logic Vulnerability Mining-Overview of Logic Vulnerabilities

[Information Security]-Network layer security issues

[Information Security]-Physical Layer Security Issues

ruby and rails of security issues learning

Sql security issues in Chapter XV

Java reflection mechanism and security issues

Java multithreaded communication security issues

Thread declaration cycle and security issues

Security Issues of Digital Currency Wallets

java thread pool security issues

Security Issues in Interface API Development

Thread life cycle and security issues

Recommended

The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!

Ranking

Getting the basic concepts of ROS + catkin Profile

Spring Learning (2) --- Assembling Beans in the IoC Container

js to get the src attribute of the image regularly

STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud

Short video learning - 3, pandas simple use of pivot_table

Print directory of project configuration log, output log

Understand the difference between vi and vim in Linux in 3 minutes

1 + x certificate Web front-end development HTML5 special exercises

mangodb save and insert the difference

7-1 Family tree processing (50 points) (binary tree solution)

Daily

More

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)