White hats talk about web security
Another thick book. In order not to cheat, I had to change the plan. This time, I adjusted it to read the first three chapters, security worldview, browser security and xss. Others will be studied in depth when they are used.
Wu Hanqing is the author of this book, and the icon is a tattoo, which is praised by people in the circle. Worked in Ali, then started a business, and finally returned to Ali. More can be found here:
http://www.renrenzhuan.net/thread-5133-1.html
safe worldview
All the aspects of art finally return to the level of Tao, so in the opening chapter, the author starts from Tao.
The first question to think about in this section is: Why do we study web security?
Does blockchain security need our attention and why?
Second question: How are white hat jobs different from black hat jobs? What are we to learn like black hats?
The third question: what is the nature of security?
Fourth question: Is there a once-and-for-all security plan?
Fifth question: Please talk about your understanding of the three elements of safety.
The sixth question: Please talk about what the security assessment does? How to do it?
The seventh question: What principles can white hats refer to when designing security solutions? Which aspect of the problem they deal with or solve respectively.
Each question is enough to write a short essay.
Browser Security
Same Origin Policy
The same-origin policy restricts documents or scripts from different origins from modifying the current document or script.
Factors that affect the source include protocol, port, and domain name.
The script, img, and iframe tags can load resources across domains. In fact, they initiate a get request by the browser. Unlike XMLhttprequest, JavaScript cannot read and write the returned content.
In addition to DOM, cookies, and xmlhttprequest are restricted by the same-origin policy, some third-party plugins loaded by browsers also have their own same-origin policies.
browser sandbox
The browser sandbox mainly protects the machine where the browser is located through resource isolation. But in reality, some people bypass it through browser plug-in vulnerabilities.
Malicious URL blocking
Browser vendors and security vendors cooperate to alert users to malicious URLs. Phishtank is an agency that provides malicious URLs for free, and ev ssl is a security-enhanced certificate.
Security considerations for new browser technologies
User-friendly features require attention, such as \ and ? processing. Security for extensions and plugins.
XSS Cross Site Scripting Attack
XSS concepts and classifications
The first two chapters are basically the level of Tao, and this chapter starts to focus on the level of art. XSS is Cross Site Script in English. The so-called XSS attack refers to an attack in which hackers tamper with web pages and insert malicious scripts through html injection, thereby controlling the user's browser while browsing.
<script>alert(CSS)</script> is just a way for us to verify whether there is xss, the real payload will implement more evil functions.
xss is traditionally divided into reflection type and storage type, DOM type, and DOM is actually a reflection type.
XSS payload
This section first introduces cookie hijacking, and then enumerates the acquisition of QQ mailbox mailing lists by constructing get and post requests combined with XSS, XSS phishing, identifying user browsers, identifying user software, identifying websites that users have visited, and obtaining real users. IP and other scenarios.
XSS attack platform
Common platforms are Attack Api, BeEF, XSS-Proxy. There is also not mentioned in the book, the XSS'OR of cosine. Tool platforms can help us demonstrate XSS hazards.
XSS worm
The book mentions the Samy worm that MySpace once was. Really scary worms steal user secrets silently.
XSS construction techniques
Common techniques include using encoding rules, breaking through length restrictions, using base tags, and window.name. In addition, don't ignore flash, some XSS and JS framework security issues that seem to only attack themselves.
XSS defense
Via the HttpOnly attribute
input check
output check
correct defense
Handling rich text
Defense against DOM based XSS
XSS from a business perspective
lab environment
1. A browser
Any browser capable of debugging Javascript should be able to.
2. Javascript debugging tools
There are Firebug, Fiddler, IE8 developer tools mentioned in the book.
3. JavaScript debugging environment
http://lixiaolai.com/2016/07/31/makecs-simplest-js-dev-environment/
Other resources
Online java debugging tool
BeeF
http://www.freebuf.com/sectool/4799.html
Attackapi framework
http://www.cnblogs.com/milantgh/p/3645166.html
XSS cheatsheet
sec-wiki find XSS