web security

White hats talk about web security

Another thick book. In order not to cheat, I had to change the plan. This time, I adjusted it to read the first three chapters, security worldview, browser security and xss. Others will be studied in depth when they are used.

Wu Hanqing is the author of this book, and the icon is a tattoo, which is praised by people in the circle. Worked in Ali, then started a business, and finally returned to Ali. More can be found here:

http://www.renrenzhuan.net/thread-5133-1.html

safe worldview

All the aspects of art finally return to the level of Tao, so in the opening chapter, the author starts from Tao.

The first question to think about in this section is: Why do we study web security?

Does blockchain security need our attention and why?

Second question: How are white hat jobs different from black hat jobs? What are we to learn like black hats?

The third question: what is the nature of security?

Fourth question: Is there a once-and-for-all security plan?

Fifth question: Please talk about your understanding of the three elements of safety.

The sixth question: Please talk about what the security assessment does? How to do it?

The seventh question: What principles can white hats refer to when designing security solutions? Which aspect of the problem they deal with or solve respectively.

Each question is enough to write a short essay.

Browser Security

Same Origin Policy

The same-origin policy restricts documents or scripts from different origins from modifying the current document or script.

Factors that affect the source include protocol, port, and domain name.

The script, img, and iframe tags can load resources across domains. In fact, they initiate a get request by the browser. Unlike XMLhttprequest, JavaScript cannot read and write the returned content.

In addition to DOM, cookies, and xmlhttprequest are restricted by the same-origin policy, some third-party plugins loaded by browsers also have their own same-origin policies.

browser sandbox

The browser sandbox mainly protects the machine where the browser is located through resource isolation. But in reality, some people bypass it through browser plug-in vulnerabilities.

Malicious URL blocking

Browser vendors and security vendors cooperate to alert users to malicious URLs. Phishtank is an agency that provides malicious URLs for free, and ev ssl is a security-enhanced certificate.

Security considerations for new browser technologies

User-friendly features require attention, such as \ and ? processing. Security for extensions and plugins.

XSS Cross Site Scripting Attack

XSS concepts and classifications

The first two chapters are basically the level of Tao, and this chapter starts to focus on the level of art. XSS is Cross Site Script in English. The so-called XSS attack refers to an attack in which hackers tamper with web pages and insert malicious scripts through html injection, thereby controlling the user's browser while browsing.

xss is traditionally divided into reflection type and storage type, DOM type, and DOM is actually a reflection type.

XSS payload

This section first introduces cookie hijacking, and then enumerates the acquisition of QQ mailbox mailing lists by constructing get and post requests combined with XSS, XSS phishing, identifying user browsers, identifying user software, identifying websites that users have visited, and obtaining real users. IP and other scenarios.

XSS attack platform

Common platforms are Attack Api, BeEF, XSS-Proxy. There is also not mentioned in the book, the XSS'OR of cosine. Tool platforms can help us demonstrate XSS hazards.

XSS worm

The book mentions the Samy worm that MySpace once was. Really scary worms steal user secrets silently.

XSS construction techniques

Common techniques include using encoding rules, breaking through length restrictions, using base tags, and window.name. In addition, don't ignore flash, some XSS and JS framework security issues that seem to only attack themselves.

XSS defense

Via the HttpOnly attribute

input check

output check

correct defense

Handling rich text

Defense against DOM based XSS

XSS from a business perspective

lab environment

1. A browser

Any browser capable of debugging Javascript should be able to.

2. Javascript debugging tools