XSS attack
Cross-site scripting attacks refer to hackers modifying web pages and injecting malicious HTML scripts to control users' browsers to perform malicious operations when users browse web pages.
Attack type
1, reflection type, the attacker induces the user to click a link embedded with a malicious script to achieve the purpose of the attack.
2. Persistent type, an attacker submits a request containing a malicious script, saves the database of the website, and the user browses the web page, and the malicious script is included in the normal page to achieve the purpose of the attack.
Purpose
To steal important data such as user cookies and passwords, forge transactions, steal user property, and steal information.
Prevention
1. Disinfection, escaping or filtering some html dangerous characters.
2. HttpOnly, that is, the browser prohibits the page js from accessing cookies with the HttpOnly attribute. Add the HttpOnly attribute to cookies that store sensitive information to avoid being stolen by attack scripts.
injection attack
1. SQL injection attack
Attackers inject malicious SQL commands (drop table users) into HTTP requests. When the server constructs database SQL commands with request parameters, the malicious SQL is constructed together and executed in the database.
The way the attacker obtains the database table structure:
a. Open source; b. Error echo; c. Blind injection
prevention:
1. Disinfection, filtering the SQL that may be injected in the request data through regular matching
2. Parameter binding, the best Anti-injection method. At present, database access layer frameworks such as Ibatis and Hibernate implement SQL pre-compilation and parameter binding. The attacker's malicious sql will be regarded as sql parameters instead of sql commands to be executed.
2. OS injection attack
CSRF attack
cross-site request forgery, the attacker conducts illegal operations as a legitimate user through cross-site request.
The main method is to use cross-site requests to forge requests in the user's identity without the user's knowledge.
Core: Using browser cookie or server session strategy to steal user identity.
Prevention:
Identify the requestor.
a. Form token; b. Verification code; c. Referer check (The Referer field of the HTTP request header records the request source, instance, and image anti-leech. If the source of the image access page is not your own website page, it will be rejected).
Other Attacks and Vulnerabilities
Error Code (web configuration jumps to a special error page), HTML comments (prevention: code review or automatic scanning), file upload (prevention: limit file types), path traversal (traverse directories and files that are not open in the system, prevent, Static files are deployed independently, other files are not accessed using static url)
WEB Application Firewall
ModSecurity, open source, adopts an architectural pattern that separates processing logic from attack rule sets.