Security - Content Security Policy (CSP) (unfinished)

Others 2019-06-28 22:43:07 views: null
  • Content Security Policy (CSP) is an extra layer of security to detect and weaken certain types of attacks, including cross-site scripting (XSS) and data injection attacks.
  • CSP2 backward compatible inconsistent explicitly mentioned
  • For CSP is available, you need to configure your web server returns the Content-Security-Policy HTTP header
  • Reference X-Content-Security-Policy of the head, it is the old version, so you no longer need to specify it
  • In addition, <meta> element may also be used to configure the policy, e.g.<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://*; child-src 'none';">

Threat

Cross-site scripting attacks

  • CSP by specifying a valid domain - that is, an effective source browser recognition of executable scripts - so that the server administrator has the ability to reduce or eliminate XSS attack depends carrier.
  • A CSP-compatible browser will execute only get from the whitelist domains to script file, ignoring all the other scripts (including inline scripting and event handling HTML attributes).

Packet sniffer attack

  • In addition to limiting the content can be loaded domain, which protocol server may also allow the use of specified; for example (ideal from a safety perspective it), the server may specify that all content must be loaded over HTTPS.
  • A complete data transmission security strategy not only force the use of HTTPS for data transmission, but also for all the cookie tag security identification, and provides automatic redirection allows HTTP page guide HTTPS version.

———————————————————————————————————————

XSS (Cross-site scripting)

  • Cross-site scripting attacks Cross-site scripting (XSS) is a security vulnerability, an attacker could exploit this vulnerability client code to inject malicious on the site.
  • An attacker can break through the access to the site, posing as victims
  • In the following two cases, prone to XSS attacks:
    • Enter from an unreliable link to a web application.
    • Not filtered malicious code is sent to the dynamic content web users. (You can upload dynamic content interface does not have to filter malicious code)
  • Generally malicious content including JavaScript, however, sometimes including HTML, FLASH.

XSS attacks can be classified into 3 categories: storage type (Durable), reflective (non-persistent type), based on the DOM.

Storage-type XSS

  • Inject scripting permanently stored on the target server. When a browser requests data, and execute the script and upload it back from the server. (The current site supports upload data, but the data have not been content filtering.)
  • For example: Upload a picture, but the picture was actually a path to the url script, because the script url cross-domain support in the CSP is not set, the picture is loaded when other users load and run the script. The current personal information will be the site of the script acquired in a lawful manner

XSS reflective type (non-persistent XSS)

  • When a user clicks on a malicious link or submit a form, or go to a malicious Web site, inject script into the site of the attacker
  • Web server will be injected scripts, such as an error message, search results returned to the user's browser.
  • This approach is the use of certain special interfaces that return data and relevant content submission, but does not filter the submissions. Lead content returned by the server to malicious code injected into the client browser.
  • For example: In the older browser, input values will be written in the attribute value <input value='默认值可以修改' type='text'></input>, if a data returned as will inject malicious code into the client browser
返回value值为 '/><script>...dosome...</script><input  value='
这时渲染的input标签会变为 <input value=''/><script>...dosome...</script><input  value='' type='text'></input>
JS代码就会被注入执行了

DOM-based XSS (local exploit this vulnerability exists in the client page in the script itself.)

  • The browser itself has a security vulnerability, a user visited a malicious Web site, these scripts have carried out attacks against these vulnerabilities will exploit these vulnerabilities to bypass browser security mechanisms to get information
  • Such attacks are less harmful, not only for the browser version and update user visited a malicious Web site

Guess you like

Origin www.cnblogs.com/qq3279338858/p/11104192.html
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com