A, XSS (cross-site scripting attacks)
Attacker to insert malicious script in a Web page, when a user browses the page, prompting script execution, so as to achieve the purpose of attack
Solution:
1, from the client and server dual validate all input data, which can block most typically injected script
2, an appropriate code all the data
3、设置 HTTP Header: "X-XSS-Protection: 1"
Two, DDos Distributed Denial of Service
Sending a large number of requests, so the server paralyzed
Solution:
1, detection technology to detect whether the site is suffering from DDoS attacks
2, cleaning technology, washed abnormal traffic.
Three, CSRF CSRF
The user cookie is stored locally, attacker uses to authenticate the user's cookie, then the user makes a request forgery
Solution:
1, the inspection standard header, to confirm whether the request is homologous
2, check CSRF Token
Four, SQL injection
By user input, spliced into malicious sql, and execution
Solution:
1, parameterized queries can force application developers first define all the sql code and then after each of the parameters passed to the query
2, using language that comes with the storage program, rather than trying to manipulate the database directly
3, validate user input
4, all input provided by the user are encoded