A: cross-site scripting attacks
Abbreviation: XSS (Cross Site Scripting), also known as cross-site scripting attacks, the most common and basic method of attack WEB site. An attacker publish data contain offensive code on the page, when viewers see this page, the script will be specific to the viewer the user's identity and permissions to perform. For example, to obtain the user's Cookie, navigate to a malicious Web site, carrying the Trojans. With security ring inside the very famous sentence: All inputs are harmful. Most of the XSS vulnerabilities are due to not deal with user input, resulting in a malicious script execution in the browser.
XSS attacks Type: reflective type user input box in the input page data, the data is transmitted to the server by the get or post method, input data is generally in the URL query string, the form or forms, if the service side the filtering of the data, or the coding verified, presentation data directly input by the user out, it may cause a reflection type XSS. Reflective XSS is very common, usually small extent of its damage.
2. Durable usually because the server-side script malicious user input is not validated is stored in a database, and by way of calling the database, the data presented on the browser when the page is opened when users perform, whenever the user opens the browser, the malicious script is executed. Durable type of non-persistent XSS attack greater dangers compared because each time the user opens the page, the malicious script will be executed.
The main hazards: the ability to steal all kinds of user accounts 1 2 control corporate data, including reading, tampering, add, delete sensitive corporate data theft 3. important business information with commercial value 4 5. Force to send illegal transfers Email 6. control the victim machine to attack other sites
Defense: XSS vulnerability is due to the data submitted by the user without strict filtering caused, so the principle is the defense does not believe the data entered by the user, the input filter, the output is encoded.
1. Effective validation for user-submitted data, only accept submission of the length or content of our provisions, to filter out the other input.
2. For sensitive cookie information, use HttpOnly, the document object can not be found.
3. For information entered by the user to be escaped.
II: Cross-site request forgery attack
Abbreviation: CSRF (Cross-site request forgery) is another common attack. Attacker to forge a request by a variety of methods, mimic the behavior of the user to submit the form, to achieve the modification of the user data, perform a specific task or object. To fake the identity of the user, CSRF attacks and XSS attacks often meet up to do, but also through other means, such as to induce the user clicks on a link that contains attack
Defense: 1. Using POST request to increase the difficulty of attacking user clicks on a link you can initiate a GET request type. The POST request is relatively difficult, attackers often need the help of java can be achieved.
2. authenticate the request, ensure that the request is indeed my user fill out the form and submitted, rather than a third party forged particular can increase the token in the session, see the information and make sure that the information submitted is the same person.
Three: Redirect attack
A common means of attack is "phishing." Phishers usually send the link to a legitimate victim, when the link is clicked, the user is directed to a specious illegal websites, so as to achieve the purpose of defrauding users trust and steal user data. To prevent this behavior, we must examine all of the redirection to redirect to avoid a dangerous place.
Defense: 1. legitimate to redirect url added to the white list, refused to redirect the domain name when non-white list.
2. Redirect token, on legitimate url plus token, when redirected for authentication.
Four: SQL injection
The so-called SQL injection, that is, submit the query string or enter a domain name or page request through the SQL commands inserted into a Web form, and ultimately achieve deception server to execute malicious SQL commands, such as many video sites previously leaked password VIP members mostly is through WEB Form submit queries character storms out, these forms are particularly vulnerable to SQL injection attacks.
Defense: 1. Form Filler, legality verification form submission, some special characters escaped.
2. minimize database permissions