Safety Testing Basics

Others 2019-12-25 20:48:49 views: null

Common security issues

Cross-site scripting XSS attacks

Cross-site request forgery attack CSRF

Cookies front-end security

Clickjacking attacks

Transit security issues

User password security

SQL injection attacks

 

XSS (Cross Site Scripting) Cross-Site Scripting Attacks

What is XSS

Another web attacks, successfully executed by injecting executable code page (html code or JS code) browser

Conditions embodiment XSS attacks have

  1. Web pages need to be able to inject malicious code (input box, url)
  2. Malicious code can be executed successfully browser

XSS Attacks

User incoming data is treated as a program, it will execute the program

Why can XSS

  • Get the page data: you can get the value specified by the document elements, such as access to the user name, phone number, address, website, etc. [steal any data including user data]
  • Get cookies: you can get all the current cookies by document.cookies website, to steal the currently logged on user's login state, thereby posing stolen user login website background management system [even steal user passwords and login state]
  • Hijacking front-end logic: can modify the content of a feedback operation, such as clicking a button which should only submit a request, but may be tampered with by the script XSS request address, and then transmits the information submitted by the user interface to the attacker package; or change the user's page jump [deceive users, traffic hijacking]
  • Send Request: An attacker can send a request to allow the user to collect user information without the knowledge of

XSS attacks

  • Reflective XSS: when a user accesses a link has been tampered with after the attacker, implanted script will be executed the user's browser, also known as non-persistent type because it is a one-time, only have an impact when the page access times
  • Reflective XSS scenario: turn into short chain link with XSS script; [in] url followed xss script, a URL jump
  • The script will automatically execute when the contents contain XSS attack scripts will be stored on the server side, also known as persistent type, the user reads the content: storage type XSS
  • Storage type XSS scenario: a message other users to view other people's posts, comments, administrators announcement, the hacker posted a blog post; feedback, complaints function, chat function

XSS attacks injection point

  • HTML node content: dynamically generated, comprising a user input, such a script containing XSS
  • HTML attributes: where the user needs as the img src, input boxes manually entered value, etc.
  • JS code: a JS code that requires the user to enter the pass value
  • Rich Text: save the rich text edit box contents itself contains html tags, the user can input XSS script

Potential injection points

Determining whether the input point can be injected successfully into the page content data for the content but does not submit the data output to the input point of the page is not necessary Fuzzing because even submit attack code is not generated XSS;

Fuzzing: Analog XSS attack, blur a means test most commonly used to dig holes, the process of trial and error

Payload: the equivalent of test cases

Tag attributes: As < A the href = "injection position" > Test </ A > ,        Payload : "> </ A > < Script > Alert ( 0 ) </ Script > < A   the href ="
Event tag: < IMG the href = "a.jpg" the onload = "injection position" > ,   Payload: Alert (0)

Defense XSS attacks

  1. Browser comes with defense, X-XSS-Protection, major defense reflective XSS attacks, such as the parameters appear in the HTML content and properties
  2. I.e. escaped escaped when stored in the database, or display; html content to escape, such as the [<>] escaped as & lt; & gt
  3. Html properties of double and single quotation marks [ '' ''] escaped as & quto; & apos;
  4. CSP1 (Content SecurityPolicy) content security policy, which is used to specify the executable content

 

CSRF (Cross Site Request Forgy) cross-site request forgery

User-friendly understanding CSRF

  1. Web site users visit malicious websites sent a number of requests, and these requests are done without the user's knowledge
  2. An attacker identity theft by trusted users to send malicious request on his behalf to a third party site for the server, when this request is legitimate

CSRF Attacks

 

How CSRF is an attack? How defense

  1. Site A Site B sends a request to
  2. Request with the site Acookies
  3. A front-end does not visit the site
  4. referer to Site B

CSRF attacks harm

  1. With user login state
  2. The user's knowledge
  3. Complete a service request (to steal the user money, posing as a user to post back pot)
  4. Causing worm attack

Guess you like

Origin www.cnblogs.com/poloyy/p/12098590.html
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com