I. Fundamentals of Web security
1.1 Common Web Security Vulnerabilities
1.2 Safe coding principles
All inputs are harmful!! The output is not safe either!
Input: Parameter passing, Cookie, Session, HTTP header, database…
Output: Exception information, sensitive information, XSS
There is no absolute security…
1.3 Data Verification
1.4 Identity Authentication & Session Management
1.5 Authorization Management
1.6 Storage Security
Cross-site scripting attacks and their security coding
2.1 define
XSS (Cross Site Script) vulnerability, in essence, is to inject data into static Script code (HTML or Javascript, etc.). When the browser renders the entire HTML document, the injected Script is triggered, resulting in XSS attacks.
2.2 XSS attack Mode
2.3 Utilization of XSS
Reflective and stored cross-site scripting attacks exist on a living website
When you return to the “My Posts” page after submitting the question, you can see that the cross-site script is executed, and the “19” window pops up,
2.4 Classification of XSS
juejin.cn/post/689012…
Cross-site request forgery and its security code
3.1 define
Cross-site Request Forgery
– On the page of a malicious site, visitors are prompted to request a URL of the attacked site to change data on the server
An attacker steals your identity and sends malicious requests on your behalf
— Born in 2000, fire in 2007/2008
– 90% of websites have this vulnerability
– The target site has no token or referer restriction
– There are two modes: GET and POST
How is CSRF different from XSS?
The destructive power of Csrf depends on the permissions of the victim and is related to the browser mechanism.
- CSRF, Cross Site Request Forgery
- Make a GET/POST request under a user session for a request that is not made voluntarily by the user
- Websites identify users through cookies. When users successfully authenticate themselves on a website, the browser will get a cookie that identifies their identity. As long as you do not close your browser or log out, you will take this cookie with you when you visit the site in the future
- If someone is tricked into requesting the url of the site during this period, it is equivalent to issuing a post-authentication request, which may perform some sensitive operations that the user does not want to do
juejin.cn/post/689012…
4. File uploading and its security coding
4.1. Uploading illegal files
Invalid file upload is caused by incomplete or incomplete verification of uploaded files on the server. As a result, users can upload malicious scripts to the server.
4.2 File upload protection
1. Whitelist check file name extension. If the file name is not in the whitelist, the file cannot be uploaded.
2. The save directory of the uploaded file cannot parse script languages such as JSP and PHP
3. Name the file name randomly. For example, UUID and GUID cannot be customized.
4. Render the uploaded image file if allowed
5. Keep a log
Ultra vires vulnerability and its security coding
5.1 define
5.1.1. Vertical Overreach vulnerability
Vertical overreach vulnerability, also known as permission promotion, is a vulnerability caused by a design flaw in URL-based access control. As the Web application does not do permission control or only does permission control on the menu, malicious users can access or control data or pages owned by other roles as long as they guess the URL of other managed pages, so as to achieve the purpose of permission promotion.
5.1.2 Horizontal overreach vulnerability
Horizontal overreach vulnerability is a vulnerability caused by a design flaw of “data based access control”. Unauthorized data access vulnerability caused by the server not judging the owner of the data when receiving the requested data. For example, the server obtains the user ID from the request parameter (the data that the user can control) submitted by the client. A malicious attacker changes the value of the request ID to view or modify the data that does not belong to the attacker.
5.2 Ultra vires vulnerability protection
5.2.1 Vertical Overreach vulnerability
Vertical overreach vulnerability: Verify whether the current user has the permission to call related functions before invoking functions (filters are recommended for unified permission verification)
5.2.2 Horizontal Overreach vulnerability
Horizontal overreach vulnerability: When a user performs an operation, the user ID is obtained from the session and the parameter passed in is bound to the user’s identity for verification.
Vi. Business security
In the electronic banking system, in addition to the conventional web vulnerabilities such as SQL, XSS, CSRF, XXE and so on, the more important thing is the security of its business. Banking business is directly related to the economic interests of users, so it is very important to ensure the security of their business.
6.1. Account Information Security
Account is the entrance of a system, which is related to the most direct interests of users, so account security plays an important role in business security. Account system is divided into many levels, each link loopholes, will bring great losses to users.
classification
- Information query
- Risk of collision library
- Weak passwords
- Password back
- Password recovery credentials are too weak to be blown
Password recovery credentials can be obtained directly from the client, URL, and web source code
When submitting the new password, change the user ID to another ID
Skip the authentication step and retrieval mode and go to the page for setting a new password
During login, a user identifies an account according to a field in the cookie
6.2. Business data security
Amount data tampering
For example, the amount field of goods in the payment page capture request is changed to any amount and submitted to check whether the business process can be completed with the modified amount data.
Quantity tampering
Packet capture Modify the quantity of goods and other fields, change the quantity of goods in the request to any amount, such as a negative number, and submit to check whether the business process can be completed with the modified quantity.
For more security questions please check the link: blog.nsfocus.net/web-vulnera…