1. Talk about the principle of SQL master/slave backup.
Answer: the master writes the data change to his binary log, and pulls the binary log from the master and writes his binary log, so that his database makes the corresponding change according to the binary log content. The main writing from reading
2. What are the five stars in the crontab configuration file of scheduled tasks in Linux?
A: Minute, hour, day, month, day of the week
3. What are user mode and kernel mode in Linux? How to understand the conversion principle?
Commonly understood as user space and kernel space, Linux memory is mainly divided into four segments, namely kernel code segment, kernel data segment, user code segment, user data segment. The total number of processes is 4G, kernel-mode can access 3-4G, user mode can access 0-3g. The highest level of privileges for both kernel and user segments is 0, and the lowest level of privileges for both user and kernel segments is 3. The kernel code segment can access the kernel data segment, but not the user data segment and user code segment, and the user code segment can access the user data segment, but not the kernel data segment or kernel code segment.
If the code running by the current process belongs to the kernel code segment, the current process is in kernel state; if it belongs to the user code segment, the current process is in user state. User code snippets and kernel code snippets run on the user stack and kernel stack, respectively.
4. Briefly describe the role of BP?
A: Configure the browser proxy to penetrate the network and attack the Web application integration platform. It can intercept and modify HTTP packets. Bp also has transcoding and decoding functions (hexadecimal, ASCII, BASse64, etc.); The introder module implements an automated attack or password blast; The Repeater module usually uses this function to capture packets through Proxy and send them. Basically, you modify the parameters of the request and so on and then click go in the upper left corner to send it, and then you receive the request on the right, and the request and the response can be displayed in different forms; The compare module is mainly a comparison function. You can cut packets from the Proxy and send them for comparison or load files directly for comparison
5.SQL injection principle? How to defend?
Because the program developer does not filter user input at compile time, users can make SQL query statements in THE URL into the database
6. How to respond to security incidents?
Answer: determine scope first, do a good job of isolation (network isolation, ACL, etc.), judge the seriousness of the matter, at the same time, contact legal department to see his evidence or public security department evidence, do a good job after the analysis, do a good job of relevant security reinforcement
7. How does a DDOS attack work? How to defend?
Distributed denial of service attacks, in which hackers control chickens to occupy resources and exhaust server resources. For example, many people come to the restaurant and fill the seats. They don’t order food, but only occupy the seats, so that the normal guests can not eat.
Defense: Purchase the anti-D service, traffic cleaning, and bandwidth expansion
8. The principle of reflective XSS vulnerability? How to defend?
One is reflective XSS, which takes input from the outside and fires directly on the browser side
Defense :(1) special character HTML entity transcoding. The best way to filter is to do transcoding with HTML entities on output and secondary calls to prevent script injection.
(2) Blacklist of label event attributes. Because special characters are easily bypassed, labeled events must be blacklisted or whitelisted. Whitelisted events are recommended. Rules can be directly matched using regular expressions.
9. What is the attack principle of request forgery class?
The URL submitted by the user and the information returned by the server need to be filtered otherwise it will be attacked by hackers for request forgery. What happens on the client side is called CSRF and what happens on the server side is called SSRF
10. Principle and defense of file upload vulnerability?
When programmers develop any file upload function, they do not consider the validity check of file format suffix or whether they only check the suffix through JS in the front end. Then an attacker can upload a site scripting language and a malicious code corresponding to the dynamic script, for example (JSP, asp, PHP, aspx file suffix) on the server, in order to access these malicious script contains malicious code, the dynamic analytical eventually achieve the result of execution of malicious code, further affect the server security.
The server is enabled with improper Settings or parsing vulnerabilities (e.g. nginx enables fast-cgi, uploads a one-sentence Trojan file named A.jpg and accesses a.jpg/.php to generate one-sentence Trojan files) or enables unsafe methods such as put and delete. For example, if the file name is abc.x1.x2.x3, Apache will parse from x3. If x3 is not a resolvable extension, apache will parse x2 and repeat until a resolvable file name is found. IIS6.0 has two parsing vulnerabilities in asp, one is if any directory name contains. Asp string, then all files under this directory will be resolved according to ASP, the other is the file name contains asp; It will be resolved as asp in preference.
Iis 7.0/7.5 has nginx-like parsing vulnerabilities for PHP parsing. Just append a string to the url of any filename/any filename. PHP will parse it as PHP does. For example, if you upload test.jpg and then access test.jpg/.php or test.jpg/abc.php in the current directory, it will generate a one-sentence Trojan shell.php
Defense: Strictly checks the file name and file path uploaded by users on the client and server. You also need to check for the %00 truncation, the CONTent-Type of the HTTP header, and the size of the uploaded file. The directory for uploading files is set to unexecutable. As long as the Web container cannot parse the files under that directory, the server itself is not affected even if an attacker uploads a script file.
Determine the file type. When determining the file Type, you can use MIME Type and suffix check. In file type check, use whitelist mode. In addition, for image processing, you can use compression functions or resize functions to destroy the HTML code that may be contained in the image while processing the image.
Rewrite file names and file paths using random numbers. File upload If the code is to be executed, the user needs to be able to access the file. In some environments, users can upload, but not access. If a random number is used to rewrite the file name and path, it will greatly increase the cost of attack. Then there are files like shell.php.rar.rar and crossdomain.xml, which will be invulnerable due to renaming.
The domain name of the file server is set separately. Due to the browser same-origin policy, a number of client-side attacks will be disabled, such as uploading crossdomain.xml, uploading XSS exploits with Javascript, etc.
Use security devices for defense. The essence of file upload attacks is to upload malicious files or scripts to the server. Professional security devices defend against such vulnerabilities by detecting the exploits and uploading process of malicious files. Malicious files are ever-changing, and hiding methods are constantly evolving. Common system administrators can deploy security devices to help prevent malicious files.
11. Does the file contain vulnerability principle and defense?
Principle: When importing files through PHP functions (such as include(), unexpected file leaks and even malicious code injection may occur because the file name passed in is not properly verified.
The following two conditions must be met: 1. Functions such as include() introduce files to be included through dynamic variables. 2. The user can control this dynamic variable.
Defense: Filter code because Include/Require can be used to Include PHP Wrapper addresses (php.ini needs to be configured). /.. / “to bypass the directory, so you need to determine whether the file name is a legitimate PHP file. If the file name can be determined, the code can set the whitelist to compare the parameters passed in when the file is included. The PHP configuration file has the open_basedir option to set the directory in which the user wants to execute. If you set the directory, PHP will only search for files in that directory. Allow_url_include in PHP configuration if enabled, PHP will Include remote files through Include/Require. This option is not allowed in development due to the untrusted and uncertain nature of remote files. PHP is disabled by default.
12. What is the same-origin policy?
The same origin policy checks whether the page is in the same origin as the local browser. Only scripts that are in the same origin as the local browser will be executed. If the script is not in the same origin, the browser will raise an exception in the console when requesting data, indicating that access is denied.
13. Explain the difference between Localstorage and SessionStorage
LocalStorage, like sessionStorage, is an object used to store temporary client information. They can only store objects of string type (although other native types can be stored in the specification, no browser has implemented them so far). The localStorage life cycle is permanent, which means that localStorage information will remain forever unless the user displays it on the browser-provided UI and clears it. The sessionStorage life cycle is the current window or TAB. Once the window or TAB is permanently closed, all data stored through sessionStorage is wiped out
14. What is atomic operation?
Atomic operations are operations that cannot be interrupted by thread scheduling; Once this operation starts, it runs until it ends without any context switch.
15. What are the safety keys in Windows?
CTRL + Alt + DELETE (after the machine receives this command by default, all current processes of the terminal will be activated and the login page will prompt you to enter the user name and password)
16. How to obtain the real NETWORK IP address from CDN?
You can connect to a foreign proxy and ping the domain name. If the IP address remains unchanged, the IP address is the real one. Or search the domain name by shodan, fofa, and try to determine the real IP from the information returned
17. What if the host is hacked?
When the host is invaded, it preferentially sees its own open services. To identify possible points of attack. Open HTTP services, for example, can be infiltrated by the Web. For example, if you open SSH, you may be entered by a weak password. After identifying the service, check the corresponding service logs to see if the attack IP address can be found
18. As the website backstage administrator, how to prevent the backstage page from being searched by others?
Answer: The simplest is to write a filter to determine whether the user is an administrator. If so, you can jump to the administrator page. If not, you can go back to the home page (just add a role field to the Users table to determine this. The second option is to set up a permissions system (based on multiple filters). If you use Java, you can use Spring Security and configure a simple file according to the official documentation. A bit more complex can establish several database tables, user table, permission table, resource table, user – permission table, permission – resource table, permission group table, so you can achieve a very basic permission system
19. Why does SQL injection sometimes have no echo?
Set php.ini to display_errors to off. Also set error_reporting to E_ALL so no errors are displayed.
20. What is APT attack?
APT attack, namely advanced sustainable threat attack, also known as targeted threat attack, refers to an organization’s continuous and effective attack on a specific object.
First, smart phones, tablet computers, USB and other mobile devices as the target and attack object and then invade the enterprise information system.
Ii. Malicious emails of social engineering are one of the key factors for the success of many APT attacks. With the increasingly mature methods of social engineering attacks, it is almost difficult to distinguish the real emails from the fake ones. It can be found from some large enterprises that are subjected to APT attacks that the key factors that threaten these enterprises are all related to ordinary employees being exposed to malicious emails from social engineering. Hackers started by sending phishing emails to specific employees as a source of APT attacks.
Third, the use of firewall, server and other system vulnerabilities to obtain effective credentials to access the enterprise network is another important means to use APT attack
21. What is NTP?
Network Time Protocol (NTP) is a Protocol used to synchronize computer Time. It enables a computer to synchronize its server or clock source (such as quartz clock, GPS, etc.). It can provide high precision Time correction (the difference between the standard and the LAN is less than 1 millisecond, WAN tens of milliseconds). And it can be used to prevent malicious protocol attacks by means of encryption confirmation. Time is propagated according to the level of the NTP server. All servers are grouped into Stratum based on their distance from the external UTC source.
22. What is the principle of webpage tamper-proof?
To monitor the directory files on the Web server, find that there is easy to change the original state in time, to prevent the external or internal unauthorized personnel to tamper with the content of the page and add illegally. It can be implemented in two ways: one is backup, which overwrites if the comparison is inconsistent; the other is triggered by an event. The daemon monitors the operation behavior of receiving and protecting files and blocks the operation if it changes. Deployment mode: a separate management server, and then each Web server installed Agent, responsible for the care.
23.WAF installation position?
If there is a firewall, install it behind the firewall. If there is no firewall, the serial input between the Web server and the access network is before the Web server