Defend against common Web attacks

What are SQL injection attacks

The attacker injects malicious SQL code into the HTTP request. When the server constructs database SQL commands using parameters, the malicious SQL is constructed together and executed in the database.

Lianggzone user login, enter your user name and password ‘or’ 1 ‘=’ 1, if the way of using parameter structure, will be out

Select * from user where name = 'lianggzone' and password = 'lianggzone' or '1' = '1'Copy the code

Ensure that the list of users queried is not empty, regardless of the user name and password. Using a PrepareStatement prepared for SQL injection is mandatory, but it is usually done in both directions.

Web side

1) Validity test.

2) Limit the length of string input.

The service side

1) Do not concatenate SQL strings.

2) Use a pre-compiled PrepareStatement. 3) Validity test. Why does the server need validation? The first rule, external are not trusted, to prevent attackers from bypassing Web requests)

4) Filter special characters in parameters required by SQL. Such as single quotes, double quotes.

The following content involves: interview questions (including answers) + study notes + electronic books + study video, you can get it from my homepage

What is an XSS attack

Cross-site scripting attack refers to an attack in which attackers tamper with web pages and embed malicious scripts to control users’ browsers to perform malicious operations. How do I defend against XSS attacks

1) The front end, the server side, also requires a string input length limit.

2) The front end, the server, at the same time need to HTML escape processing. The “<“, “>” and other special characters are escaped and encoded.

The core of anti-XSS is that the input data must be filtered.

What is a CSRF attack

Cross-site request forgery refers to an attacker performing illegal operations as a legitimate user through cross-site request. Think of a CSRF attack this way: An attacker steals your identity and sends malicious requests to third-party websites on your behalf. CRSF can do things like email, text, transfer transactions, and even steal account information using your identity. How to prevent

CSRF attacks

Security frameworks, such as Spring Security.

Token mechanism. Token authentication is performed in an HTTP request. If the request contains no token or incorrect token content, the request is rejected as a CSRF attack.

Verification code. In most cases, captchas are a good deterrent to CSRF attacks, but in many cases, for user experience reasons, captchas are only an adjunct rather than a primary solution.

Referer identification. In the HTTP Header there is a field Referer, which records the source address of the HTTP request. If the Referer is any other site, it could be a CSRF attack, and the request is rejected. However, not all servers can access the Referer. Many users restrict Referer for privacy reasons. Browsers also do not send Referer in some cases, such as HTTPS to HTTP.

1) Verify the source address of the request;

2) Add verification codes for key operations;

3) Add token at request address and verify.

What is a file upload vulnerability

File upload vulnerability refers to a situation where a user uploads an executable script file and gains the ability to execute server commands through the script file.

Many third-party frameworks and services have been exposed to file upload vulnerabilities, such as Struts2 and rich text editors long ago. Attackers can upload malicious code, and the server may be hacked. How to Prevent File Upload Vulnerabilities The directory for uploading files is set to unexecutable.

1) Determine the file type. When determining the file Type, you can use MIME Type, suffix check, and so on. For uploaded files, the type of file cannot be determined simply by the suffix name, because attackers can change the suffix name of executable files to pictures or other suffix types to induce users to execute.

2) Whitelist verification is performed on uploaded file types, and only reliable file types are allowed to be uploaded.

3) The uploaded file needs to be renamed so that the attacker cannot guess the access path of the uploaded file, which will greatly increase the attack cost. Meanwhile, the attack cannot be successfully carried out on the file like shell.php.rar.ara because of the rename.

4) Limit the size of uploaded files.

5) Set a separate domain name for the file server.

DDos attack

The client sends the request link packet to the server, the server sends the acknowledgement packet to the client, the client does not send the acknowledgement packet to the server, and the server waits for the acknowledgement from the client. There is no radical cure, except not using TCP

DDos prevention:

1) Limit the number of SYN half-links that can be opened simultaneously

2) Shorten the Time out Time for SYN half-links

3) Shut down unnecessary services

Important agreement

The working principle of ARP

The Address Resolution Protocol (ARP) is used to obtain physical addresses based on IP addresses

TCP/IP protocol.

1. The Ethernet data frame that sends the ARP request is broadcast to each host on the Ethernet. The ARP request frame contains the IP address of the destination host.

2. After receiving the ARP request, the destination host sends an ARP reply containing the MAC address of the destination host.

ARP works as follows:

Each host creates an ARP list in its ARP buffer to represent the mapping between IP addresses and MAC addresses.

When a host (a network interface) is added to a network (the MAC address may change or the interface may restart), the host sends gratuitous ARP packets to broadcast the mapping between its IP address and MAC address to other hosts.

When receiving gratuitous ARP packets, hosts on the network update their OWN ARP buffers. Update the new mapping to its own ARP table.

When a host needs to send packets, it checks whether the MAC address of the destination host with the corresponding IP address exists in the ARP list

If yes, data is directly sent. If no, ARP packets are sent to all hosts on the network segment. The ARP packets contain the source host IP address, source host MAC address, and destination host IP address.

When all hosts on the local network receive the ARP packet:

(A) First check whether the IP address in the packet is its own IP address. If not, ignore the packet.

(B) If yes, the IP and MAC addresses of the source host are written into the ARP list. If they already exist, the IP and MAC addresses of the source host are overwritten.

(C) Then write its OWN MAC address into the ARP response packet to tell the source host that it is the MAC address it is looking for.

The source host receives an ARP response packet. Writes the IP and MAC addresses of the destination host to the ARP list and uses this

Message sends data. If the source host does not receive ARP response packets, ARP query fails. ARP cache (ARP table) is the key to efficient ARP address resolution protocol

What is RARP? The working principle of

summary

Reverse Address translation protocol, network layer protocol, RARP and ARP work in the opposite way. RARP enables only known from

The IP address of the host with the hardware address can be known. RARP sends the physical address to be interpreted backwards and expects to return its IP address. The reply includes the IP address sent by the RARP server that can provide the required information.

The principle of

(1) Each device on the network has a unique hardware address, usually a MAC address assigned by the device manufacturer. The host reads the MAC address from the nic and sends a broadcast packet with an RARP request over the network, asking the RARP server to reply to the HOST’s IP address.

(2) The RARP server receives the RARP request packet, assigns an IP address to it, and sends the RARP response to the host.

(3)PC1 receives an RARP response and uses the obtained IP address to communicate.

The following content relates to the information what the need of partners can be free in the homepage of the introduction

What is DNS? How DNS works

process

The host domain name is converted to an IP address, which is an application-layer protocol and is transmitted using UDP. (DNS application layer protocol, used to have an examiner asked)

conclusion

Browser cache, system cache, router cache, IPS server cache, root DNS cache, TOP-LEVEL DNS cache, master DNS cache.

1. The host generally adopts recursive query to the local domain name server.

Iterative query of local DNS server to root DNS server.

1. When a user enters a domain name, the browser checks whether the IP address mapped to the domain name exists in the cache.

2. If no, check whether the result has been parsed in the operating system cache (for example, Windows hosts).

3. If no match is found, local domain name server resolution (LDNS) is requested.

4. If the LDNS does not match, the server directly hops to the root DNS server for resolution. The root DNS server returns a primary DNS address to the LDNS.

5. The LDNS then sends a request to the gTLD returned in the previous step. The gTLD that receives the request looks up and returns the address of the Name Server corresponding to this domain Name

6. The Name Server finds the target IP address based on the mapping table and returns it to the LDNS

7. LDNS caches the domain name and the corresponding IP address and returns the resolution result to the user. The user caches the resolution result to the local system cache based on the TTL value. The domain name resolution process is complete

What is RIP? Working principles of RIP

RIP Dynamic Routing Protocol (Network Layer Protocol)

RIP is a protocol based on the distance-vector algorithm. It uses the Hop Count as a metric to measure the route Distance to the destination network. RIP exchanges routing information through UDP packets and uses port 520.

Working principle:

RIP uses UNPDATES and REQUESTS to transmit information.

Each RIP-enabled router broadcasts updates to directly connected machines every 30 seconds using UDP520 port. In addition, “number of distance segments” (i.e. “hop number”) is used as the scale of network distance. Each router adds an internal distance to each path when it sends routing information to neighboring routers. Convergence mechanism of router:

One problem with any distance vector routing protocol (such as RIP) is that the router does not know the global situation of the network and must rely on neighboring routers to obtain the reachability information of the network. Due to the slow propagation of routing update information on the network, the distance vector routing algorithm has a slow convergence problem, which will lead to inconsistency.

RIP has fewer problems caused by route convergence:

1) Counting to infinity mechanism: RIP allows a maximum of 15 hops. A destination greater than 15 is considered unreachable. A path is deleted from the routing table only when its hop count exceeds 15.

2) Horizontal segmentation: the router does not send back the path in the direction of its arrival. After the router interface is enabled, the router records the interface from which the path came and does not send the path back to the interface.

3) Horizontal segmentation method of destruction reversal: ignore the path obtained from a router in the update process and then sent back to the router

4) Hold timer method: prevents the router from receiving new routing information within a certain period (usually 180 seconds) after the path is deleted from the routing table. Ensure that each router receives a path unreachable message

5) Trigger update method: When the hop count of a path changes, the router will immediately send an update message, regardless of whether the router has reached the conventional information update time.

The disadvantage of RIP

1. RIP can only be applied to small-scale networks because 15 hops is the maximum value. 2. Slow convergence; 3. The route selected based on the hop count may not be the optimal route.

OSPF protocol? OSPF working principles

OSPF (Open Shortest Pass First) is the most commonly used Intranet network management protocol and a link-status protocol. (Network layer protocol,)

Principle:

In OSPF multicast mode, Hello packets are sent to all interfaces with OSPF enabled to determine whether there are OSPF neighbors. If yes, OSPF neighbor relationships are established and a neighbor table is formed. Then lsas are sent to advertise routes to each other and LSDB is formed. The SPF algorithm is used to calculate the optimal path with the lowest cost and add the path to the routing table.

What are the differences between TCP and UDP?

1.TCP provides reliable services for connections (for example, to make a phone call, you must dial up to establish a connection). UDP is connectionless, that is, no connection is required before sending data. UDP does its best to deliver, i.e. reliable delivery is not guaranteed. (Because UDP does not need to establish a connection, UDP does not introduce the delay of establishing a connection. TCP needs to maintain the connection state in the end system, such as the accept and send cache, congestion control, and the parameters of the serial number and confirmation number. Therefore, TCP is slower than UDP.)

2.UDP has better real-time performance, higher work efficiency than TCP, suitable for high-speed transmission and real-time communication or broadcast communication.

3. Each TCP connection can be one-to-one. UDP supports one-to-one, one-to-many, many-to-one and many-to-many interactive communication

4. The cost of UDP packet header is small, and the cost of TCP header is 20 bytes. The header of UDP has a small overhead of only 8 bytes.

5. TCP byte stream oriented, in fact, TCP treats data as a series of unstructured byte streams; UDP is packet oriented (one complete packet is delivered at a time. The packet is indivisible, and the packet is the smallest unit of UDP packet processing).

6.UDP is suitable for network applications that transmit small amounts of data at one time, such as DNS and SNMP

What is a three-way handshake and a four-way wave? Why does TCP need three handshakes?

First handshake: When establishing a connection, the client sends a SYN packet (SYN = J) to the server and enters the SYN_SEND state waiting for the server to confirm the connection.

Second handshake: After receiving a SYN packet, the server must acknowledge the client’s SYN (ACK = J +1) and send a SYN packet (ACK = K). In this case, the server enters the SYN_RECV state.

Third handshake: After receiving the SYN+ACK packet from the server, the client sends an ACK packet (ACK = K +1) to the server. After the packet is sent, the client and the server enter the ESTABLISHED state to complete the three-way handshake.

After completing the three-way handshake, the Client and Server begin to transmit data. The Client sends the FIN to enter the FIN_WAIT1 state, which is used to close the data transmission from the Client to the Server. The Server receives the FIN, sends an ACK, and enters the CLOSE_WAIT state. Enter the FIN_WAIT2 state

The Server sends the FIN to the LAST_ACK state to disable data transfer from the Server to the Client

The client receives the FIN, sends an ACK, and enters the TIME_WAIT state. The server receives the ACK, and enters the CLOSE state (wait 2MSL, about 4 minutes). The main thing is to prevent the last ACK from being lost.

First wave: The active closing party sends a FIN to shut down the data transmission from the active to the passive closing party, that is, the active closing party tells the passive closing party: I will not send you any more data (of course, if the data sent before the FIN packet is not received, the active closing party will resend the data), but the active closing party can still accept the data at this time.

Second wave: After receiving a FIN packet, the passive closing party sends an ACK with the received sequence number +1 (the same as SYN, one FIN occupies one sequence number).

Third wave: The passive closing party sends a FIN to close the data transfer from the passive closing party to the active closing party, which tells the active closing party that MY data has also been sent and I will not send you any more data.

Fourth wave: After the active closing party receives the FIN, it sends an ACK to the passive closing party and confirms that the serial number is +1. Thus, the four waves are completed.

GET and POST

Get is to get data, and POST is to modify data

Get puts the requested data on the URL to? Split URL and transfer data, parameters are concatenated with ampersand, so get is not secure. Post puts the data inside the HTTP package (Requrest Body)

Get submits a maximum of 2k data (the limit actually depends on the browser), whereas POST theoretically has no limit.

GET generates a TCP packet. The browser sends HTTP headers and data together. The server responds with 200(return data). POST generates two TCP packets. The browser sends a header, the server responds with 100 continue, the browser sends data, and the server responds with 200 OK (returns data).

GET requests are actively cached by browsers, whereas POST is not, unless set manually.

GET is idempotent, POST is not

Cookies are different from sessions

Cookies and sessions are both solutions for maintaining state between client and server

1. Different storage locations

Cookie: stored on the client. Session: stored on the server. The data stored in a Session is secure

2. Different data types are stored

Cookie: value can only be a string type. Session: value can be Object type 3. The data size limits are different

Cookie: size is limited by browser, many are 4K size, session: theoretically limited by current memory,

4. Life cycle control

The cookie’s life cycle dies when the browser closes

(1) The cookie’s life cycle is cumulative. It starts to be timed from the time of creation. After 20 minutes, the cookie’s life cycle ends

(2) The life cycle of the session is interval. From the time of creation, if the session is not accessed in 20 minutes, then the life cycle of the session is destroyed

How does session work?

Session works as follows: After the client logs in, the server creates a corresponding session. After the session is created, the server sends the SESSION ID to the client, and the client stores the SESSION ID in the browser. In this way, every time the client accesses the server, it will bring the sessionID. After the server obtains the SessionID, it will find the corresponding session in the memory, and then it can work normally.

A complete HTTP request process

The server responds to the HTTP request. The browser gets the HTML code. The browser parses the HTML code. And request resources in HTML code (such as JS, CSS, images, etc.) -> browser to render the page to the user.

The difference between HTTPS and HTTP

1. The data transmitted through HTTP is unencrypted, that is, plain text. Therefore, it is insecure to use HTTP to transmit privacy information.

2. HTTPS requires you to apply for a certificate from a CA. Generally, there are few free certificates, so a certain cost is required.

3. HTTP and HTTPS use completely different connection methods and different ports, the former is 80 and the latter is 443.

What are the SEVEN layers of the OSI model?

Physical layer: the transmission medium is used to provide physical connection for the data link layer to realize the transparent transmission of bitstream.

Data link layer: Receives bitstream data from the physical layer, encapsulates it into frames, and transmits it to the upper layer

Network layer: the network address is translated into the corresponding physical address, and the routing algorithm is used to select the most appropriate path for the packet to pass through the communication subnet.

Transport layer: Provides reliable and transparent data transfer between source and destination

Session layer: Responsible for establishing, maintaining, and terminating communication between two nodes in the network

Presentation layer: dealing with the presentation of user information, data encoding, compression and decompression, data encryption and decryption

Application layer: Provides network communication services for user application processes

The difference between HTTP long and short connections

Short connections are used by default in HTTP/1.0. That is, each time the client and server perform an HTTP operation, a connection is established and broken at the end of the task. From HTTP/1.1 onwards, long connections are used by default to preserve the connection feature. What is TCP sticky/unpack? What causes it? Solution A complete service may be divided into multiple packets and sent by TCP, or several small packets may be encapsulated into one large packet and sent. This is the problem of TCP packet unpacking and sticky packets. The reason:

1. The size of the bytes written by the application is larger than the size of the socket send buffer. (MSS=TCP segment length -TCP header length)3. The Payload on the Ethernet is greater than the MTU. (MTU refers to the maximum size of packets that can pass through a layer of a communication protocol.)

Solution:

1. Message length fixed.
2. Special characters such as carriage return or space characters are added to the end of the package for segmentation
3. Divide messages into headers and tails. 4. Use other complex protocols, such as RTMP.

How does TCP ensure reliable transmission?

• Three-way handshake
• Truncate data to a reasonable length. The application data is divided into data blocks (numbered by bytes, reasonably fragmented) that TCP considers most suitable for sending.
• Timeout resends. When TCP sends a segment, it starts a timer and resends it if an acknowledgement cannot be received in time
• Acknowledge reply: An acknowledgement response is given to a received request
• Checksum: Indicates that packet errors are verified. Packet segments are discarded and no response is given
• Serial number: The out-of-order data is reordered before it is handed to the application layer
• Discard duplicate data: Duplicate data can be discarded
• Flow control: Each side of the TCP connection has a fixed amount of buffer space. The receiving end of TCP allows the other end to send only as much data as the receiving end buffer can accept. This prevents faster hosts from overrunning the buffer for slower hosts.
• Congestion control: Reduces data transmission when the network is congested.
• Checksum serial number
• Confirmation reply
• Timeout retransmission
• Connection management
• Flow control
• Congestion control

What are the common status codes?

403 Forbidden // The server receives the request but refuses to provide the service 404 Not Found // The requested resource does Not exist, eg: An incorrect URL is entered

500 Internal Server Error // An unexpected Error occurs on the Server. The unified Resource Identifier (URI) is used to uniquely identify a resource. A URL can be used to identify a resource and also specify how to locate the resource.

What is SSL? How HTTPS ensures secure data transfer (how SSL works)

SSL stands for Secure Socket Layer. It is a protocol for encrypting and validating data sent between applications, such as browsers, and Web servers. Https’s encryption mechanism is a shared key encryption and public secret

Key encryption and a hybrid encryption mechanism. SSL/TLS authenticates users and services, encrypts data, and maintains data integrity. The encryption and decryption of application-layer protocols require two different keys, which is called asymmetric encryption. Both encryption and decryption use symmetric encryption with the same key. HTTPS is based on asymmetric encryption, and the public key is public.

(1) The client initiates an SSL connection request to the server;

(2) The server sends the public key to the client, and the server saves the unique private key

(3) The client uses the public key to encrypt the symmetric secret key for communication between the two sides and sends it to the server

(4) The server uses its unique private key to decrypt the symmetric secret key sent by the client.

(5) For data transmission, both the server and the client encrypt and decrypt the data with the same public symmetric secret key, which can ensure the security in the process of data receiving and receiving. That is, the third party obtains the data packet, but also cannot encrypt, decrypt and tamper with it. Because digital signature, digest is the key weapon of certificate anti-counterfeiting. A digest is a fixed length string calculated using a hash algorithm for the transmitted content. Then, the CA’s private key is used to encrypt the abstract, and the result is a “digital signature”.

The BASIC idea of THE SSL/TLS protocol is to use the public key encryption method. That is, the client first requests the public key from the server, and then encrypts the information using the public key. After receiving the ciphertext, the server uses its private key to decrypt it.

How to ensure that the public key is not tampered with?

Put the public key in the digital certificate. The public key is trusted as long as the certificate is trusted.

Public key encryption requires too much computation. How to reduce the time consumed?

For each session, the client and server generate a session key, which is used to encrypt information. Because the “conversation key” is symmetric encryption, it is very fast, whereas the server public key is only used for encryption.”

The dialog key itself, thus reducing the time consumed by encryption operations.

(1) The client requests and verifies the public key from the server.

(2) Both parties negotiate to generate the “dialogue key”.

(3) Both parties use the “dialogue key” for encrypted communication. The first two steps are called the handshake.

Computer Networks

SSL working process, A: client, B: server

1. Negotiate encryption algorithm: USER A sends the SSL version number and available encryption algorithm to user B. User B selects the algorithm supported by itself and informs user A

2. Server authentication: User B sends A digital certificate containing the public key to USER A. User A uses the public key published by the CA to verify the certificate

3. Session key calculation: USER A generates A random secret number, encrypts it with user B’s public key and sends it to USER B. User B generates A shared symmetric session key based on the negotiated algorithm and sends it to User A.

4. Secure data transmission: Both parties use the session key to encrypt and decrypt the data transmitted between them and verify its integrity

TCP Indicates the application layer protocol

FTP: defines the file transfer protocol and uses port 21.

Telnet: This is a port used for remote login, port 23

SMTP: defines the simple mail transfer protocol, the server is open port 25.

POP3: corresponds to SMTP. POP3 is used to receive mails.

UDP Indicates the application-layer protocol

DNS: used for domain name resolution service, using port 53

SNMP: simple network management protocol, using port 161

Trival File Transfer Protocal (TFTP) : simple File Transfer protocol

The above “network security core knowledge summary” I have all packed ready for everyone, I hope you are learning to help!