Web Security Analysis
Before exploring Web security learning, what is the Web
At this point, you may be asking: Is that a lot to learn?
The answer is: you don’t have to learn very much, but it’s impossible to do a good security study without understanding the subjects. (Originally from the answer of cosine Boss in Zhihu)
So where do you start with all this stuff? Wait until you know what Web security is.
What connects the layers of a Web service is the data flow, and understanding the data flow allows you to know how the data is processed at each layer. The key protocol in data flow is the HTTP protocol. When you understand HTTP, you’ll understand the technical term “I/O.” Hackers submit ‘special data’ through input, and ‘special data’ is processed in each layer of the data stream. If one layer is not processed well, when output, security problems of the corresponding layer will appear, which is the focus of this article – Web security.
Such as:
-
Operating system: If data is not processed properly at the operating system layer, security problems such as command execution may occur.
-
Storage: If data is not handled properly at the storage layer, security issues such as SQL injection may arise.
-
Web container: If the data is not handled well in the Web container layer, it may produce remote overflow, DoS and other security problems;
-
Web server language: Code auditing is also an important skill for security personnel;
-
Web development framework /Web application: If data is not handled well here, it may cause security problems such as command execution.
-
Web front-end framework: If data is not handled well in the Web front-end framework, it may cause security problems such as XSS cross-site scripting.
This is where “I/O” becomes important for security.
What follows is dry stuff
A preliminary understanding of what is Web and easy to produce some security problems, the following specific Web security should learn what, how to learn.
Starting with Web services, the operating system layer is divided into Windows and Linux, Windows and Win10, Win8, Win7, WindowsServer 2016, WindowsServer 2012, WindowsServer 2008, WindowsServer 2003 and other versions, Mainly understand their security configuration and related vulnerabilities.
-
Windows System security configuration:
www.hetianlab.com/cour.do?w=1…
This section describes how to perform security hardening for the Windows operating system
-
Windows system hardening:
www.hetianlab.com/expc.doec=E…
This is also an experiment related to Windows system security hardening.
There are many Windows related knowledge such as file system backup, user management, log cleaning, user password cracking and so on, can be in
www.hetianlab.com/pages/searc…
Learn.
There are many distributions of Linux, such as CentOS, Redhat, Ubuntu, Debian, Fedora, openSUSE and so on. Speaking of Linux, I have to mention the one that has been recommended countless times — “the bird brother Linux private dishes”.
cn.linux.vbird.org/
Pure text reading inevitably makes people feel boring, the author prefers to learn while hands-on operation:
Getting Started with Linux Best Practices:
www.hetianlab.com/cour.do?w=1…
Courses include Linux development, basic file management commands, pipeline commands, account and system management, etc
The storage layer is mainly divided into database storage, memory storage and file storage. The database includes MySQL, Oracle, MSSQL, Access, MongoDB, Redis and so on. The database is the foundation of SQL injection learning.
-
MySQL Database
www.hetianlab.com/expc.do?ec=…
Understand the structure and content of the MySQL table, add users and authorization, delete users and other operations.
-
MongoDB security configuration:
www.hetianlab.com/expc.do?ec=…
The experiment introduces MongoDB database and its security attack and defense practice, through learning this experiment to understand the basic operation and security features of MongoDB.
-
Redis Database Security Practices:
www.hetianlab.com/cour.do?w=1…
-
Systematic LEARNING of SQL and MySQL can also be carried out on W3CSchool.
The Web container includes Apache, IIS, and Nginx.
-
PHP collection environment software phpStudy
www.phpstudy.net/phpstudy/ph…
-
JSP collection environment software jspStudy:
www.phpstudy.net/phpstudy/Js…
-
ASP set environment software small whirlwind ASP server:
www.jb51.net/softs/35167…
The first phpStudy set Apache, MySQL and PHP, put the Web source code into phpStudy to build their own Web server. Specific tutorial by Baidu, here do not put the link.
Web server language: mentioned before the code audit, the introduction of Web security does not need to systematically learn the language, it is a waste of time, as long as usually in the analysis of vulnerability principle, view the source code of the target website, such as important functions, methods and other understanding, can draw lessons from one another.
-
PHP basis:
www.hetianlab.com/cour.do?w=1…
Through the basic experiment to understand THE PHP language, to lay the foundation for the subsequent study.
-
PHP code audit:
www.hetianlab.com/cour.do?w=1…
Through this experiment, you can learn the basic knowledge of PHP code auditing and common danger functions of PHP
Web Frameworks/Applications: Development frameworks include Struts2, React, Django, thinkPHP, etc. Front-end frameworks include jQuery, Bootstrap, HTML5, semanticUI, Pure, etc. Web applications include BBS, blog, You do not need to build Web applications using various CMS such as Discuz, Metinfo, Joomla, etc. You only need to know what vulnerabilities exist in each CMS, how they work, how to exploit them, and how to fix them.
After the horizontal learning path is introduced, start the vertical learning data flow “HTTP from Getting Started to giving up”.
Protocol is a hard thing to learn just by reading a book. Is there a quick way to master it?
Really, by learning some introductory HTTP protocol, and then the browser F12 look at the “Network” tag HTTP request response, combined with wireshark and other protocol analysis software, within a few hours, you can probably know what the HTTP protocol is.
-
HTTP Protocol Basics:
www.hetianlab.com/expc.do?ce=…
-
HTTP protocol for Data packet capture and analysis:
www.hetianlab.com/expc.do?ec=…
This section describes how to use wireshark to understand the HTTP protocol.
-
Other protocols are analyzed using Wireshark:
www.hetianlab.com/cour.do?w=1…
After combing the study of Web services, the following formally began to get started on Web security, master the following, even if the Introduction of Web security.
1. Command execution
-
Command execution vulnerability:
www.hetianlab.com/expc.do?ec=…
Through experiments to understand the causes of command execution vulnerabilities, learn the use and repair of vulnerabilities.
-
ImageMagick Command Execution vulnerability:
www.hetianlab.com/expc.do?ec=…
As a large number of Web programs use the extension of ImageMagic, resulting in the local command execution vulnerability in the Web environment can be triggered remotely, great harm.
-
Memcached Remote command Execution vulnerability:
www.hetianlab.com/expc.do?ec=…
-
Learn the use and repair method of memcached remote command execution vulnerability through experiment.
-
There are many learning examples of command execution vulnerability:
www.hetianlab.com/pages/searc…
2. SQL injection
Including Boolean blind injection, time blind injection, error injection, federated query injection, wide byte injection, second injection.
-
Penetrate SQL injection:
www.hetianlab.com/cour.do?w=1…
Before getting started, understand how SQL injection works:
-
SQL Injection:
www.hetianlab.com/cour.do?w=1…
Nine experiments to get you started with SQL Injection:
-
There is an injection called SQL injection:
www.hetianlab.com/expc.do?ce=…
From the basis of SQL statement to the formation of SQL injection vulnerability and practical use, let you know what is SQL injection.
3. File upload
Including the client bypass JS check for upload and server bypass suffix and content check for upload, server bypass also includes special suffix deception upload, with parsing vulnerability upload, truncated upload and so on.
-
File upload vulnerability:
www.hetianlab.com/expc.do?ec=…
Learn why file upload vulnerabilities occur and how to exploit and fix them.
-
File upload vulnerability:
www.hetianlab.com/expc.do?ce=…
Through this public class to learn the cause of the file upload vulnerability, and file upload bypass various positions.
-
KindEditor File upload Vulnerability Analysis and utilization:
www.hetianlab.com/expc.do?ce=…
KindEditor editor component recently broke the file upload vulnerability, through the experiment to restore the invasion process, understand the vulnerability principle and protection methods.
Iv. File inclusion
Include local files and remote files.
-
File contains vulnerabilities:
www.hetianlab.com/expc.do?ec=…
-
Simple files include:
www.hetianlab.com/expc.do?ec=…
Five, overflow, Dos
-
Buffer Overflow Basics and Practices:
www.hetianlab.com/expc.do?ec=…
Through experiments, we can understand the principle and harm of buffer overflow, master the basic methods of buffer overflow, and learn to carry out common buffer overflow attacks.
-
Buffer overflow vulnerability debugging and analysis:
www.hetianlab.com/expc.do?ec=…
Buffer overflow attacks can cause program failure, system breakdown, and restart.
-
Actual mining an FTP server overflow vulnerability:
www.hetianlab.com/expc.do?ec=…
Understand the manifestations and utilization methods of FTP service vulnerability.
6. Cross-site Scripting (XSS)
These include reflective XSS, storage XSS, and DOM XSS. Before learning XSS, you should be familiar with HTML/CSS and JavaScript, otherwise it is difficult to study XSS well.
-
HTML:
www.hetianlab.com/expc.do?ec=…
Understand the basic structure and tags of HTML.
-
JavaScript:
www.hetianlab.com/expc.do?ec=…
Understand what JavaScript is, understand DOM operation and BOM operation.
-
Penetration XSS:
www.hetianlab.com/cour.do?w=1…
Learn the principles of XSS vulnerability and how to use XSS vulnerability for penetration testing of target systems.
7. Cross-site Request Forgery (CSRF)
There are two types: GET and POST.
Penetration CSRF:
www.hetianlab.com/cour.do?w=1…
XML External Entity Injection Attack (XXE)
Before learning XXE, you should be familiar with XML language, otherwise it is difficult to study XXE well.
XXE vulnerability attack and Defense:
www.hetianlab.com/cour.do?w=1…
Including XXE vulnerability analysis and related components XXE vulnerability learning:
9. Resolve vulnerabilities
-
Apache parsing vulnerability:
www.hetianlab.com/expc.do?ec=…
Understand vulnerability analysis principle, common attack methods and effective defense means.
-
Nginx parse vulnerability:
www.hetianlab.com/expc.do?ec=…
-
Use of IIS resolution vulnerability in fckEditor upload attack:
www.hetianlab.com/expc.do?ec=…
Through the experiment to learn the parse vulnerability of IIS6.0, master the use method of PARSE vulnerability of IIS6.0 in fckEditor upload attack.
Identity authentication and Access control
-
Unified Identity authentication:
www.hetianlab.com/expc.do?ec=…
The process of determining whether a user is a valid user.
-
Unauthorized access:
www.hetianlab.com/expc.do?ec=…
Illegal users access the network or system to perform illegal operations, and legitimate users perform unauthorized operations.
-
Jenkins unauthorized access exploit practices:
www.hetianlab.com/expc.do?ec=…
11. Deserialization
Including PHP deserialization, Java deserialization, Python deserialization and so on.
-
PHP deserialization vulnerability:
www.hetianlab.com/expc.do?ec=…
Understand what deserialization vulnerabilities are, what causes them, and how to mine and prevent deserialization vulnerabilities.
-
Java deserialization vulnerability:
www.hetianlab.com/expc.do?ec=…
Take ApacheCommons Collections3 as an example, analyze and reproduce the Java deserialization vulnerability.
-
Python deserialization vulnerability:
www.hetianlab.com/expc.do?ec=…
Understand the mechanism of Python deserialization vulnerability and enhance security awareness.
Web Framework/Application security
Previously mentioned Struts2, React, Django, thinkPHP and other development frameworks, jQuery, Bootstrap, HTML5, semanticUI, Pure and other front-end frameworks, and discuz, Metinfo, Joomla and other CMS.
-
Struts2 framework security:
www.hetianlab.com/expc.do?ec=…
-
Struts2 (S2-045) Remote Command Execution Vulnerability Analysis and Replication:
www.hetianlab.com/expc.do?ec=…
-
ThinkPHP5 Remote Code Execution Vulnerability
www.hetianlab.com/expc.do?ce=…
-
Joomla Unauthorized account creation/permission promotion vulnerability:
www.hetianlab.com/expc.do?ce=…
-
Joomla Deserialization remote Code Execution vulnerability:
www.hetianlab.com/expc.do?ec=…
-
BEEF framework attack:
www.hetianlab.com/cour.do?w=1…
Based on the WordPress blog system and typical XSS vulnerabilities, the common commands and attack methods of each module under the PLATFORM of BEEF are studied in detail.
! [image](https://upload-images.jianshu.io/upload_images/1192537-4524aafd781fe728? imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)Copy the code
Is there a sense of doubt about life here?
No doubt, the entry Web security is not as difficult as you imagine, understand the above said, you will feel you are a little white what do not know?
instructions
This article from he Tianzhihui public number, reprint please indicate the source
About hetian Net security laboratory
Hetian Network security Laboratory (www.hetianlab.com) – China’s leading practical network security online education platform
Real environment, online practice learning network security; The experiment covers: system security, software security, network security, Web security, mobile security, CTF, forensic analysis, penetration testing, network security awareness education, etc.