What are the Methods of Web security attacks? And how to prevent it

Common examples are XSS, CSRF, and SQL injection

XSS (Cross Site Scripting) Cross-site scripting attacks

Definition: An attacker inserts a script on a web page, and the malicious script is executed when users browse the web page

XSS attacks fall into three categories: storage (persistent), reflection (non-persistent), and DOM based

How to prevent:

Set HttpOnly to avoid dangerous filtering of cookie hijacking, for example

Cross Site Request Forgery (CSRF

Definition: An attack that hijacks a trusted user to send an unexpected request to the server

How to prevent:

Verify that the HTTP Referer field requests the token to be added to the address and verifies the custom attributes in the HTTP header and validates

SQL Injection

Definition: Unauthorized access to database information

How to prevent:

Put an end to user submitted parameters into the library and execute in the code layer, SQL statements are not allowed to appear in the web input parameters, SQL escape for all parameters online test, need to use SQL automatic injection tool for all page SQL injection test

What are the Methods of Web security attacks? And how to prevent it

XSS (Cross Site Scripting) Cross-site scripting attacks

Cross Site Request Forgery (CSRF

SQL Injection

Related Posts

Computer network knowledge the front-end must know — (TCP)

Change the address bar without a refresh using the History API

JS learning – simple use of jQuery