半瓶墨水 - 任中方

做了一个online training，随手记了一些notes：

Security Attacks（网络漏洞）
　　Cross-site scripting
　　　　Name=what
　　　　任意执行js代码
　　　　获取另一个受限网页
　　　　获取cookie
　　　　Javascript(ajax) could also cause the problem
　　Canonicalization
　　　　Damage: ././TEST, TEST::$DATA
　　　　If you only judge “TEST” then you lose
　　SQL Injection
　　　　Name=what’ or 1, then xxx
　　　　Name=’;'drop xxx;shutdown’;
　　HTTP response splitting
　　　　Item=3120%0d%0atest
　　Cross-site request forgery
　　　　http://twitter.com/sendmessage/{{msg}}
　　ActiveX
　　　　No security at all, could damage the computer itself!

Mitigating（攻击防范）
　　Limitations:
　　　　HTTP Referrer Validation: block normal use, modify the referer header
　　　　ASP.NET ValidateRequest: MS07-040
　　　　Client-side Validation: by-pass
　　　　String Replacement:
　　　　HTTP POST: simulate post on another webpage
　　Best Practice:
　　　　Input Validation: Allow lists instead of Block lists(django url mapping)
　　　　Authenticate and Authorize
　　　　Trusted IP filtering
　　　　HTML Encoding(escaping)
　　　　AntiXSS
　　　　CSRF: Include a unique page-specific token that is included in all url links and forms sent to the use

http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
http://www.owasp.org/index.php/Cross-site-scripting
http://www.webappsec.org/projects/whid/
http://www.cgisecurity.com/csrf-faq.html

七月 23rd, 2009 | 分类: 编程随笔 | 阅读(1509) | | (给个分吧)  Loading ...