Web Security Training notes / 网络漏洞与攻击防范笔记

作者:半瓶墨水   链接:http://www.2maomao.com/blog/web-security-training-notes/

做了一个online training,随手记了一些notes:


Security Attacks(网络漏洞)
  Cross-site scripting
    Name=what
    任意执行js代码
    获取另一个受限网页
    获取cookie
    Javascript(ajax) could also cause the problem
  Canonicalization
    Damage: ././TEST, TEST::$DATA
    If you only judge “TEST” then you lose
  SQL Injection
    Name=what’ or 1, then xxx
    Name=’;’drop xxx;shutdown’;
  HTTP response splitting
    Item=3120%0d%0atest
  Cross-site request forgery
    http://twitter.com/sendmessage/{{msg}}
  ActiveX
    No security at all, could damage the computer itself!

Mitigating(攻击防范)
  Limitations:
    HTTP Referrer Validation: block normal use, modify the referer header
    ASP.NET ValidateRequest: MS07-040
    Client-side Validation: by-pass
    String Replacement:
    HTTP POST: simulate post on another webpage
  Best Practice:
    Input Validation: Allow lists instead of Block lists(django url mapping)
    Authenticate and Authorize
    Trusted IP filtering
    HTML Encoding(escaping)
    AntiXSS
    CSRF: Include a unique page-specific token that is included in all url links and forms sent to the use

http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
http://www.owasp.org/index.php/Cross-site-scripting
http://www.webappsec.org/projects/whid/
http://www.cgisecurity.com/csrf-faq.html

留下回复