What are common web security vulnerabilities and testing methods?

1. Six basic principles of security testing:

Authentication: Return of requests for authenticated users

Access control: Permission control and data protection for unauthenticated users

Integrity: The user must accurately receive the information sent by the server

Confidentiality: The information must be accurately delivered to the intended user

Reliability: How often does it fail? How long does it take for the network to recover from a failure? What steps are taken to deal with catastrophic failure? (Personally, I understand that this place should be more biased towards the category of fault-tolerance and disaster-tolerance testing)

Non-repudiation: Users should be able to prove that the data received comes from a specific server

2. Common security test content

Permission Control

SQL Injection

URL Security Test

XSS (Cross-site Scripting Attack)

CSRF (Cross-site Request Forgery) )

URL jump vulnerability

Other security considerations

3. What causes security problems in Web applications? Generally, there are several reasons:

1. Complex application systems have a large amount of code and many developers, so negligence is inevitable.

2. The system has been upgraded many times and personnel have been changed frequently, resulting in code inconsistency.

3. Multiple Web systems such as historical legacy systems and trial operation systems run together on the same server.

4. Developers have not received secure coding training or the company simply does not have unified secure coding standards.

5. The testers are inexperienced or released without professional security assessment testing.

6. There is no verification of user input, here are a few examples:

1) Never trust user input, verify user input

2) Numeric input must be legal numbers

3) Character input requires special processing of encoding symbols

4) Verify all input points, including Get, Post, Cookies and other HTTP headers

4. Common vulnerabilities and solutions in security testing:

1. XSS cross-site scripting attack

SS is similar to SQL injection, XSS is Inserting malicious scripts through web pages mainly uses front-end HTML and JavaScript scripts. When the user browses the web, an attack method is implemented to control the user's browser behavior.

A successful XSS can obtain the user's cookie and use the cookie to steal the user's operating permissions for the website; it can also obtain the user's contact list and use the identity of the attacker to target specific targets. Send a lot of spam to the group, etc.

XSS is divided into three categories: storage type (persistent XSS), reflection type (non-persistent XSS), and DOM type.

Test method:

In the data input interface, enter: <script>alert(/123/)</script>. If a dialog box pops up after successful saving, it indicates that there is An XSS vulnerability.

Or change the parameters in the url request to <script>alert(/123/)</script>. If a dialog box pops up on the page, it indicates that there is an XSS vulnerability.

2. SQL injection

SQL injection is to insert SQL commands into the Web form submission or enter the query character

string of the domain name or page request, and ultimately deceive the server to execute Malicious SQL commands.

The possible harms caused by SQL injection include: web pages and data are tampered with, core data is stolen, and the server where the database is located is attacked and turned into a puppet host.

For example, some websites do not use precompiled sql, and some fields entered by the user on the interface are added to the sql. It is very likely that these fields contain some malicious sql commands. For example: password = "1' OR '1'='1"; even if you don't know the user password, you can log in normally.

Test method:

On the page that needs to be queried, enter the correct query conditions and simple sql statements such as 1=1, and check the response results. If the results returned by entering the correct query conditions are consistent, it means The application does not filter user input, and it can be initially determined that there is a SQL injection vulnerability.

Modification suggestions:

Verify user input, you can use regular expressions, or limit the length ;Convert the following keywords, etc.;

||alert|and|exec|execute|insert|select|delete|update|count|drop|chr|mid|master|truncate|declare|sitename|netuser |xp_cmdshell|or| |,|like'|and|exec|execute|insert|create|drop|table|from|grant|group_concat|column_name|information_schema.columns|table_schema|union|where|select|delete|update|order |by|count|chr|mid|master|truncate|declare|or|--| |,|like|//

Do not use dynamic assembly sql, you can use parameterized sql or directly use stored procedures Perform data query and access;

Do not use database connections with administrator privileges, use separate database connections with limited permissions for each application;

Exception information for applications should be given as little as possible Tip, it is best to wrap the original error message with a custom error message.

3. URL jump vulnerability

URL jump vulnerability, that is, an unverified redirect vulnerability, refers to a web program that jumps directly to the URL in the parameter, or is introduced in the page The URL of any developer is redirected to an unsafe third-party area, thus causing security issues.

Test method:

1. Use the packet capture tool to capture the request.

2. Grab the 302 URL, modify the target address, and check if it can jump.

ps: However, many jumps now have referer verification added, causing the attacker to fail to jump.

4. File upload vulnerability

A file upload attack means that the attacker uploads an executable file to the server and executes it.

This attack method is the most direct and effective. The uploaded files can be viruses, Trojans, malicious scripts, webshells, etc.

Webshell is a command execution environment that exists in the form of web files such as asp, php, jsp or cgi. It can also be said to be a web backdoor. After an attacker prevents or inserts a webshell into the affected system, he can easily enter the system through the webshell and control the website server.

Test method:

Strictly verify the uploaded file type, size, etc., and prohibit the uploading of files with malicious code.

Verify the execution permissions of the relevant directories. You can access all directories on the Web server through the browser and check whether the directory structure is returned. If the directory structure is displayed, there may be a security issue.

5. CSRF cross-site forged request attack

CSRF uses the identity of the logged-in user to send malicious requests in the name of the user to complete illegal operations.

For example: If a user browses and trusts website A that has a CSRF vulnerability, the browser generates a corresponding cookie, and the user visits dangerous website B without exiting the website.

Dangerous website B requires access to website A and makes a request. The browser visits website A with the user's cookie information. Because website A does not know whether the request is from the user itself or from dangerous website B, it will process the request from dangerous website B, thus completing the simulation of user operations. Purpose. This is the basic idea of ​​CSRF attacks.

Test method:

1. Open two pages with the same browser. After the permission of one page expires, can the other page be successfully operated? If it can still be successfully operated, there is a risk.

2. Use tools to send requests, do not add the referer field in the http request header, check the response of the returned message, and redirect to the error interface or login interface.

The above is the detailed content of What are common web security vulnerabilities and testing methods?. For more information, please follow other related articles on the PHP Chinese website!