输入网站漏洞检测归类和解决方案(Website vulnerability detection, classification and solution)

网站漏洞检测  时间:2021-04-27  阅读:()

网站漏洞检测归类和解决方案Website vulnerability detection,classification and solution

Everything is ready except one crucial element. Last night, thewest wind withered green trees, alone on the tall buildings,looking at the end of the road. I will mount a long wind someday and break the heavy waves, and set my cloudy sail straightand bridge the deep, deep sea。 The pen falls into the wind andrain, and the poem becomes the ghost. Who knows nothing? It' snever too late to mend. This article is contributed by s8h4a2n6DOC documents may experience poor browsing on the WAP side. Itis recommended that you first select TXT, or download the sourcefile to the local view.

A,

Typical website vulnerability classification

According to the risk level, the website vulnerability can bedivided into three kinds of high risk, medium risk and low risk.Among them, high-risk vulnerabilities must be blocked. Some ofthe loopholes in the medium and low risk vulnerabilities mustbe blocked. There are also some medium and low riskvulnerabilities, which may be selectively blocked because thecost of plugging may be higher than the losses caused by nonblocking. Tools can be used to search the platform forvulnerability scanning, the specific address is:http://www. iiscan.com typical website vulnerabilityclassification and corresponding sealing requirements as shownin the table below:

Risk level

1, the highriskof SQL injection2, cross site vulnerabilitiesMedium and low risk 1, default test case file 2, managementbackground landing portal

Medium and low risk 1, email address exists

Vulnerability name

3, XPATH injection leak 3, application error caused by 2,invalid link hole information leakage 4, backup files causedby source code leakage 3, Web application default directorySealing requirement

Must plug

Selective plugging

One

Two,

Typical website vulnerability impact and Solutions

1, SQL injection vulnerability impact: this vulnerabilitybelongs to the common vulnerabilities in Web applicationsecurity, belonging to OWASP TOP 10 (2007) in the injection

class vulnerabilities. SQL injection vulnerabilities arepresent in many WEB applications. SQL injection is an attackerwhouses code flaws to attack, and canbe used in any applicationparameter that can affect database queries. For example, theparameters of the URL itself, post data, or cookie values. Anormal SQL injection attack depends largely on the attacker' saccess to information from the error message. However, even ifno error messages are displayed, the application may still beaffected by the SQL injection. In general, SQL injection is anattack on Web applications rather than on the web server or theoperating system itself. As its name suggests, SQL injectionis the act of adding unexpected SQL commands to a query tomanipulate the database in a way that database administratorsor developers do not anticipate. If successful, you can obtain,modify, inject, or delete data from the database server thatis used by the vulnerability web application. In some cases,the SQL can be injected into the fully controlled system.Solution: protection recommendations include the deployment oflayered security measures (including in accept user input whenusing parameterized queries) , to ensure that applications useonly the expected data, strengthening the database server toprevent access data inappropriate. The following measures arerecommended to prevent SQL injection vulnerabilities:Two

Use the following suggestions for development. Written from theweb application of SQL injectionattack effect. Aparameterizedquery: SQL injection from the attacker control data to modifythe query query logic, so the best way to prevent SQL injection

attacks is to query the logic and data separation, which canprevent the execution of the injection from the user inputcommands. Defects in this way are likely to have an impact onperformance (but with little impact) , and each query on the sitemust be constructed in this way to be fully valid. Justbypassing a query inadvertently is enough to cause theapplication to be affected bySQL injection. The following codeshows an example of a SQL statement that can do SQL injection.SSql = "SELECT, Locat i onName, FROM, Locat i ons"";ssql=ssql+ “LocationID=” +要求[” ]  ocmd. commandtext=ssqlLocationID” 

下面的例子使用了参数化的查询不受SQL注入攻击的影响。ssql = “SELECT * FROM位置”  ssql = ssql + “Locat ionID = @LocationID”  ocmd. commandtext =ssql ocmd。参数。添加 “@LocationID” 要求“LocationID [” ] 

应用程序没有包含用户输入向服务器发送SQL语句而是使用@LocationID-参数替代该输入这样用户输入就无法成为SQL执行的命令。

这种方式可以有效的拒绝攻击者所注入的任何输入尽管仍会生成错误但仅为数据类型转换错误而不是黑客可以利用的错误。以下代码示例显示从HTTP查询字符串中获得产品ID并使用到SQL查询中。请注意传送给SqlCommand的包含有选择的字符串仅仅是个静

态字符串不是从输入中截取的。此外还请注意使用Sql Parame ter对象传送输入参数的方式该对象的名称@ PID匹配SQL查询中所使用的名称。

C #示例

一串connstring

=webconf igurationmanager。 connectionStrings [ “myconn” ] 。connectionstr ING使用SqlConnection conn=新的SqlConnectionconnstring {康涅狄格州open()  SqlCommand CMD =新SqlCommand  “select count *从产品prodid= “PID”  CONNSqlParameter prm =新的SqlParameter  “PID” 

SqlDbType.VarChar 50 PRM。值=请求。 QueryString [ “PID” ] CMD参数。添加PRM int reccount=int命令。executescalar()  }

四vb.net示例

昏暗的connstring

作为

字符串

=webconf igurationmanager。 ConnectionStrings  “ConnectionString myconn” 。

使用新的SqlConnection conn connstring康涅狄格州open()暗淡CMD为SqlCommand=新SqlCommand  “sel ect count *从产品prodid = “PID”  CONN昏暗的PRM为SqlParameter =新的SqlParameter  “PID” 

SqlDbType.VarChar 50 PRM。值=请求。 QueryString  “PID” 命令参数。添加PRM昏暗的reccount整数=CMD executescalar()端使用。

验证输入可通过正确验证用户输入的类型和格式防范大多数SQL注入攻击最佳方式是通过白名单定义方法为对于相关的字段只接受特定的帐号号码或帐号类型或对于其他仅接受英文字母表的整数或字母。很多开发人员都试图使用黑名单字符或转义的方式验证输入。总体上讲这种方式通过在恶意数据前添加转义字符来拒绝已知的恶意数据如单引号这样之后的项就可以用作文字值。

这种方式没有白名单有效 因为不可能事先知道所有形式的恶意数据。

对于安全操作============

使用以下建议帮助防范对Web应用的SQL注入攻击。

限制应用程序权限限制用户凭据仅使用应用运行所必需权限的任何成功的SQL注入攻击都会运行在用户凭据的环境中

Although restricting permissions can not completely preventSQL injection attacks, it can greatly increase the difficulty.Strong system administrator password policy: usually theattacker needs to function to the administrator account usingspecific SQL command, if the system administrator password isthen easier to violent speculation, increasing the likelihoodof success of SQL injection attacks. Another option is not touse the system administrator password at all, but to create aspecific account for a specific purpose.

Consistent error message program: make sure you provide aslittle information as possible when a database error occurs.Do not leak the entire error message and process error messageson both the web and the application server. When a web serverencounters a processing error, a generic web page responseshouldbeused, or theuser redirectedto the standard location.Never release debug information or other details that might beuseful to attackers.

For instructions onhow to close verbose errormessages in IIS,see:

Six

Http://www.microsoft.com/windows2000/en/server/i is/default.asp? Url= /windows2000/en/server/i is/htm/core/iierrcst.htm?

Use the syntax below to suppress error messages on the Apacheserver:

Syntax: , ErrorDocument, <3-digi t-code>, Examp le: ,

ErrorDocument, 500, /webserver_errors/server_error500. txtApplication servers like WebSphere usually default byinstalling error messages or debugging settings. Forinformation about how to suppress these error messages, referto the application server document.

Stored procedures: if not used, delete the SQL storedprocedures such as master. .Xp_cmdshell, xp_startmail,xp_sendmail, sp_makewebtask, and so on.

The SQL injection vulnerability fundamentally depends on thecode for the web application. Although not a fix, you can detectSQL injection attacks by adding rules that incorporate regularexpressions to IDS as an emergency measure. Although it isimpossible to fix all possible SQL injection vulnerabilities,it is easy to implement and requires attackers to improve theirmethods in order to achieve successful attacks. Regularexpressions can be used as follows.

Delete the SQL regular expression metacharacters: / (\%27) |(' ) | (\-\-) | (\%23) | (#) /ix

Seven

Following the regular expression canbe added to the Snort alertTCP$EXTERNAL_NET ru l es: any-> $HTTP_SERVERS$HTTP_PORTS (msg:

"SQL Injection-

Paranoid; flow:to_server, established; uricontent: .Pl ; pcre:/ (\%27) | (' ) | (\-\ -) | (%23) | (#) ;classtype:Web-application-attack; sid:9099; /i rev:5) ;The regular expression of traditional SQL injection attacks:/\w* ((\%27) | (' ) ( |o| ) (\%6F) (\%4F) ( |r| ) (\%72) (\%52)) /ixThe regular expression to delete the UNION keyword SQLinjection attack: / ((\%27) | (' )) union/ix (\%27) | (' )Similar regular expressions can be written for other SQLqueries such as select, insert, update, delete, drop, and soon.

Regular expressions for SQL injection attacks are detected onthe MS SQL server: /exec (\s|\+) + (s|x) p\w+/ix

For quality assurance ============

E i gh t

Addressing SQL injection defects ultimately requires codebased fixes, providing information necessary to fix thesevulnerabilities for development and for the steps described inthe security operations section. The following steps outlinehow to manually test SQL injection for an application.How do you manually test SQL injection into an application?:

JustHost俄罗斯VPS有HDD、SSD、NVMe SSD,不限流量低至约9.6元/月

justhost怎么样?justhost服务器好不好?JustHost是一家成立于2006年的俄罗斯服务器提供商,支持支付宝付款,服务器价格便宜,200Mbps大带宽不限流量,支持免费更换5次IP,支持控制面板自由切换机房,目前JustHost有俄罗斯6个机房可以自由切换选择,最重要的还是价格真的特别便宜,最低只需要87卢布/月,约8.5元/月起!总体来说,性价比很高,性价比不错,有需要的朋友可以...

日本vps云服务器选择指南。

日本vps云服务器怎么选择?很多人都会遇到日本vps和日本云服务器怎么选择的问题,日本云服务器具有免备案的特点。小编今天就分析一下日本云服务器价格多少钱,以方便大家选购的时候有个更加合适的取舍。日本云服务器租用前比较选择,高性能、安全、高效、免备案日本云服务器是很关键的因素。那么,日本云服务器该怎么选择呢?日本作为我们的邻国,与其贸易、文化往来是比较多的。日本云服务器价格多少钱一年?一、日本·CN...

特网云(198元/月),高质量云虚拟主机低至0.16元/天,裸金属服务器仅需10.5元/天

特网云为您提供高速、稳定、安全、弹性的云计算服务计算、存储、监控、安全,完善的云产品满足您的一切所需,深耕云计算领域10余年;我们拥有前沿的核心技术,始终致力于为政府机构、企业组织和个人开发者提供稳定、安全、可靠、高性价比的云计算产品与服务。官方网站:https://www.56dr.com/ 10年老品牌 值得信赖 有需要的请联系======================特网云推出多IP云主机...

网站漏洞检测为你推荐
面板win10支持ipad支持ios勒索病毒win7补丁怎么删除 防勒索病毒 打的补丁勒索病毒win7补丁由于电脑没连接网络,所以成功躲过了勒索病毒,但最近要联网,要提前装什么补丁吗?我电脑断网好久了iexplore.exe应用程序错误iexplore.exe应用程序错误css下拉菜单css下拉菜单代码iphonewifi苹果wifi版和4G版是什么意思,有什么区别吗联通版iphone4s怎么知道到苹果4s是联通版,还是移动版chromeframe我的Chrome Frame为什么不能使用?
买域名 域名升级访问 个人域名备案流程 cybermonday 服务器评测 iisphpmysql wordpress技巧 免费ddos防火墙 嘟牛 个人空间申请 百兆独享 双线主机 adroit 免费活动 服务器是干什么的 移动服务器托管 重庆电信服务器托管 云营销系统 中国电信网络测速 国外的代理服务器 更多