输入网站漏洞检测归类和解决方案(Site vulnerability detection, classification and solution)

网站漏洞检测  时间:2021-04-27  阅读:()

网站漏洞检测归类和解决方案Site vulnerability detection,classification and solution

DOC documents may experience poor browsing on the WAP side. Itis recommended that you first select TXT, or download the sourcefile to the local view.

A,

Typical website vulnerability classification

According to the risk level, the website vulnerability can bedivided into three kinds of high risk, medium risk and low risk.Among them, high-risk vulnerabilities must be blocked. Some ofthe loopholes in the medium and low risk vulnerabilities mustbe blocked. There are also some medium and low riskvulnerabilities, which may be selectively blocked because thecost of plugging may be higher than the losses caused by nonblocking. Tools can be used to search the platform forvulnerability scanning, the specific address is:http://www. iiscan.com typical website vulnerabilityclassification and corresponding sealing requirements as shownin the table below:

Risk level

1, the highriskof SQL injection2, cross site vulnerabilitiesMedium and low risk 1, default test case file 2, managementbackground landing portal

Medium and low risk 1, email address exists

Vulnerability name

3, XPATH injection leak 3, application error caused by 2,invalid link hole information leakage 4, backup files causedby source code leakage 3, Web application default directorySealing requirement

Must plug

Selective plugging

One

Two,

Typical website vulnerability impact and Solutions

1, SQL injection vulnerability impact: this vulnerabilitybelongs to the common vulnerabilities in Web applicationsecurity, belonging to OWASP TOP 10 (2007) in the injectionclass vulnerabilities. SQL injection vulnerabilities arepresent in many WEB applications. SQL injection is an attackerwhouses code flaws to attack, and canbe used in any applicationparameter that can affect database queries. For example, theparameters of the URL itself, post data, or cookie values. Anormal SQL injection attack depends largely on the attacker' saccess to information from the error message. However, even ifno error messages are displayed, the application may still be

affected by the SQL injection. In general, SQL injection is anattack on Web applications rather than on the web server or theoperating system itself. As its name suggests, SQL injectionis the act of adding unexpected SQL commands to a query tomanipulate the database in a way that database administratorsor developers do not anticipate. If successful, you can obtain,modify, inject, or delete data from the database server thatis used by the vulnerability web application. In some cases,the SQL can be injected into the fully controlled system.Solution: protection recommendations include the deployment oflayered security measures (including in accept user input whenusing parameterized queries) , to ensure that applications useonly the expected data, strengthening the database server toprevent access data inappropriate. The following measures arerecommended to prevent SQL injection vulnerabilities:Two

Use the following suggestions for development. Written from theweb applicationof SQL injectionattack effect. Aparameterizedquery: SQL injection from the attacker control data to modifythe query query logic, so the best way to prevent SQL injectionattacks is to query the logic and data separation, which canprevent the execution of the injection from the user inputcommands. Defects in this way are likely to have an impact onperformance (but with little impact) , and each query on the sitemust be constructed in this way to be fully valid. Justbypassing a query inadvertently is enough to cause theapplication to be affected bySQL injection. The following codeshows an example of a SQL statement that can do SQL injection.

SSql = "SELECT, LocationName, Locations, FROM"; sSql = sSql +,"WHERE, LocationID =" + Request[, "LocationID" [] =oCmd.CommandText = sSq l;

The following example uses parameterized queries that are notaffected by SQL injection attacks.

SSql = "SELECT * FROM Locations"";ssql = ssql + “LocationID = @ LocationID”  ocmd. commandtext= ssql ocmd。参数。添加 “@LocationID” 要求“LocationID[” ] 

应用程序没有包含用户输入向服务器发送SQL语句而是使用@LocationID-参数替代该输入这样用户输入就无法成为SQL执行的命令。

这种方式可以有效的拒绝攻击者所注入的任何输入尽管仍会生成错误但仅为数据类型转换错误而不是黑客可以利用的错误。以下代码示例显示从HTTP查询字符串中获得产品ID并使用到SQL查询中。请注意传送给SqlCommand的包含有选择的字符串仅仅是个静态字符串不是从输入中截取的。此外还请注意使用Sql Parame ter对象传送输入参数的方式该对象的名称@ PID匹配SQL查询中所使用的名称。

C #示例

一串connstring

=webconf igurationmanager。 connectionStrings [ “myconn” ] 。connectionstr ING使用SqlConnection conn=新的SqlConnectionconnstring {康涅狄格州open()  SqlCommand CMD =新SqlCommand  “select count *从产品prodid= “PID”  CONNSqlParameter prm =新的SqlParameter  “PID” 

SqlDbType.VarChar 50 PRM。值=请求。 QueryString [ “PID” ] CMD参数。添加PRM int reccount=int命令。executescalar()  }

四vb.net示例

昏暗的connstring

作为

字符串

=webconf igurationmanager。 ConnectionStrings  “ConnectionString myconn” 。

使用新的SqlConnection conn connstring康涅狄格州open()暗淡CMD为SqlCommand=新SqlCommand  “sel ect count *从产品prodid = “PID”  CONN昏暗的PRM为SqlParameter =新的SqlParameter  “PID” 

SqlDbType.VarChar 50 PRM。值=请求。 QueryString  “PID” 命令参数。添加PRM昏暗的reccount整数=CMD executescalar()端使用。

验证输入可通过正确验证用户输入的类型和格式防范大多数SQL注入攻击最佳方式是通过白名单定义方法为对于相关的字段只接受特定的帐号号码或帐号类型或对于其他仅接受英文字母表的整数或字母。很多开发人员都试图使用黑名单字符或转义的方式验证输入。总体上讲这种方式通过在恶意数据前添加转义字符来拒绝已知的恶意数据如单引号这样之后的项就可以用作文字值。

这种方式没有白名单有效 因为不可能事先知道所有形式的恶意数据。

对于安全操作============

使用以下建议帮助防范对Web应用的SQL注入攻击。

限制应用程序权限 限制用户凭据仅使用应用运行所必需权限的。任何成功的SQL注入攻击都会运行在用户凭据的环境中尽管限制权限无法完全防范SQL注入攻击但可以大大增加其难度。

强系统管理员口令策略通常攻击者需要管理员帐号的功能才能使用特定的SQL命令如果系统管理员口令较弱的话就比较容易暴力猜

测

Increase the likelihood of successful SQL injection attacks.Another option is not to use the system administrator passwordat all, but to create a specific account for a specific purpose.Consistent error message program: make sure you provide aslittle information as possible when a database error occurs.Do not leak the entire error message and process error messageson both the web and the application server. When a web serverencounters a processing error, a generic web page responseshouldbeused, or the user redirectedto the standard location.Never release debug information or other details that might beuseful to attackers.

For instructions on how to close verbose errormessages in IIS,see:

Six

Http://www.microsoft.com/windows2000/en/server/i is/def ault.asp? Url= /windows2000/en/server/i is/htm/core/iierrcst.htm?Use the syntax below to suppress error messages on the Apacheserver:

Syntax: , ErrorDocument, <3-digi t-code>, Examp le: ,

ErrorDocument, 500, /webserver_errors/server_error500. txtApplication servers like WebSphere usually default byinstalling error messages or debugging settings. For

information about how to suppress these error messages, referto the application server document.

Stored procedures: if not used, delete the SQL storedprocedures such as master. .Xp_cmdshell, xp_startmail,xp_sendmail, sp_makewebtask, and so on.

The SQL injection vulnerability fundamentally depends on thecode for the web application. Although not a fix, you can detectSQL injection attacks by adding rules that incorporate regularexpressions to IDS as an emergency measure. Although it isimpossible to fix all possible SQL injection vulnerabilities,it is easy to implement and requires attackers to improve theirmethods in order to achieve successful attacks. Regularexpressions can be used as follows.

Delete the SQL regular expression metacharacters: / (\%27) |(' ) | (\-\-) | (\%23) | (#) /ix

Seven

Following the regular expression canbe added to the Snort alertTCP$EXTERNAL_NET ru l es: any-> $HTTP_SERVERS$HTTP_PORTS (msg:"SQL Injection-

Paranoid; flow:to_server, established; uricontent: .Pl ; pcre:/ (\%27) | (' ) | (\-\ -) | (%23) | (#) ;classtype:Web-application-attack; sid:9099; /i rev:5) ;The regular expression of traditional SQL injection attacks:/\w* ((\%27) | (' ) ( |o| ) (\%6F) (\%4F) ( |r| ) (\%72) (\%52)) /ix

The regular expression to delete the UNION keyword SQLinjection attack: / ((\%27) | (' )) union/ix (\%27) | (' )Similar regular expressions can be written for other SQLqueries such as select, insert, update, delete, drop, and soon.

Regular expressions for SQL injection attacks are detected onthe MS SQL server: /exec (\s|\+) + (s|x) p\w+/ix

For quality assurance ============

E i gh t

Addressing SQL injection defects ultimately requires codebased fixes, providing information necessary to fix thesevulnerabilities for development and for the steps described inthe security operations section. The following steps outlinehow to manually test SQL injection for an application.How do you manually test SQL injection into an application?:

1. open web applications that want to test SQL injectionvulnerabilities in your browser.

2. hover the mouse cursor over the link to the Web site and payattention to the status bar at the bottom. You can see the URLto which the link points. Find the URL with parameters, suchas

丽萨主机:美国CN2 GIA精品网/KVM/9折,美国原生IP,最低27元/月

丽萨主机怎么样?丽萨主机,团队于2017年成立。成立之初主要做的是 CDN 和域名等相关业务。最近开辟新领域,新增了独立服务器出租、VPS 等业务,为了保证业务质量从一开始就选择了中美之间的 CN2 GIA 国际精品网络,三网回程 CN2 GIA,电信去程 CN2 GIA + BGP 直连智能路由,联通移动去程直连,原生IP。适合对网络要求较高的用户,同时价格也比较亲民。点击进入:丽萨主机官方网站...

CheapWindowsVPS:7个机房可选全场5折,1Gbps不限流量每月4.5美元

CheapWindowsVPS是一家成立于2007年的老牌国外主机商,顾名思义,一个提供便宜的Windows系统VPS主机(同样也支持安装Linux系列的哈)的商家,可选数据中心包括美国洛杉矶、达拉斯、芝加哥、纽约、英国伦敦、法国、新加坡等等,目前商家针对VPS主机推出5折优惠码,优惠后最低4GB内存套餐月付仅4.5美元。下面列出几款VPS主机配置信息。CPU:2cores内存:4GB硬盘:60G...

virmach:AMD平台小鸡,赌一把,单车变摩托?$7.2/年-512M内存/1核/10gSSD/1T流量,多机房可选

virmach送来了夏季促销,价格低到爆炸,而且在低价的基础上还搞首年8折,也就是说VPS低至7.2美元/年。不过,这里有一点要说明:你所购买的当前的VPS将会在09/30/2021 ~ 04/30/2022进行服务器转移,而且IP还会改变,当前的Intel平台会换成AMD平台,机房也会变动(目前来看以后会从colocrossing切换到INAP和Psychz),采取的是就近原则,原来的水牛城可能...

网站漏洞检测为你推荐
支持ipad支持ipad支持ipad支持ipadcanvas2Canvas ~セピア色のモチーフ~ 这个动画片的中文翻译是什么?从哪看?icloudiphone没开启icloud的iphone怎么用find my iphone找回micromediaMacromedia翻译成中文是什么?迅雷雷鸟迅雷会员每日免费抽奖,抽中迅雷的雷鸟披肩了,要钱吗联通合约机iphone5我想问下,我想入手iphone5的联通合约机, 会被坑吗苹果5.1.1越狱iphone5.1.1越狱老是越狱失败,说要抹掉数据,怎么抹掉数据不懂,接下来该怎么弄 求大神指教
网站域名 网址域名注册 汉邦高科域名申请 如何查询域名备案号 如何注册中文域名 smartvps 西安电信测速 arvixe l5639 一元域名 java空间 电子邮件服务器 idc资讯 699美元 赞助 双11秒杀 国外代理服务器地址 免费phpmysql空间 中国电信宽带测速器 shuang12 更多