current position:Home>OWASP top 10 vulnerability analysis

OWASP top 10 vulnerability analysis

2022-05-15 07:44:19cyyn123

1. Inject - Injection
2. Cross site scripts - (XSS)
3. Failed authentication and session management
4. Insecure direct object access
5. Cross-site request forgery - (CSRF)
6. Incorrect security settings
7. Insecure encrypted storage
8.URL Access restrictions are missing
9. Insufficient transport layer protection
10. Unverified redirection and jump

One 、 Inject -Injection
1、 Although there are other types of injection attacks , But most of the time , Questions are designed to SQL Inject
2、 The attacker sent a message via SQL Operation statement , Achieve access to information 、 Tamper with the database 、 Control server and other purposes . It's popular in Fei Chang at present WEB Means of attack
3、 Popularity : common ; harmfulness : serious
 Insert picture description here
Main preventive measures :
1. Strictly check user input , Pay attention to special characters : " " ’ ’ "’ "’ ; – "’ | | "’ "xp_" etc.
2. Escape user input
3. Reject input that has been escaped
4. Use parameterized queries
5. Use SQL stored procedure
6. To minimize the SQL jurisdiction ( Ban SA account number )
7. Prevent the leakage of error page information

Two 、 Cross site scripts - XSS
1. The most influential Web Security vulnerabilities
2. The attacker passes through to URL Or other submitted content insert script , To achieve the purpose of client script execution
3. It can be divided into three types : Reflection 、 Storage and DOM
Popularity : Extremely extensive Medium hazard
 Insert picture description here
Main preventive measures :
1. Strictly check user input
2. Try to limit to HTML Insert untrusted content into the code ( Content that can be entered or modified by the user )
3. The untrusted content to be inserted must be escaped first ( Especially for special characters 、 Syntax compliance must be escaped or recoded )
4. take Cookie Set to HttpOnly, Prevent script from getting

3、 ... and 、 Failed authentication and session management
Main preventive measures
1. User password strength ( Ordinary :6 More than characters ; important :8 More than characters ; Extremely important : Use a variety of authentication methods )
2. Do not use simple or predictable password recovery problems
3. Don't give too many prompts when there are login errors
4. The login page needs to be encrypted
5. Lock the account that fails to log in for many times for a short time
6. After successful replacement Session ID
7. Use 128 There is enough randomness above Session ID
8. Set session idle timeout ( Optional session absolute timeout )
9. Protect Cookie(Secure Flag /HTTPOnly flag)
9. be not in URL It shows that Session ID

Four 、 Insecure direct object access
1. The specific file name on the server 、 Internal resources such as paths or database keywords are exposed to URL Or on a web page , Attackers can use this to try to access other resources directly
2. all Web Applications will be affected by this problem
Popularity : common ; harmfulness : secondary
 Insert picture description here
Main preventive measures :
1. To avoid the URL Or directly reference the internal file name or database keyword in the web page
2. You can use custom mapping names instead of direct object names
http://example.com/online/getnews.asp?item=11
3. Lock all directories and folders on the web server , Set access rights
4. Verify user input URL request , Refuse to include ./ or .// Request

5、 ... and 、 Cross-site request forgery (CRF)
1. The attacker constructs malice URL request , Then trick legitimate users into accessing this URL link , In order to achieve in Web The purpose of performing specific operations with this user permission in the application
2. And reflex XSS The main difference is : reflective XSS The purpose of is to execute scripts on the client ;CSRF The aim is to WEB Perform operations in the application
Popularity : widely ; harmfulness : secondary
 Insert picture description here
Main preventive measures :
1. To avoid the URL The parameter content of a specific operation is displayed in clear text
2. Use synchronization token (Synchronizer Token), Check whether the client request contains a token and its validity
3. Check Referer Header, Reject direct requests from other than this website URL request

6、 ... and 、 Incorrect security settings
1. Administrator's negligence in server security configuration , It usually causes attackers to illegally obtain information 、 Tamper with content , Appreciation controls the entire system
Popularity : common ; harmfulness ; secondary
 Insert picture description here
Main preventive measures :
1. Install the latest version of software and patches
2. Minimize installation ( Install only the required components )
3.Web file /SQL Database files are not stored on the system disk
4. be not in Web/SQL Other services running on the server
5. Strictly check all settings related to authentication and permissions
6. Minimize permissions
7. Do not use the default path and preset account
8. Reinforce in accordance with Microsoft's best security practices

7、 ... and 、 Insecure encrypted storage
1. Important information is not encrypted or the encryption strength is not enough , Or there is no secure storage of encrypted information , Will cause the attacker to obtain this information
2. This risk also involves Web Apply unexpected security management
Popularity : Less common ; harmfulness : serious
The cause :
1. For important information , Such as bank card number 、 Password etc. , Write directly to the database in clear text
2. Use your own encryption algorithm for simple encryption
3. Use MD5,SHA-1 And other low-intensity algorithms
4. Store the encrypted information and key together

  Symmetric encryption : Symmetric encryption is the earliest and famous technology . Secret keys can be numbers , A word or a string of random meridians , just , Apply the text of the message that changes the content in a specific way , This may be simple , Just offset each letter by its position in multiple alphabets . As long as the sender and recipient know the secret key , They can encrypt and decrypt all messages using this registry key 
  Non heap symmetric encryption : The secret key problem passed Internet Or large networks to prevent them from being in the wrong hands when they exchange . The person who knows the key can decrypt the email . One answer is that there are two related items -- Non heap encryption of key pairs . The company key is free to send you a message , Anyone who may need . The second secret is the private key , So that you only know it . Encrypt all messages by using a public key ( Text 、 A binary file or document ) Can only be decrypted , By applying the same algorithm , But by using a matching private key . Any message encrypted with a private key can only be decrypted by using a matching public key . This means you don't have to worry about passing Internet Pass public key ( The key should be public ). It's not a good encryption problem, but , It's slower than symmetric encryption , He asked for more processing power to encrypt and decrypt the content of the message .

Main preventive measures :
1. Encrypt all important information
2. Use only encryption algorithms with sufficient strength , such as AES,RSA
3. When storing passwords , use SHA-256 And other robust hash algorithms
4. The generated key cannot be stored with the encrypted information
5. Strictly plant access to encrypted storage

8、 ... and 、URL Access restrictions are missing
some Web The application contains some “ hide ” Of URL, these URL Don't show in Web Links , But the administrator can directly enter URL Access to these “ hide “ If we don't these pages URL Do access restrictions , Attackers still have a chance to open them
 Insert picture description here
Main preventive measures :
1. For all the content in the website ( Whether public or unpublished ) Access control checks are required
2. Only allow users to access specific file types , such as .html,.asp,.php etc. , Access to other file types
3. Conduct penetration tests

Nine 、 Insufficient transport layer protection
An attacker can try to grab the client and Web Server's network package , To get user credentials 、SessionID Equal important information
 Insert picture description here
The main preventive measures :
1. For all validation pages, use SSL or TLS encryption
2. Use... For the transmission of all sensitive information SSL/TLS encryption
3. Don't mix up in the web page HTTP and HTTPs encryption
4. Yes Cookie Use Secure label
5. Ensure the validity of the server certificate / Legitimacy
6. Only SSL 3.0 or TLS 1.0 The above version agreement
7. In case of need , Require client certificate

Ten 、 Unverified redirection and jump
An attacker may use an unauthenticated redirect target to achieve phishing spoofing , Trick users into visiting malicious sites
An attacker may use unauthenticated jump targets to bypass the site's access control checks
 Insert picture description here

Main preventive measures :
1. Try not to redirect and jump
2. Check the parameter contents of redirection or jump , Reject off-site addresses or specific on-site pages
3. be not in URL Show destination address in , Represented by mapped code
http://example.com/redirect.asp?=234

copyright notice
author[cyyn123],Please bring the original link to reprint, thank you.
https://en.chowdera.com/2022/131/202205102126064054.html

Random recommended