I don’t know if you noticed. These days, there is an increasing frequency of high-profile company leaks. Correspondingly, the network security problem has been paid more and more attention. From baidu index extract two graphs to share with you
In fact, excluding some specific security issues in a specific framework, there are many common security issues. The most common ones are the following, and I think every programmer should know how to avoid them as much as possible.
1. SQL injection
2. Cross-site scripting attacks (XSS)
3. Cross-site Request Forgery (CSRF)
4. Ultra vires loophole
1. SQL injection
SQL injection is probably the most widely known security issue. The reason is that SQL statements are written through string concatenation, including parameters. Once the user enters parameters that change the meaning of the entire statement, the result of executing the SQL statement becomes unpredictable. For example,
SELECT * FROM user WHERE id = ‘1’ or 1 = ‘1’ The bold part is what the user typed.
If the above SQL statement is executed, all user information is exposed.
There are many variations of SQL injection, such as the deliberate error of statement execution to extract important information from the error information.
How to prevent it? Just avoid SQL concatenation and use parameterized SQL execution. For example, if the @id parameter is of type int, then “or 1= ‘1” cannot be converted to int.
2. Cross-site scripting attacks (XSS)
XSS is most commonly found on content-oriented sites because it is aimed at dynamically rendering HTML pages based on server-side data.
For example, when I reply to a post in a community, I intentionally type in “owner niubi ~”
. If the server didn’t do a proper job of saving the content in the database, then when the post is flipped to the floor of my reply, a “250” popup will appear alongside the words “owner of the building”.
Of course, there’s no point in popping a window. If the script gets the user’s local cookie information and uploads it to a specific server, then other people can use the user’s cookie to log in to his account, which is a bit scary to think about.
How to prevent it? Either filter out the HTML tags, as plain text will suffice for most scenarios. If you really need rich text, you can escape it once and store it as characters instead of saving HTML tags directly.
- Cross-site Request Forgery (CSRF)
CSRF is to make use of the browser’s cache and the memory function of the website’s login status to send requests to the website you have just visited through malicious scripts, so that the website will mistake you for yourself.
For example, say you’ve just visited a bank’s website and are even opening it in a separate TAB. Then accidentally opened a phishing site, page inside the script to initiate a transfer request to the bank’s website, your bank account is inexplicably missing a sum of money. (Of course, bank websites now take this into account.)
How to prevent it? As a site developer, the easiest way to do this is to judge the referer to see if the source of the request is trustworthy. A better approach would be to assign a token to each user who logs in properly and validate this token with each request the user makes.
- Unauthorized leaks
“Overstepping one’s authority”, as the name implies, is to go beyond one’s due authority. For example, an e-commerce sites to check the order information of the url is www.dianshang.com/order/10001… In this format, if I manually change the number at the end of the URL to 10002 to initiate a request, if the server does not verify the information of the current logon, then the order information of 10002 will be obtained without authorization.
How to prevent it? There are two main points.
Do permissions check, don’t be lazy.
Number or ID class data, avoid sequential increment. As an added bonus, it prevents competitors from guessing your actual order numbers.
In fact, there are many security issues, such as payment vulnerabilities (payment amount is not verified), upload attacks and so on. But the general idea of handling it is similar to the four mentioned above. To make it easier for you to understand and be more secure in your coding, I’ve distilled some ideas for you.
As long as the data is external input, be sure to do a thorough verification to ensure that the data processed and returned is as expected.
The implementation of the code minimizes redundant external interactions.
When handling errors, it is important not to throw technical exception information, especially stack information, at the client.
If this is too much to remember. Then keep one word in mind – “strict in, strict out”.
Scan the qr code below to get 10G infiltration course materials for free, come and get them on a first come first served basis!!
