What are the methods of Web security attacks? And how to prevent it

20190112 q:

What are the Methods of Web security attacks? And how to prevent it

Common examples are XSS, CSRF, and SQL injection

XSS (Cross Site Scripting) Cross-site scripting attacks

Definition: An attacker inserts a script on a web page, and the malicious script is executed when users browse the web page

XSS attacks fall into three categories: storage (persistent), reflection (non-persistent), and DOM based

How to prevent:

Set HttpOnly to avoid dangerous filtering of cookie hijacking, filter and encode tags such as

Cross Site Request Forgery (CSRF

Definition: An attack that hijacks a trusted user to send an unexpected request to the server

How to prevent:

• Validate the HTTP Referer field
• Add token to request address and verify
• Custom attributes in HTTP headers and validation

SQL Injection

Definition: Unauthorized access to database information

How to prevent:

Put an end to user submitted parameters into the library and execute in the code layer, SQL statements are not allowed to appear in the web input parameters, SQL escape for all parameters online test, need to use SQL automatic injection tool for all page SQL injection test

JS daily question

JS Question of the day can be regarded as a voice answer community to complete the question of the day in the form of voice within 60 seconds with fragmented time every day, and the group owner will push the reference answer of the day at 0 o ‘clock the next day

• Note is not limited to completing the task of the day, but more to check and fill in the gaps, learning from other students in the group excellent answer ideas

Scan the QR code below to join the answer

Static.vue-js.com/FqG7_6fmBmO…