《【大学课件】網頁應用程式的安全入門.ppt》由会员分享,可在线阅读,更多相关《【大学课件】網頁應用程式的安全入門.ppt(53页珍藏版)》请在三一办公上搜索。
1、中央大學電子計算機中心多媒體與網路應用資訊推廣課程,網頁應用程式的安全入門,Agenda,嘴砲OWSAP Top 10SQL injectionXSScookie&session,2,Agenda,嘴砲OWSAP Top 10SQL injectionXSScookie&session,3,不要做壞事!,4,不要被抓到!,5,不要被抓到!,6,不要說我教的,7,Agenda,嘴砲OWSAP Top 10SQL injectionXSScookie&session,8,網頁安全?,早年 vs 現代靜態 vs 動態有程式 就有漏洞!,9,ways to attack,OSweb serverweb
2、 application,10,attack scenarios,attack web server gain privilege steal informations to attack usersattack other user steal informations execute other attacksmay be composite,11,Agenda,嘴砲OWSAP Top 10SQL injectionXSScookie&session,12,13,OWASP Top 10-2010,A1:InjectionA2:Cross-Site Scripting(XSS)A3:Bro
3、ken Authentication and Session ManagementA4:Insecure Direct Object ReferencesA5:Cross-Site Request Forgery(CSRF),14,OWASP Top 10-2010,A6:Security MisconfigurationA7:Insecure Cryptographic StorageA8:Failure to Restrict URL AccessA9:Insufficient Transport Layer ProtectionA10:Unvalidated Redirects and
4、Forwards,15,OWASP Top 10-2010,A1:InjectionA2:Cross-Site Scripting(XSS)A3:Broken Authentication and Session ManagementA4:Insecure Direct Object ReferencesA5:Cross-Site Request Forgery(CSRF),16,OWASP Top 10-2010,A6:Security MisconfigurationA7:Insecure Cryptographic StorageA8:Failure to Restrict URL Ac
5、cessA9:Insufficient Transport Layer ProtectionA10:Unvalidated Redirects and Forwards,17,Agenda,嘴砲OWSAP Top 10SQL injectionXSScookie&session,18,Injections,駭客的填空遊戲where can attacker inject?database(MySQL,MS SQL,PostgreSQL.)no-sql Directory Service(LDAP)system command!,19,how SQL works in web,login pag
6、e for example,client,web server,sql server,request whitid and pwd,select from account where id=id and pwd=pwd,return result,return login success/failed,20,Why SQL?,廣大使用儲存大量的網站資料injection friendly,21,how injections work?,以MySQL為例子$query=“select from account where id=$id and pwd=$pwd$id=or 1=1-select
7、from account where id=-.,22,attack skills,unionblind attack,23,影響,資料被偷/被改獲得網站權限整個網站被拿下#,24,how to defense,safe API過濾逃脫字元 不要直接把使用者輸入加入query找程式掃描弱點,25,Practice,26,Agenda,嘴砲OWSAP Top 10SQL injectionXSScookie&session,27,XSS,Cross Site Scripting在別人的網站上寫程式!,28,background knowledge,HTTP GETHTTP POST,29,how
8、 to attack,attack using POST/GETthe“scripting”in the serverstrange url,30,how to attack,javascript/,31,example,http:/Orange”),32,what may happened?,take you to bad sitesend your information to attackerJust For Fun!,33,Just For Fun Samy,MySpace XSS attackSamy is my hero!Infection,34,Big Site also XSS
9、able,MySpaceFacebooktwitterPlurk.,35,how to defense,for server該逃的還是要逃找程式掃描弱點for user看到奇怪連結要警覺瀏覽器/防毒軟體,36,practice,37,Agenda,嘴砲OWSAP Top 10SQL injectionXSScookie&session,38,background knowledge,cookiesession,A cookie is a piece of text stored by a users web browser.A cookie can be used for authentica
10、tion,storing site preferences,shopping cart contents,the identifier for a server-based session,or anything else that can be accomplished through storing text data.,The session information is stored on the web server using the session identifier(session ID)generated as a result of the first(sometimes
11、 the first authenticated)request from the end user running a web browser.The storage of session IDs and the associated session data(user name,account number,etc.)on the web server is accomplished using a variety of techniques including,but not limited to:local memory,flat files,and databases.,39,40,
12、41,如果偷到了cookie,可以.,42,how to steal it?,43,44,把cookie送到雲端!,用GET/POST方式讓網頁把cookie送走/ex:.join(sever side is simplejust keep the cookie,45,哪個白痴會點這鬼連結,http:/,46,hidden,有種東西叫短網址(/0rz.tw/goo.gl/bit.ly)塞進別的網頁裡(ex:iframe長寬設0或1)ugly url EVERY WHERE,https:/,https:/,47,防範,鎖定user agent/header綁IP*不要被攻擊成功*,48,鎖定us
13、er agent/header,if(isset($_SESSIONHTTP_USER_AGENT)if($_SESSIONHTTP_USER_AGENT!=md5($_SERVERHTTP_USER_AGENT)exit();else$_SESSIONHTTP_USER_AGENT=md5($_SERVERHTTP_USER_AGENT);,但是.當你偷的到cookie 會拿不到header嗎?,49,Practice,50,Q&A?,51,end,52,Reference,53,http:/www.owasp.org/http:/en.wikipedia.org/http:/goo.gl/cA3ahttp:/goo.gl/IwGbXhttp:/goo.gl/uQ4I1,
