基于语义的WEB访问安全检测.pptVIP

Web Application Architecture Attack Example Attack Example Defense Practice - Regulate User Inputs Filter out “bad” strings , script, or… Escape quotes Escape() Encoding HTML meta-characters , ? amp; , ? lt; , ? gt; Defense Practice - Regular expression SQL injection：/\w*((\%27)|(\’))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ Explaining: \w*?--?zero or more times of any alphanumeric character (\%27)|\?--? or its hex value (\%6?F)|o|(\%4?F))((\%72)|r|(\%52)?-- uppercase or lowercase or its hex value of or Defense Practice - Regular expression XSS injection： /((\%3C)|)((\%2F)|\/)*[a-z0-9\%]+((\%3E)|)/ Explaining: ((\%3C)|)?-- or its hex value ((\%2F)|\/)*--the end tag / or its ?hex value [a-z0-9\%]+?--letter or it hex value in a tag ((\%3E)|)?-- or its hex value Defense Practice - Syntactic Structure Validation Defense Practice - Syntactic Structure Validation Semantic Security - Informally html body BRBR定单提交BR BR form action=/cgi-bin/order.asp method=post 书名：input type=text name=name value=红楼梦 size=20BR 数量：input type=text name=amount value=0 size=20BR 单价：input type=hidden name=price value=50.00 size=20 50.00元BRBR input type=submit value=submitinput type=reset value=reset /form /body /html Semantic Security - Informally When user fills the amount with 2, the web application generates the syntactic tree as: Semantic Security - Informally If a malicious user modifies the price into 5.0,and fills the amount with 2, the syntactic tree is as： Semantic Security - Informally Different structures may have the same semantics Semantic Security - Informally The syntax is concerned with the form of expressions which are allowed in the language. The semantic definition could describe the effect of executing or evaluating any syntactically correct expression or program, or it could describe how to execute or evaluate them. The essence of web application security is the semantic security (i.e. invalidation of the intended semantic) Semantic Security - Formally A web appli