【大学课件】網頁應用程式的安全入門知识分享.pptVIP

how SQL works in web login page for example client web server sql server request whit id and pwd select from account where `id`=id and `pwd`=pwd return result return login success/failed * Why SQL? 廣大使用 儲存大量的網站資料 injection friendly * how injections work? 以MySQL為例子 $query = “select from account where `id`=’$id’ and `pwd`=’$pwd’$id=’ or 1=1 --  select from account where `id`=’’ -- * attack skills union blind attack * 影響 資料被偷/被改 獲得網站權限 整個網站被拿下# * how to defense safe API 過濾逃脫字元 不要直接把使用者輸入加入query 找程式掃描弱點 * Practice * Agenda 嘴砲 OWSAP Top 10 SQL injection XSS cookie session * XSS Cross Site Scripting 在別人的網站上寫程式！ * background knowledge HTTP GET HTTP POST * how to attack attack using POST/GET the “scripting” in the server strange url * how to attack javascript iframe / image * example body ? echo “Hello ”.$_GET[‘id’].”; ? /body /?id=scriptalert(“i’m Orange”)/script * what may happened? take you to bad site send your information to attacker Just For Fun! * Just For Fun Samy MySpace XSS attack Samy is my hero! Infection * Big Site also XSSable MySpace Facebook twitter Plurk ... * how to defense for server 該逃的還是要逃 找程式掃描弱點 for user 看到奇怪連結要警覺 瀏覽器 / 防毒軟體 * practice * Agenda 嘴砲 OWSAP Top 10 SQL injection XSS cookie session * background knowledge cookie session A cookie is a piece of text stored by a users web browser. A cookie can be used for authentication, storing site preferences, shopping cart contents, the identifier for a server-based session, or anything else that can be accomplished through storing text data. The session information is stored on the web server using the session identifier (session ID) generated as a result of the first (sometimes the first authenticated) request from the end user running a web browser. The storage of session IDs and the associated session data (user name, account number, etc.) on the web server is accomplished using a variety of techniques including, but not limited to: local memory, flat files, and databases. *