dotNET语言软件安全漏洞最新完整版本.pptVIP

Vulnerabilityin.NET

CourseObjectivesInthischapter,wewillExaminesomecommonflawsinwebapplicationsExamineattackmethods

SQLInjection:InputValidationOftenMisuseAuthentication:APIAbuseInsecureRandomness:SecurityFeaturesNon-SerializableObjectStoredinSession:TimeStateUnreleasedResource:CodeQualityLogForging:InputValidationMisconfiguration:EnvironmentCommonFlawsInWebApplications

Question:What’swrongwiththiscode?stringuserName=ctx.getAuthenticatedUserName();stringquery=SELECT*FROMitemsWHEREowner=+userName+ANDitemname=+ItemName.Text+;sda=newSqlDataAdapter(query,conn);DataTabledt=newDataTable();sda.Fill(dt);1.SQLInjection:InputValidation

sda=newSqlDataAdapter(SELECTDataFROMUsersWHEREName=‘joe’or‘1’=‘1’”,conn);Answer:Hackerswillhack…1.SQLInjection:InputValidation

Question:What’swrongwiththiscode?IPAddresshostIPAddress=IPAddress.Parse(RemoteIpAddress);IPHostEntryhostInfo=Dns.GetHostByAddress(hostIPAddress);if(hostInfo.HostName.EndsWith()){ trusted=true;}2.OftenMisused:AuthenticationAPIAbuse

FindIPaddressof*.fromwhoisserverSpoofsrcIPaddresstotheipaddresstheyfound2.OftenMisused:AuthenticationAPIAbuseAnswer:HackerswillHack

Question:What’swrongwiththiscode?stringGenerateReceiptURL(stringbaseUrl){ RandomGen=newRandom();return(baseUrl+ Gen.Next().toString()+.html); }3.InsecureRandomness:SecurityFeatures

Twousersaccessthesamefunctionatthesametime…Boom!!Theygotthesamefilename.3.InsecureRandomness:SecurityFeaturesAnswer:ThiswillBreak

Question:What’swrongwiththiscode?publicclassDataGlob{StringGlobName;StringGlobValue;publicvoidAddToSession(HttpSessionStatesession){session[glob]=this;}}4.Non-SerializableObjectStoredinSession:TimeState

Auserisworkingonputtinginfointhewebpage,thentheserverwanttoswitchotherservertoservethisparticularu