applicationsecurityreviews

applicationsecurityreviews内容摘要：

SQL Injection zip: 8020239。 UNION SELECT username, password, null, null, null FROM users SELECT name, address, city, state, zip FROM customers WHERE zip = 39。 8020239。 UNION SELECT username, password, null, null, null FROM users 39。 OWASP 20 SQL Injection Name Address City State Zip David Byrne 123 Main St Denver CO 80202 John Doe 345 17th St Denver CO 80202 Peter Smith 678 Main St Sometown CA 90332 Jane Peterson 445 6 Ave Lakeside ID 12345 Sue Brown 421 Evergreen St Springfield MD 13512 byrned very_secure jdoe asdf smithp mary jpeter jane123 browns =(Gd OWASP 21 SQL Injection  Resources:    /white_papers/   OWASP 22 Cross Site Scripting (XSS)  Allows an attacker to imbed arbitrary HTML inside a web page  Can be persistent (. a bulletin board) or dynamic (. a URL)  JavaScript can  Redirect the browser to an attack site  Monitor and report browsing activity using frames  Launch attacks against browser vulnerabilities  Steal cookies  Perform actions while impersonating user (MySpace worm) OWASP 23 Cross Site Scripting (XSS)  Look for any content in a web page that was based on userprovided input  Check the source: The content might be in the HTML, but not displayed  Input isn’t limited to visible form fields. Look at cookies, HTTP headers, URL query strings, hidden fields  Standard pages aren’t the only source of XSS。 error pages (even 404s) are frequently vulnerable OWASP 24 Cross Site Scripting (XSS) Customer Search Tool Zip Code: No results were found for zip code 39。 0000039。 提交OWASP 25 Cross Site Scripting OWASP 26 Cross Site Scripting (XSS)  Resources:    OWASP 27 Buffer Overflows  Not mon with modern web environments  With black box, send long strings for different parameters, 1024 bytes。 might have to switch to POST  White box techniques beyond presentation’s scope OWASP 28 Denial of Service (DoS)  Locking Customer Accounts  Buffer Overflows  User Specified Object Allocation  User Input as a Loop Counter  Writing User Provided Data to Disk  Failure to Release Resources  Storing too Much Data in Session  application_layer_Denial_of_Service_%28DoS%29_attacks OWASP 29 Authentication amp。 Authorization  Session IDs  Authentication  Authorization OWASP 30 Session IDs  Session IDs best stored in a。