中央大学电子计算机中心多媒体与网路应用资讯推广课程

《中央大学电子计算机中心多媒体与网路应用资讯推广课程》由会员上传分享，免费在线阅读，更多相关内容在教育资源-天天文库。

1、中央大學電子計算機中心「多媒體與網路應用」資訊推廣課程網頁應用程式的安全入門日期:2011/03/27講師:資工三張竟cwebb[dot]tw[at]gmail[dot]comAgenda嘴砲OWSAPTop10SQLinjectionXSScookie&session2Agenda嘴砲OWSAPTop10SQLinjectionXSScookie&session3不要做壞事！4不要被抓到！5不要被抓到！6不要說我教的7Agenda嘴砲OWSAPTop10SQLinjectionXSScookie&session8網頁安全？早年vs現代靜態vs動態有程式就

2、有漏洞!9waystoattackOSwebserverwebapplication10attackscenariosattackwebservergainprivilegestealinformationstoattackusersattackotheruserstealinformationsexecuteotherattacksmaybecomposite11Agenda嘴砲OWSAPTop10SQLinjectionXSScookie&session1213OWASPTop10-2010A1:InjectionA2:Cross-SiteScr

3、ipting(XSS)A3:BrokenAuthenticationandSessionManagementA4:InsecureDirectObjectReferencesA5:Cross-SiteRequestForgery(CSRF)14OWASPTop10-2010A6:SecurityMisconfigurationA7:InsecureCryptographicStorageA8:FailuretoRestrictURLAccessA9:InsufficientTransportLayerProtectionA10:UnvalidatedRedir

4、ectsandForwards15OWASPTop10-2010A1:InjectionA2:Cross-SiteScripting(XSS)A3:BrokenAuthenticationandSessionManagementA4:InsecureDirectObjectReferencesA5:Cross-SiteRequestForgery(CSRF)16OWASPTop10-2010A6:SecurityMisconfigurationA7:InsecureCryptographicStorageA8:FailuretoRestrictURLAcces

5、sA9:InsufficientTransportLayerProtectionA10:UnvalidatedRedirectsandForwards17Agenda嘴砲OWSAPTop10SQLinjectionXSScookie&session18Injections駭客的填空遊戲wherecanattackerinject?database(MySQL,MSSQL,PostgreSQL...)no-sqlDirectoryService(LDAP)systemcommand!!19howSQLworksinwebloginpageforexampl

6、eclientwebserversqlserverrequestwhitidandpwdselectfromaccountwhere`id`=idand`pwd`=pwdreturnresultreturnloginsuccess/failed20WhySQL?廣大使用儲存大量的網站資料injectionfriendly21howinjectionswork?以MySQL為例子$query=“selectfromaccountwhere`id`=’$id’and`pwd`=’$pwd’$id=’or1=1-->selectfromaccountwhere

7、`id`=’’--....22attackskillsunionblindattack23影響資料被偷/被改獲得網站權限整個網站被拿下#24howtodefensesafeAPI過濾逃脫字元不要直接把使用者輸入加入query找程式掃描弱點25Practice26Agenda嘴砲OWSAPTop10SQLinjectionXSScookie&session27XSSCrossSiteScripting在別人的網站上寫程式！28backgroundknowledgeHTTPGETHTTPPOST29howtoattackattackusingPOST/GETthe

8、“scripting”intheser