7, security authentication and session management
3 malicious files, execute
the reason is nothing more than the following:
XSS vulnerability is the most common and most deadly network application software security vulnerabilities, easy to occur when an application will be sent to the user data without authentication or wrong encoding content for web browser. Hackers can use browser malicious script to obtain the user’s data, damage to the site, insert harmful content and phishing attacks and malicious attacks.
6, information leakage and error handling
cross site instruction forgery
when the user data is provided as part of the instruction is sent to the converter (text instructions into machine executable instructions) when hackers can deceive the converter. Attackers can use injection vulnerabilities create read update or delete any data on the application software. In the worst case, the attacker can exploit these vulnerabilities to completely control the application software and the underlying system, even around the bottom of the firewall system.
The direct object of
if the application cannot be protected from first to last certification and session identification, the administrator user account will be broken. We should pay attention to the basic principle of privacy and authentication system and effective monitoring.
4, the safety of reference
recently, I often received a netizen. His website is not black is changed every two or three days, the home is hanging on the virus.
8, no security encryption storage device
1, cross site scripting (XSS)
this kind of attack is simple but destructive, it can control the victim’s browser then sends malicious commands to the network application software. This website is very easy to be attacked, partly because they are authorized to order according to the session cookie or "automatic memory function. The bank is a potential target.
attacker can use direct object reference and unauthorized access to other objects. When a web site address or other parameters include files, directories, database records or keyword reference object may occur this attack.
hackers can remotely execute code, remote installation rootkits or completely break a system. Any one received from the user file name or file network application software is the existence of loopholes. Vulnerability may be written in the PHP language, PHP is a scripting language most commonly used in the process of network development.
application software is generated and displayed to the user if the error information is also useful for hackers, that information may be privacy information, users of the software configuration or other internal data leaks.