Step 1: In the client's browser type the web address into the browser, which will create the HTTP request sent to the web application server. If successful, it will load the site about vice versa if that fails I have to check the connection from the client to the web server is to smoothly might try using the ping command.Step 2: once the download web site, the web server requires user login account name and password, of course users must know I am using the application and your account, your password is. If you don't have an account we can register for an account to be accessed.Step 3: login successful message is displayed on the client browser. Suppose a user wants to perform cash bank account, users using the web application to withdraw to bank account. After taking steps to withdraw money as required, in the web server requested packets to the web application, the web application will check your account has sufficient funds at least be pulled or not if enough then it transfers to the server database.Step 4: In the server database it will query the information needed to calculate as the residual account number and stores the necessary information such as time, account information, etc.Step 5: once the query is complete, it will send back to the client the necessary notifications. CHAPTER 2: the TECHNIQUES of ATTACKS and WEB APPLICATION SECURITY FUNDAMENTALS2.1 the FLAWS in CHECKING the DATA ENTERED2.1.1 buffer overflow (Buffer Overflow)2.1.1.1 attack techniquesA volume of data that is sent to the application exceeds the amount of data that is allocated to the application is not executed was the next scheduled statement but instead must execute any code because Hackers take on the system. More so than if the application is configured to execute with root access on the system are regarded as hackers have captured the entire system of the web server. Most of the problems arose from the poor programming or new to the profession.For example, consider the following code snippet:Form (char * ch){ char buffer [256]; ...}In the following code if we enter into more than 256 characters will be buffer overflows.2.1.1.2 a number of security measures to overcomeWho set the shelf website or programming need to check carefully the data size when used. I.e., it has handled the exception. for example, as is the case on if that enter more than 256 characters will be buffer overflow so I add the code to handle the exception. As if more input 256 characters, then send a message asking the user to enter correct and allows the user to enter again.2.1.2 Crossed paths (Directory Traversal)2.1.2.1 technical attackApplications that use the file system of the server class application to display information stored temporarily. These files include image files, HTML files. Www folder/root is a root directory containing the web page, which is accessed from a browser. The web application can save inside or outside the www/root.If the application does not check the specials, often used in the path like "/", then it is possible that the application has vulnerabilities to attack across the path. The hacker can request the server send the contents of these files are outside the folder www/root may be/etc/password.For example, Hackers on the site read the informationhttp://www.juggyboy.com/.../.../index.html But if the Hacker changed the file to retrieve the following: http://www.juggyboy.com/get/process.php./.../.../.../etc/password So Hackers could gain access to the folder containing the password of the server system. As such, he has what he needs.
đang được dịch, vui lòng đợi..