How It Works?
Web security is a noted computer to prevent intruders to their website to external websites linked to horse, tampering with web pages, acts to make a series of defensive work.
Here are some attacks:
1, buffer overflow - An attacker who exploited beyond the request buffer size and structure of the binary code for the server to execute malicious commands stack overflow.
2, Cookie fake - well modify user counterfeit cookie data.
3. Certification escape - an attacker using insecure certificate and identity management.
4, the illegal import - using a variety of illegal data in the input dynamic web page, get the server of sensitive data.
5. Mandatory Access - access unauthorized pages.
6, hidden variable tampering - hidden variables on the page to be modified to deceive the server program.
7, denial of service attacks - construct a large number of illegal request, so that the Web server can not respond to the normal user access.
8, cross-site scripting attacks - submit unlawful script to steal user account information to other users while browsing.
9, SQL injection - the code for the server to construct SQL execution, access to sensitive data.
10, URL access restrictions failure - a hacker can access non-authorized access to some resource connection forced landing pages, pages of history.
11, destroyed --Session token authentication and Session Manager are not well-protected in the user out of the system, the hacker can be theft session.
12, DNS attacks - hackers use DNS spoofing vulnerability DNS server, so as to achieve DNS resolution is not normal, IP addresses are not normally turn lead to Web servers open.
and database to generate interactive web pages, if you do not enter the legality of data to conduct a comprehensive judgment on the user, it will make application security weaknesses. Users can submit data can be submitted normal URL or form input box some crafted database query code to make back-office applications with SQL code execution attack, the attacker based on the results of the program returns, access to certain sensitive he wanted to know the data, such as administrator passwords, confidential business information.
Cross-site scripting attacks
With the attack on the application layer, the traditional network security devices can not effectively address the current security threats, security issues faced by network application deployment must go through a newly designed, high-performance application-layer attack protection Security Firewall - Application Firewall to resolve. Application firewall to handle the application layer through the implementation of internal application session requests. Application Firewall protects Web applications dedicated to traffic and all related application resources from attacks take advantage of Web protocols. Application firewalls can prevent the browser and HTTP attacks will be used for malicious purposes application behavior. These attacks include the use of special characters or wildcard attack data, modify data, trying to get a command string or logical statement logic content attacks, as well as accounts, files or host as the main target of the attack target.
by hackers using a common flood attacks, blocking DNS server, causing the DNS server does not work, so as to achieve the domain name resolution fails, causing the site inaccessible.