Reputation: 48108
What is your must have defence methods to common web attacks like XSS, Sql Injection, Denial of Service, etc. ?
Edit : I collected your responses under descriptions from Wikipedia. And I add some extra questions to have a complete reference.
Sql Injection
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
Cross Site Scripting (XSS)
Cross-site scripting is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.
A denial-of-service attack
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.
I know it seems impossible to avoid denial-of-service attacks programmatically, but what you think ?
Brute Force Attacks
In cryptanalysis, a brute force attack is a method of defeating a cryptographic scheme by systematically trying a large number of possibilities; for example, a large number of the possible keys in a key space in order to decrypt a message. In most schemes, the theoretical possibility of a brute force attack is recognized, but it is set up in such a way that it would be computationally infeasible to carry out.
Some extra questions :
What do you think about web robots that try to post inputs according to your content ? For example SO is using an image validation.
What do you think about javascript eval function ?
Are there a way to access content on server which didn't exposed to outside. For example, I have a page that inserts some important records to my db, and only I know it's url. Is there a way to get this kind of files ? I know you can set some security rules over it.
(NOTE : Directory listing is disabled and I host this files.)
Thanks for the replies !
Upvotes: 6
Views: 640
Reputation: 865
What do you think about web robots that try to post inputs according to your content ? For example SO is using an image validation.
The image validation is called a CAPTCHA. It prevents automated bots from filling out forms and helps to verify that a human is actually submitting the form. These are generally used anywhere that you want to control access to the form. Spam bots will try to fill out contact forms to bypass spam filters, so you may need to add some protection on things like that. For the most part, form abuse is minimal, but you will see it in some cases.
What do you think about javascript eval function ?
It depends on how you use it. Like anything else, don't trust user input. If you're going to run their input through eval() make sure it's run through a decent sanitation process first. This is doubly important if you're storing their input in a database and pulling it back out the displaying it for other users to see. That goes for SQL, HTML, as well as JavaScript. If someone can get JS code executed with enough knowledge about how your site works, they can do all sorts of crazy things and imitate the user who is logged in, change their password, etc.
Are there a way to access content on server which didn't exposed to outside?
As someone else mentioned, this would be security through obscurity and is not recommended. Anything sensitive needs to be put behind a secure login area. Don't rely on the "hidden URL" alone. If someone guesses your special URL or it ends up in a log file that Google has access to, you may never know if someone manages to get in. Put some authentication around things like that.
Upvotes: 0
Reputation: 30934
Your question covers a large scope. I'll try to give you some pointers. If you specify your question more clearly, I can give you some more specific information.
Upvotes: 6
Reputation: 269658
Upvotes: 2
Reputation: 2329
We use a tool called fortify to scan our software http://www.fortify.com/ (sorry commercial product but maybe there are more)
It catches user input that is not validated, string concatenation instead of parameters and a lot more.
Just from trying this product you can learn how to program secure.
Upvotes: 1
Reputation: 60458
For XSS and SQL injection: never output or execute user-submitted content verbatim.
Upvotes: 3
Reputation: 126185
The most important is to prevent brute forcing of passwords. That simple by adding a delay when the password typed in is wrong.
Upvotes: 1