Site security

Section: Site security

Website security refers to a set of security measures designed to prevent foreign computer attackers from hacking a website and unauthorized access to a website.
Because the website designer is more concerned about satisfying the user application, how to implement the business. Rarely pay attention to loopholes in the process of developing applications for websites.
⟹
These loopholes are almost invisible to those who do not pay attention to the design of the security code. Most website designers and website maintainers are poorly versed in attack and protection technologies for websites. During use, even if there is a security hole, ordinary users will not notice it.
⟹
Classification of attacks
1. Attacks using vulnerabilities in web servers. Such as CGI buffer overflows, directory traversal exploits, and other attacks;
2. Attacks by exploiting security holes in the web page itself. For example, SQL injection, cross-site scripting attacks, etc.
⟹
Application attack
1. Buffer overflow. An attacker uses a buffer-larger request and constructed binary to trick the server into executing malicious instructions on an overflow stack.
2. Cookie spoofing - Modify cookie data carefully to spoof users.
3. Authentication Evasion - Attackers use insecure certificates and identity management.
4. Illegal input - use various illegal data when inputting dynamic web pages to obtain confidential server data.
5. Forced access - access to unauthorized web pages.
6. Fake Hidden Variables - Modify hidden variables on a web page to trick the server program.
7. Denial of Service Attack - Create a large number of illegal requests so that the web server cannot respond to normal user access.
8. Cross-Site Scripting Attack - Submit illegal scripts and other users will steal the user account and other browsing information.
9. SQL injection. Write SQL code to be executed by the server and retrieve sensitive data.
10. URL Access Restriction Invalid - Hackers can gain access to unauthorized resource connections to force access to some landing pages and history pages.
11. Broken authentication and session management - session tokens are poorly protected, hackers can steal sessions after users log out.
12. DNS attack. Hackers use DNS loopholes to fool the DNS server so that DNS resolution is abnormal, the IP address is redirected, and the website server cannot be opened normally.

The foundation of website security is the plan to protect your website and its users from hackers and their malware. All of this includes understanding the components of your website, how they work together, and what vulnerabilities they have. There are all the most necessary materials that will help you solve security problems.
⟹
Below are all the materials covering this topic: