This document provides an overview of web application architecture and security. It describes the typical layers of a web application including the browser, web server, application server, and database server. It then discusses various types of attacks against web applications like SQL injection, cross-site scripting, and hidden field manipulation. Finally, it outlines best practices for secure coding and system scanning to prevent vulnerabilities.
28. handler
html handler
html cgi
handler cgi
default handler
handler
default handler cgi
html jsp
handler html java compiler
java run-time
handler forcing Sun Java Web Server
URL
30. SQL Poisoning & Injections
sql statement
sql statement DBMS
SQL Query)
sql statement
database
Dim sql_con , result, sql_qry
Const CONNECT_STRING =
“Provider=SQLOLEDB;SERVER=WEB_DB;UID=sa;
PWD=xyzzy”
sql_qry = “SELECT * FROM PRODUCT WHERE ID =”
31. Set objCon =
Server.CreateObject(“ADODB.Connection”)
ObjCon.Open CONNECT_STRING
Set objRS – objCon.Execute(strSQL);
http://10.0.0.3/showtable.asp?ID=3+OR+1=1
32. Query Statement
SELECT * FROM PRODUCT WHERE ID=3OR 1=1
PRODUCT
http://10.0.0.3/showtable.asp?ID=3%01DROP+TABLE+PR
ODUCT
SELECT * FROM PRODUCT WHERE ID=3
DROP TABLE PRODUCT
SQL statement
39. Input & Output
validation
NEVER TRUST CLIENT
SIDE DATA)
Client Side Script
JavaScript , VBScript , Java
Applets , Flash , Active X , CSS XML/XSL
script script
40. Sanity Checking
YES NO drop
system call directory
traversal NULL character
HTML
HTML
41. HTML
tag webmail,
message board chat HTML Allow List
HTML tag
drop HTML tag tag
HTML <APPLET> , <BASE> , <BODY> ,
<EMBED> , <FRAME> , <FRAMESET> , <HTML> , <IFRAME>
,
<IMG> , <LAYER> , <META> , <OBJECT> , <P> , <SCRIPT> ,
<STYLE> HTML tag attributes STYLE> ,
<SRC> , <HREF> , < TYPE>
HTML
42. SSL
HTTP
HTTP Plaintext
Sniffer
HTTP
HTTP SSL
(Secure Socket Layer)
Web Client Web Server SSL
transport
Client & Server Authentication
43. SSL
SSL
Web Browser Public Key Server
Browser
Server Server
SSL
SSL
Server Certificate)
Public Key)
44. HTML forms
hidden form element
hidden
hidden element
password element
SSL plain text
password element method
HTTP/GET HTTP/POST
MaxSize Attribute (<input MaxSize=”##”>)
45. Cookies
Cookies
Cookie
persistent : Cookie
non-persistent : Cookie
Cookies
User Authentication
State Management
Saving user preference
Cookies
• Cookies Plaintext
46. • restrictive path Cookies
• Authentication valid
• Cookies
• Token ID
• Cookies Timeout Cookies
• Authentication
Business Intranet
authentication
• Authentication
header
User-Agent , Accept-Language , Etc.