Безопасност и защита на Web приложения

Embed Size (px)

Text of Безопасност и защита на Web приложения

1. H H Microsoft H : WEB 2014. : , VI : . - : , 9. . . 400295 2. ...................................................................................................................................................4 .....................................................................................................................................4 Phishing..........................................................................................................................................4 .................................................................................................................4 ............................................................................................................................................5 DoS (Denial of Service attacks)..............................................................................................5 Flood ( Flood Feed / ) . .........................................................................................5 Sniffing ...........................................................................................................................................7 IP Hijack..........................................................................................................................................7 IP Spoofing......................................................................................................................................8 Brute Force .....................................................................................................................................8 Back Orifice (Net Bus, Masters of Paradise .)............................................................................8 Dummy DNS Server.........................................................................................................................8 Dummy ARP Server.........................................................................................................................9 Fuzzy...............................................................................................................................................9 Hack................................................................................................................................................9 Host Spoofing .................................................................................................................................9 Puke................................................................................................................................................9 Port Scan. .......................................................................................................................................9 Syslog Spoofing.............................................................................................................................10 Spam.............................................................................................................................................10 Traffic Analysis (Sniffing)...............................................................................................................10 Trojan Horse. ................................................................................................................................10 Worms..........................................................................................................................................11 File Worms....................................................................................................................................11 Botnet...........................................................................................................................................11 Unreachable (dest_unreach, ICMP type 3). ...................................................................................12 UDP Storm....................................................................................................................................12 3. HRS (HTTP Resource Splitting )......................................................................................................12 Web Cache Poisoning....................................................................................................................12 Browser Cache Poisoning..............................................................................................................12 Malware .......................................................................................................................................13 Keyloggers Screenloggers...........................................................................................................13 Pharming ......................................................................................................................................13 Man-in-the-Middle........................................................................................................................13 Man-in-the-Browser......................................................................................................................13 Spyware........................................................................................................................................14 Buffer Overflow ............................................................................................................................14 Heap Overflow..............................................................................................................................14 Stack Overflow..............................................................................................................................14 Integer Overflow...........................................................................................................................14 Cross Site Scripting (XSS)...............................................................................................................15 alicious file execution ................................................................................................................15 Session Hijacking...........................................................................................................................16 SQL Injection.................................................................................................................................16 Cross-site request forgery (CSRF) ..................................................................................................16 Hidden Fields Manipulation ..........................................................................................................16 .........................................................................................16 ....................................................................................................17 .............................................................................................................18 .............................................................................................................21 .....................................................................................................................................23 ......................................................................................................................24 4. . , , , . Web , , . , . , , . - , , . , (, , , .), , . - , , , . Phishing , , "", , . , , , . , . , , , , . , . ( - , , .) 5. , , , .. . . , - . , , - . , , , . DoS (Denial of Service attacks) , . , , . DS : Floods, ICMP Flooding, Identification Flooding . - DoS : Flood ( Flood Feed / ) . - SYN Flood SYN. , SYN / ACK. , , ; - ICMP Flood Ping Flood ICMP ; - Identification Flood (Ident Flood). ICMP Flood, identd 113 , - . - DNS Flood - DNS . DNS , , . , . - DDoS (DDoS) . - Boink (Bonk, Teardrop) - , . , - , . . 6. - Pong , , , , ; - Smurf - ICMP , . ICMP , . ISP ", . , , -. ICMP -. , ICMP -. , , , WAN ISP . - , - . - Ping of Death - , , (maximum transmission unit MTU) . MTU . , MTU, - (). IP , ICMP , 65535 ( ). , , . - , . - UDP Flood DNS - . . DNS , . - IP . , DNS - , , . - HTTP Flood - , . , HTTP . 7. . DDoS / Botnet, , - . - . , , , HTTP . . - . . . , , w3cache . , . DoS. - Land , , , . ( : : 192.168.0.101, 9006, : 192.168.0.101 9006). , . 100% . - Mail Bombing. , . , , , , . , , DoS. - , . Sniffing . , .. , , . . IP Hijack , . , . , - . 8. IP Spoofing IP () . , IP , . . , . , , . Brute Force , , . . - , - . Back Orifice (Net Bus, Masters of Paradise .). , . , , , 313