前言
刚接触这方面,下面是在阅读相关知识时看到的一篇总结性的文章,很多东西没怎么看懂,就先记录下来了。算是对参考文献的阅读笔记吧。
OWASP
一个世界范围的致力于提高应用程序安全性的自由开源社区。
目的是使应用程序的安全性变得可视化
发布一个完整的测试框架,人们可以根据需要建立自己的测试程序。
测试任务——>测试报告
流程
开始web渗透测试——信息搜集——配置以及部署管理测试——身份鉴别管理测试
——认证测试——授权测试——会话管理测试——输入验证测试——错误处理测试
——密码学测试——业务逻辑测试——客户端测试——输出交付件,结束测试
1、收集信息(很关键,收集尽可能多的信息)
OSINT(公开来源情报)、子域名、应用程序入口、web服务器、应用程序框架等
- 各类搜索引擎,对应搜索技巧。google hacking
- 探测web服务器,如Apache、Nginx、IIS等,以及对应版本
- Meta文件(元文件),如robots.txt,页面HTML源码
服务器上的各种应用,
- ssh,rtsp等
- 非80,443端口的web应用
- 同一域名,不同路径的应用
- 页面源码,js代码,meta标签,代码注释等
- 应用入口,执行路径等,要了解站点结构
- web应用框架,JQuery,vue,django,Spring,Struts2,Hibernate等
- 定位应用框架,需要了解整个web应用的框架,画出应用的架构拓扑图
2、配置以及部署管理测试
web环境:操作系统、web服务器、web容器、开发框架、编程语言等
- 对网络和基础设施的配置测试
- web服务器本身的配置测试
- 文件上传以及路径爆破
- 旧文件、备份文件、未引用文件、隐藏文件、临时文件、特殊后缀文件,old、bak
- 枚举管理员入口
- 枚举http方法
- 强制执行使用https
- 分析跨域测试
3、身份鉴别管理测试
登录:身份、认证、授权
认证方式:密码、PIN、工卡、钥匙、指纹、虹膜、签名等
授权方式:DAC(自主访问控制)、MAC(强制访问控制)、RBAC(基于角色的访问控制)、ABAC(基于属性的访问控制)
- 了解角色,基于角色的访问控制RBAC
- 测试注册流程,用户角色分配处理流程
- 用户名枚举,部分弱用户名策略
- 检测guest用户、匿名用户等,测试这些账户的权限
- 账户的暂停和恢复
4、认证测试
怎么证明你是你【狗头】,需要了解认证机制
- 认证传输是否加密,是否不通过https进行认证
- 系统是否有默认凭证,新账户是否有默认密码
- 检测认证过程锁定机制
- 检测认证绕过
- 客户端如何记住密码
- 浏览器缓存
- 弱密码策略检测
- 弱安全问题及答案
- 密码更改和重置检测
- 非客户端与服务端直接交互的认证方式检测,如手机验证码,手机令牌等
5、授权测试
授权测试以会话为中心
- 测试目录遍历/文件包含,判断能否查看无权限查看的东西
- 绕过授权机制,首先要了解如何授权
- 测试越权,分为水平越权和垂直越权,user修改admin信息属于垂直越权,user1修改user2信息属于水平越权
- IDOR,不安全的直接对象引用,引用了不属于自己的对象,如student引用了teacher的id(也可以看作是一个水平越权)
6、会话管理测试
CSRF:Cross-site request forgery,跨站请求伪造,网站用户提交了未经授权的命令,通过跨站请求伪造,网站应用程序信任这些命令。
会话固定、会话退出、会话超时等等
- 会话机制绕过,会话id预测,爆破,劫持等
- 检测cookie是否带有http only和secure属性
- 会话id是否被加密,是否通过get传输,这些都是id可能泄露的途径
- 会话时效性,超时后会话是否依旧有效
- 用户登出后,会话是否有效
- 会话变量重载,即一个对话有多个使用场景
7、输入验证测试
内容很多
8、错误处理测试
输入异常错误,进行测试。
- 检测服务器返回不同状态码时是否存在信息泄露,服务器异常等
- 分析调用栈
9、密码学测试、业务逻辑测试、客户端测试
相对独立,可以独立测试
学习路线
- 网络安全、web安全的一些概念
- 单个漏洞角度学习
- 综合性的web资源
- 安全测试指南解读
多去实践
参考文档
学习资料
- OWASP官网
- owasp-skf单个漏洞讲解
- web-application-security-tools-resources综合性的web安全资源
- 安全测试指南-第四版中文版
本文由 szr 创作,采用 知识共享署名4.0 国际许可协议进行许可
本站文章除注明转载/出处外,均为本站原创或翻译,转载前请务必署名
最后编辑时间为: Sep 15, 2021 at 09:12 am
Thanks so much for giving everyone an exceptionally splendid opportunity to read articles and blog posts from this blog. It is usually so good and also jam-packed with a good time for me personally and my office mates to search your website at least three times in one week to find out the fresh items you have got. And definitely, I'm usually contented with all the breathtaking opinions you serve. Certain 4 tips in this posting are unquestionably the most beneficial we have had.
buy adalat 30mg online cheap aceon drug buy fexofenadine 180mg online cheap
norvasc generic buy generic lisinopril 10mg buy prilosec pill
I simply wanted to say thanks once more. I'm not certain the things that I could possibly have followed without the type of suggestions shared by you on such a concern. Completely was a real depressing difficulty in my circumstances, however , seeing the very expert form you resolved that forced me to weep over fulfillment. I will be happier for this service and then trust you find out what a great job you happen to be carrying out teaching many people through the use of your websites. I am sure you haven't encountered any of us.
I simply wished to appreciate you again. I do not know the things I could possibly have gone through without those aspects shown by you relating to my subject matter. Certainly was a frightful situation in my opinion, but discovering a specialized tactic you processed the issue made me to cry over gladness. Now i am thankful for the help and believe you comprehend what an amazing job you are always providing training many others via your websites. I'm certain you've never got to know any of us.
where to buy singulair without a prescription buy dapsone 100 mg pill avlosulfon price
I not to mention my buddies have been analyzing the best advice from the website and the sudden came up with an awful suspicion I had not expressed respect to the web site owner for those secrets. These people had been passionate to read through them and have in effect honestly been using those things. Thanks for really being quite helpful and then for deciding upon these kinds of fine issues most people are really desperate to learn about. Our own honest regret for not expressing gratitude to you earlier.
buy albuterol generic purchase pantoprazole pill buy generic phenazopyridine 200mg
I want to express my appreciation to the writer for rescuing me from this type of instance. After looking through the internet and finding strategies which are not beneficial, I figured my life was over. Existing without the solutions to the issues you've resolved through your main blog post is a crucial case, as well as those which may have in a negative way damaged my entire career if I hadn't encountered your web blog. Your primary expertise and kindness in dealing with the whole thing was invaluable. I'm not sure what I would have done if I hadn't come upon such a subject like this. I can also at this time relish my future. Thanks a lot so much for the expert and result oriented guide. I won't be reluctant to propose your web sites to anyone who needs care on this issue.
naprosyn pills buy naproxen 500mg without prescription buy lansoprazole 30mg pill