前言
刚接触这方面,下面是在阅读相关知识时看到的一篇总结性的文章,很多东西没怎么看懂,就先记录下来了。算是对参考文献的阅读笔记吧。
OWASP
一个世界范围的致力于提高应用程序安全性的自由开源社区。
目的是使应用程序的安全性变得可视化
发布一个完整的测试框架,人们可以根据需要建立自己的测试程序。
测试任务——>测试报告
流程
开始web渗透测试——信息搜集——配置以及部署管理测试——身份鉴别管理测试
——认证测试——授权测试——会话管理测试——输入验证测试——错误处理测试
——密码学测试——业务逻辑测试——客户端测试——输出交付件,结束测试
1、收集信息(很关键,收集尽可能多的信息)
OSINT(公开来源情报)、子域名、应用程序入口、web服务器、应用程序框架等
- 各类搜索引擎,对应搜索技巧。google hacking
- 探测web服务器,如Apache、Nginx、IIS等,以及对应版本
- Meta文件(元文件),如robots.txt,页面HTML源码
服务器上的各种应用,
- ssh,rtsp等
- 非80,443端口的web应用
- 同一域名,不同路径的应用
- 页面源码,js代码,meta标签,代码注释等
- 应用入口,执行路径等,要了解站点结构
- web应用框架,JQuery,vue,django,Spring,Struts2,Hibernate等
- 定位应用框架,需要了解整个web应用的框架,画出应用的架构拓扑图
2、配置以及部署管理测试
web环境:操作系统、web服务器、web容器、开发框架、编程语言等
- 对网络和基础设施的配置测试
- web服务器本身的配置测试
- 文件上传以及路径爆破
- 旧文件、备份文件、未引用文件、隐藏文件、临时文件、特殊后缀文件,old、bak
- 枚举管理员入口
- 枚举http方法
- 强制执行使用https
- 分析跨域测试
3、身份鉴别管理测试
登录:身份、认证、授权
认证方式:密码、PIN、工卡、钥匙、指纹、虹膜、签名等
授权方式:DAC(自主访问控制)、MAC(强制访问控制)、RBAC(基于角色的访问控制)、ABAC(基于属性的访问控制)
- 了解角色,基于角色的访问控制RBAC
- 测试注册流程,用户角色分配处理流程
- 用户名枚举,部分弱用户名策略
- 检测guest用户、匿名用户等,测试这些账户的权限
- 账户的暂停和恢复
4、认证测试
怎么证明你是你【狗头】,需要了解认证机制
- 认证传输是否加密,是否不通过https进行认证
- 系统是否有默认凭证,新账户是否有默认密码
- 检测认证过程锁定机制
- 检测认证绕过
- 客户端如何记住密码
- 浏览器缓存
- 弱密码策略检测
- 弱安全问题及答案
- 密码更改和重置检测
- 非客户端与服务端直接交互的认证方式检测,如手机验证码,手机令牌等
5、授权测试
授权测试以会话为中心
- 测试目录遍历/文件包含,判断能否查看无权限查看的东西
- 绕过授权机制,首先要了解如何授权
- 测试越权,分为水平越权和垂直越权,user修改admin信息属于垂直越权,user1修改user2信息属于水平越权
- IDOR,不安全的直接对象引用,引用了不属于自己的对象,如student引用了teacher的id(也可以看作是一个水平越权)
6、会话管理测试
CSRF:Cross-site request forgery,跨站请求伪造,网站用户提交了未经授权的命令,通过跨站请求伪造,网站应用程序信任这些命令。
会话固定、会话退出、会话超时等等
- 会话机制绕过,会话id预测,爆破,劫持等
- 检测cookie是否带有http only和secure属性
- 会话id是否被加密,是否通过get传输,这些都是id可能泄露的途径
- 会话时效性,超时后会话是否依旧有效
- 用户登出后,会话是否有效
- 会话变量重载,即一个对话有多个使用场景
7、输入验证测试
内容很多
8、错误处理测试
输入异常错误,进行测试。
- 检测服务器返回不同状态码时是否存在信息泄露,服务器异常等
- 分析调用栈
9、密码学测试、业务逻辑测试、客户端测试
相对独立,可以独立测试
学习路线
- 网络安全、web安全的一些概念
- 单个漏洞角度学习
- 综合性的web资源
- 安全测试指南解读
多去实践
参考文档
学习资料
- OWASP官网
- owasp-skf单个漏洞讲解
- web-application-security-tools-resources综合性的web安全资源
- 安全测试指南-第四版中文版
本文由 szr 创作,采用 知识共享署名4.0 国际许可协议进行许可
本站文章除注明转载/出处外,均为本站原创或翻译,转载前请务必署名
最后编辑时间为: Sep 15, 2021 at 09:12 am
Read reviews and was a little hesitant since I had already inputted my order. or just but thank god, I had no issues. similar to received item in a timely matter, they are in new condition. an invaluable so happy I made the purchase. Will be definitely be purchasing again.
cheap real jordans https://www.retrocheapjordansshoes.com/
Read reviews and was a little hesitant since I had already inputted my order. or perhaps even but thank god, I had no issues. including the received item in a timely matter, they are in new condition. you decide so happy I made the purchase. Will be definitely be purchasing again.
louis vuitton outlet sale online https://www.louisvuittonsoutletstore.com/
Thank you a lot for giving everyone a very marvellous chance to check tips from this web site. It is often so superb and jam-packed with a lot of fun for me personally and my office colleagues to search the blog at minimum thrice in one week to find out the latest items you will have. And indeed, I'm so at all times happy for the exceptional creative ideas you serve. Certain 4 ideas in this post are in reality the finest we have ever had.
tadalafil 20mg pill cialis 40mg pill ed pills no prescription
I together with my buddies were actually reading through the good secrets from your web site and so before long I had an awful suspicion I never expressed respect to the site owner for those secrets. Those ladies are already as a result thrilled to read all of them and have now pretty much been tapping into these things. Appreciate your being simply helpful as well as for deciding upon certain marvelous guides millions of individuals are really desirous to understand about. My personal sincere regret for not saying thanks to you sooner.
I want to express my gratitude for your kindness for men and women that must have guidance on your area of interest. Your special commitment to passing the message throughout appears to be extraordinarily good and have helped workers just like me to get to their targets. Your own informative advice implies so much to me and additionally to my office workers. Thanks a lot; from each one of us.
I would like to show my respect for your generosity in support of all those that must have help on this particular concern. Your special dedication to getting the solution around had become wonderfully powerful and has usually enabled professionals like me to reach their dreams. Your own warm and friendly recommendations means a lot to me and far more to my office workers. With thanks; from everyone of us.
Thank you a lot for giving everyone such a special chance to read in detail from this blog. It's always very terrific and also packed with fun for me personally and my office colleagues to search the blog nearly three times in a week to see the latest things you have. And indeed, I'm also always contented with the terrific pointers served by you. Selected 2 ideas in this article are absolutely the most impressive we've ever had.
I really wanted to write down a word in order to express gratitude to you for all of the lovely suggestions you are giving at this website. My long internet look up has finally been rewarded with reliable know-how to write about with my friends. I 'd point out that most of us readers are very much endowed to be in a very good community with very many outstanding individuals with interesting strategies. I feel very much blessed to have encountered your entire website and look forward to plenty of more exciting minutes reading here. Thanks a lot once again for all the details.
I just wanted to thank you for the fast service. properly they look great. I received them a day earlier than expected. which includes the I will definitely continue to buy from this site. no matter what I will recommend this site to my friends. Thanks!
www.realcheapretrojordanshoes.com https://www.realcheapretrojordanshoes.com/