开发者

Anything else other than sql injection?

I have done a lot of research and the longer i search and can't find an answer the happier i get.

I have written my own php mvc web framework, and i worry that SQL Injection is the only vulnerability开发者_开发问答 i needed to worry about.

I used my own database abstraction methods and support different databases, and my statements are sql injection proof. So my question is simple, is there anything else i need to worry about, in regards to protecting my database.

If there are any, please provide details or an article where i can get more information, and if possible, solutions too.

Thank you. Ibrahim


  • If you allow uploads, do you limit the size of the files that are uploaded, or the amount?

  • Besides protecting yourself from SQL injection, do you explicitly limit the length of data?

  • Do you limit the amount of times data can be inserted into your database?

  • Besides SQL injection, are you protected against JavaScript injection? If I store <script>malicious code</script> in your database, are you sure that the code won't be executed when someone views my text via a browser?


There's a lot more to worry about than SQL injection, just take a look at the list here:

https://www.owasp.org/index.php/Category:Vulnerability

Some of the more common ones are:

  • Session hijacking
  • Being able to guess (and access) other records by id
  • Non-encrypted public record IDs
  • Ability to upload executable files
  • Ability to access other's files
  • Authentication/authorization vulnerabilities
  • Session fixation

The list goes on and on but take a look at PHP's security doc user notes, there's some pretty good comments in there:

http://www.php.net/manual/en/security.php


Datawise, escape all incoming data and entity/specialchars all outgoing data. Simple philosophy that ensures you only operate on data once going in and once going out.

Consider session hijacking, cookie edits hacks, form tampering (don't use direct value of select and hidden forms. assign them a key like an integer that corresponds to an element in an array and use that key to get the value of the element.)


if you're usint .net just do a quick google search. You can prevent most attacks by modifying your web config.

<authentication mode="Forms">
  <forms protection="All" loginUrl="~/Account/Login.aspx" timeout="30" slidingExpiration="true" />
</authentication>

as far as other things, then yes there are a few things you might need to worry about. such as people passing <script>alert('boo');</script> in their input. so when it's time for outputting the database value, you might subject your customers to security threats. assuming teh alert('boo') is something more evil.

tehre's a comprehensive list here https://www.owasp.org/index.php/Main_Page

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜