Professional Documents
Culture Documents
Mc ch bui seminar
Nhng phn khc application th
c th gii u dng chung nn
c th gii u ra sc bt li bo
mt.
Cn phn application lp trnh
vin t vit nn phi t gii quyt.
=> Chng ta l lp trnh vin web.
Bui seminar ny nng cao hiu
bit v cc li bo mt thng
gp phn application, phn do
chnh chng ta t tay to ra!
Load balancer
Web server
...
Application
MySQL
Memcached
Tm hiu cc li bo mt v
cch trnh
...
Trit l trnh li bo mt
Input:
Li dng lng tin ca
server dnh cho user
Output:
Li dng lng tin ca
user dnh cho server
Cn bn v session
WHAT: Session l g?
Client
Server
Request
Server nhn nhiu
request c lp
Cng 1 client
Request
Request
Vn l server phi
lm sao nhn bit
chng cng thuc v 1
user
=> Khi nim session
V d thc t
Mi ln Trn Quang n my ATM
rt tin,
lm sao my ATM bit
Trn Quang ng l Trn Quang ?
Nhm 1: Ch lu client
* Nhng vo URL
(href ca link hoc
action ca form)
* Cookie
Session thng c biu din
di dng hash (key-value)
Demo
Cch lu session ca:
* Java Servlet 2.5: adon.jp
* Rails 3
Q: Cookie l g?
A:
Client
Header
Key Value
Key Value
Server
Request
Body
Response
Header
Key Value
Set-Cookie Value
Key Value
Body
Header
Key Value
Cookie Value
Key Value
Body
Request
Q: Lm th no thc hin
tnh nng login cho trang web?
Li khuyn v session
Mc lc
SQL injection
CSRF
Redirection (mt trong nhiu cch phishing)
Cookie replay
XSS
Session fixation
Cc li c th:
* Lin quan vi nhau, v d XSS v session fixation, XSS v
CSRF
* B nhm vi nhau, v d XSS hay b nhm vi CSRF
SQL injection
Cch trnh:
* Dng prepared statement u tin s 2
* Dng hm tin ch SQL escape tham s
Hu ht cc framework v th vin u gip
escape sn u tin s 1
CSRF
Q: 2 screenshot ging nhau im no?
http://vnexpress.net/Vietnam/Vitinh/Hacker-Virus/2007/03/3B9F3B21/
http://vnexpress.net/Vietnam/Vitinh/2007/03/3B9F3BF1/
Nguyn nhn:
Lp trnh vin (v designer!) ln ln GET v
POST, dng GET sa, xa, to v.v. d liu
<a>, <img>, <form method=get> GET
(<a> c th l POST nu dng Ajax, lc ny <a>
ch dng to event)
Cch nh: GET = ly = copy d liu t server v,
nn khng c lm thay i d liu trn server
Cch trnh:
* Dng POST khi khng phi l GET (link c th l POST nu dng
Ajax)
* Form phi dng POST tr form c bit, v d form search
* Thm ch dng POST cng vn cht nh thng (xem XSS)
=> Cn dng km token (m user ny khng th on ra c
token ca user kia, v d session ID)
* C th dng GET, nhng URL phi cha token
<img src=http://...?
act=del&prf_photo=1&token=16d5b78abb28e3d6206b60f22a03
c8d9 />
Redirection
(mt trong nhiu cch phising)
Khi user vo trang http://mobion/abc no ,
server kim tra nu user cha login th s
redirect user n /login?url=http://mobion/abc
Sau khi user login thnh cng, server s redirect
user n url trn
Cookie replay
Trang web lu session client only (URL hoc
cookie Li thng gp vi cookie hn)
XSS
B li ny l thi ri, hacker coi nh ton quyn iu khin
trang web (c th lm gi mi user khi h truy cp vo
trang cha ni dung do hacker post). Hacker c th li
dng tn cng chnh site ny v nhng site khc (nu
chng b li bo mt khc nh CSRF)
<script>$.post(/delete_article/1)</script>
<script>$.post(http://mobion.com/delete_article/1)</script>
Cch trnh:
* Nu trang web ch cho user nhp plain text:
HTML escape (HTML escape ch khng phi
SQL escape) chui khi xut ra cho user
* Nu trang web cho php user nhp HTML:
Cn qui nh ch nhng tag no mi hp l
(white list) + sanitize input Ch : dng white
list, khng dng black list v black list c
chng minh l khng an ton
Session fixation
Hacker bng cch no c nh (fix) c
session ID ca user
V d: n my ca Nhi, copy tp tin cookie
V d:
<script>
document.cookie="_session_id=16d5b78abb28e
3d6206b60f22a03c8d9";
</script>
Cch trnh:
* Trnh XSS
* Reset session ngay khi user login
Trnh session fixation ch cn 1 cu lnh:
(1 cu lnh cu c th gii )
reset_session
Tham kho