常见Web攻击手段及安全防范

Common Web attack methods and security precautionsAbstract:With the continuous development of Internet technology and the emergence of a seriesof new Internet products such as social networks and microblogs,Internet applications based onthe web environment are becoming more and more common.Various applications in the processof enterprise informatization are set up on the web platform.The rapid development of webservice application technology also makes more and more hackers turn their attention to webservices,SQL injection attacks,XSS (cross site script attack),files Upload a word Trojans to getwebshell and other attacks become more diverse,making it more difficult to judge and defend.Tounderstand the common attack means of the web is to better come up with countermeasures.Generally,enterprises with sufficient funds will purchase relevant firewalls or related safetyproducts and equipment,but for small and micro enterprises with relatively limited funds,thepurchase price of security equipment is high,and the engineers of small and micro enterprises mayhave limited ability,and they need to hire engineers of relevant manufacturers to maintain andupgrade security software or equipment after sale,which takes time and money.In addition,although it can ensure the security of some Web services,it is inevitable that some Web serviceswill be missed.Because the Web application security technology and hacker technology are alsodeveloping,hackers with certain technology can bypass the rules of the WAF intrusion preventionsystem to invade the web site.Based on the above problems,the main goal of this paper is to findout the common web service vulnerabilities,introduce the hacker's usual web service attackmethods,and provide some basic solutions to protect,so as to improve the security of Web siteservices.Keywords:SQL injection,XSS cross site script attack,file upload vulnerability,Precautions