跨站脚本攻击资源-CSDN文库

防止跨站脚本

CRSF

需积分: 10 8 浏览量 2013-09-10 14:27:43 上传评论收藏 853KB PDF 举报

资源详情

资源评论

Unicode Security

Software Vulnerability Testing Guide

(DRAFT DOCUMENT – this document is currently a preview in DRAFT form. Please contact me with corrections or feedback.)

Software Globalization provides a unique set of challenges for software engineers, and a rich attack

surface for security researchers. This document attempts to shed light on some of the security issues

exposed when developing Unicode-enabled software. Software engineers may find it useful in

developing more secure code, and testers for finding security vulnerabilities.

July 2009

Casaba Security, LLC

www.casabasecurity.com

Chris Weber

Email: chris@casabasecurity.com

Blog: www.lookout.net

Table of Contents

1 Introduction .................................................................................................................................... 4

2 Unicode Background .................................................................................................................... 4

2.1 Brief History of Character Encodings .......................................................................................................... 4

2.2 Brief Introduction to Unicode ......................................................................................................................... 4

2.2.1 Code Points .................................................................................................................................................... 5

2.3 Character Encoding ............................................................................................................................................. 6

2.4 Character Escape Sequences and Entity References ............................................................................. 7

2.5 Focus Points for Security Testing .................................................................................................................. 8

3 Visual Spoofing ............................................................................................................................... 9

3.1 Problem Backgrounder .................................................................................................................................... 10

3.2 State of modern software ................................................................... Error! Bookmark not defined.

3.2.1 Web Browsers ............................................................................... Error! Bookmark not defined.

3.2.2 Email Clients .................................................................................. Error! Bookmark not defined.

3.2.3 Web-applications .................................................................... Error! Bookmark not defined.18

3.2.4 Other ................................................................................................. Error! Bookmark not defined.

3.3 Standards and Guidance ..................................................................... Error! Bookmark not defined.

3.4 Visual Spoofing Attacks ...................................................................... Error! Bookmark not defined.

3.4.1 Lookalikes and Counterfeits ................................................... Error! Bookmark not defined.

3.5 Defenses and Solutions ....................................................................... Error! Bookmark not defined.

4 Character and String Transformation Vulnerability ........................................................ 9

4.1 Round-trip conversions: a common pattern ............................................................................................. 9

4.2 Best-Fit Mappings .............................................................................................................................................. 10

4.2.1 Guidance and Tooling ............................................................................................................................. 12

4.2.2 Tools ............................................................................................................................................................... 12

4.3 Charset transcoding and character mappings .......................... Error! Bookmark not defined.

4.3.1 Guidance and Tooling ................................................................ Error! Bookmark not defined.

4.3.2 Tools .................................................................................................. Error! Bookmark not defined.

4.4 Normalization ......................................................................................... Error! Bookmark not defined.

4.4.1 Guidance and Tooling ................................................................ Error! Bookmark not defined.

4.4.2 Tools .................................................................................................. Error! Bookmark not defined.

Unicode Security: Software Vulnerability Testing Guide

2009

Page | 3 of 12

4.5 Canonicalization of non-shortest form UTF-8 ........................... Error! Bookmark not defined.

4.5.1 Guidance and Tooling ................................................................ Error! Bookmark not defined.

4.5.2 Tools .................................................................................................. Error! Bookmark not defined.

4.6 Over consumption of ill-formed byte sequences (or code units) ......... Error! Bookmark not

defined.

4.6.1 Well-formed and ill-formed byte sequences .................... Error! Bookmark not defined.

4.6.2 Table 3-7. Well-Formed UTF-8 Byte Sequences ............. Error! Bookmark not defined.

4.6.3 Handling ill-formed byte sequences .................................... Error! Bookmark not defined.

4.6.4 Guidance and Tooling ................................................................ Error! Bookmark not defined.

4.6.5 Tools .................................................................................................. Error! Bookmark not defined.

4.7 Handling the Unexpected ................................................................... Error! Bookmark not defined.

4.7.1 Unexpected inputs....................................................................... Error! Bookmark not defined.

4.7.2 Character Substitution .............................................................. Error! Bookmark not defined.

4.7.3 Character Deletion ...................................................................... Error! Bookmark not defined.

4.7.4 Guidance and Tooling ................................................................ Error! Bookmark not defined.

4.7.5 Tools .................................................................................................. Error! Bookmark not defined.

4.8 Upper and Lower Casing .................................................................... Error! Bookmark not defined.

4.8.1 Guidance and Tooling ................................................................ Error! Bookmark not defined.

4.8.2 Tools .................................................................................................. Error! Bookmark not defined.

4.9 Buffer Overflows .................................................................................... Error! Bookmark not defined.

4.9.1 Upper and Lower Casing Operations................................... Error! Bookmark not defined.

4.9.2 Normalization Operations ....................................................... Error! Bookmark not defined.

4.9.1 Guidance and Tooling ................................................................ Error! Bookmark not defined.

4.9.2 Tools .................................................................................................. Error! Bookmark not defined.

4.10 Controlling Syntax................................................................................. Error! Bookmark not defined.

4.10.1 Guidance and Tooling ................................................................ Error! Bookmark not defined.

4.10.2 Tools .................................................................................................. Error! Bookmark not defined.

4.11 Character Set Mismatch ...................................................................... Error! Bookmark not defined.

4.11.1 Guidance and Tooling ................................................................ Error! Bookmark not defined.

4.11.2 Tools .................................................................................................. Error! Bookmark not defined.

5 Conclusion ................................................................................... Error! Bookmark not defined.

剩余11页未读，继续阅读

评论收藏

内容反馈

跨站脚本攻击

评论0

最新资源

跨站脚本攻击

评论0

最新资源

相关推荐

跨站脚本攻击实例解析

也谈跨站脚本攻击与防御

XSS跨站脚本攻击

关于跨站脚本攻击问题

PHP 跨站脚本攻击漏洞修复 v1.0

XSS跨站脚本攻击剖析与防御

XSS跨站脚本攻击剖析与防御.pdf

xss跨站脚本攻击

跨站脚本攻击原理与防范

XSS跨站脚本攻击在Java开发中防范的方法

XSS跨站脚本攻击漏洞修复方法

web安全技术-实验七、跨站脚本攻击（xss）（反射型）.doc

解析如何防止XSS跨站脚本攻击

xss跨站脚本攻击-运维安全详细笔记

xss跨站脚本攻击与预防

XSS跨站脚本攻击课件

xss跨站脚本攻击详解

Java第十五届蓝桥杯大赛软件JavaB组真题

SwitchHosts

安卓期末大作业（AndroidStudio开发），垃圾分类助手app，分为前台后台，代码有注释，均能正常运行

Notepad++安装包

2024北森能力测评题库.7z

微信小程序源码-合集1.rar

Java面试八股文2023最新版

Linux Centos7 升级最新版OpenSSH-9.6p1 有脚本（支持离线）

JDK1.8 windows 64位

ruoyi-vue-pro 芋道源码项目的表结构

myeclipse 10.7.1 windows 安装包

ja-netfilter-all