0827 early test XXS attack. Reflow and redraw, sql injection, csrf attack, cookie and session

  1. What is XSS attack and how to defend it

    • XSS (Cross Site Scripting) is a common computer security vulnerability in web applications XSS injects malicious runnable scripts into the client. If the server does not process the user input, it directly outputs the user input to the browser, and then the browser will execute the user injected scripts.
    • Filter malicious scripts by filtering user input
      • Get user input, No innerHTML, innerText.
      • Filter user input. For example, the implementation of HTMLEncode function should at least escape symbols such as & < > "/, into & amp & lt & gt & quote &#x27/
  2. What is reflow and redraw and how to optimize them

    • There are two threads for the browser to render a page: one is to render js script and the other is to render css script. But the two threads are mutually exclusive.
    • Reflow (rearrangement): reflow occurs when some or all elements of render tree need to rebuild the page due to changing their own width and height, layout, display or hiding, or the text structure inside the element.
    • Redrawing: redrawing occurs when the width, height, layout, display or hiding of an element have not changed, but only the appearance style of the element has been changed.
    • Conclusion: reflow must trigger redrawing, but redrawing does not necessarily trigger reflow.
    • How to avoid backflow: 1. Do not use attributes that can trigger backflow; 2. Create a layer, let reflow in the layer, limit the scope of reflow and redraw, and reduce the calculation workload of the browser.
  3. What is sql injection and how to prevent it

    • sql injection is an attack method that adds sql code to the input parameters and passes it to the sql server for analysis and execution. sql injection attack is that the input parameters are directly spliced into sql statements without filtering, analyzed and executed to achieve unexpected behavior.

    • How to prevent

      • Strictly check the type and format of input variables

        • 1. Strong check of parameter id of numeric type (empty) and verification of is_numeric() for digital verification)
        • 2. Verification of string type parameters (regular verification)
      • Filter and escape special characters

        • Use the php function addslashes() to escape these special characters:

        1. Single quotation mark (') 2 Double quotation mark (") 3. Backslash (\) 4. NULL

        • The function mysqli in php extension with mysqli_real_escape_string()

        • Using precompile mechanism (mysqli and pdo)

          • mysqli precompiled example
          <?php
               
                  $mysqli = new mysqli("localhost","root","root","dbname");
                  $mysqli->query("set names utf8");
                  $sql = 'insert into user(id,name,age,email) values (?,?,?,?)';
                  $mysqli_stmt = $mysqli->prepare($sql);
               
               
                  $id = 2;
                  $name = 'kung';
                  $age = 28;
                  $email = 'ohdas@163.com';
                  
                  $mysqli_stmt->bind_param('isis',$id,$name,$age,$email);
               
                  $res = $mysqli_stmt->execute();
               
                  if(!$res){
                      echo 'error'.$mysqli_stmt->error;
                      exit;
                  }else{
                      echo 'ok';
                  }
               
                  $id = 3;
                  $name = 'xiaoyu';
                  $age = 28;
                  $email = 'kung-yu@163.com';
               
                  $mysqli_stmt->bind_param('isis',$id,$name,$age,$email);
                  $res = $mysqli_stmt->execute();
               
                  if(!$res){
                      echo 'error'.$mysqli_stmt->error;
                      exit;
                  }else{
                      echo 'ok';
                  }
              ?>
          
          • PDO precompiled example

            <?php
                $dns = 'mysql:dbname=dbname;host=127.0.0.1';
                $user = 'root';
                $password = 'root';
            try{    
                $pdo = new PDO($dns,$user,$password);
            } catch(PDOException $e){
                echo $e->getMessage();
            }
                $pdo->query("set names utf8");
                
                $sql = 'inser into user values(:id,:name,:age,:email)';
                $pdo_stmt = $pdo->prepare($sql);
                
                $id = 2;
                $name = 'kung';
                $age = 27;
                $email = 'ohdas@163.com';
             
                $pdo_stmt->bindParam(':id',$id);
                $pdo_stmt->bindParam(':name',$name);
                $pdo_stmt->bindParam(':age',$age);
                $pdo_stmt->bindParam(':email',$email);
                $pdo_stmt->execute();
            ?>
            
        • DQL statement precompiling (mysqli example)

          <?php
              $mysqli = new mysqli("localhost","root","root","dbname");
              $mysqli->query("set names utf8");
              $sql = " select id,name from user where id > ?";
              $mysqli_stmt = $mysqli->prepare($sql);
              
              $id = 1;
              $mysqli_stmt->bind_param('i',$id);
              $mysqli_stmt->bind_result($id,$name);
              $mysqli_stmt->execute();
              
              while($mysqli_stmt->fetch()){
                  echo $id.'--'.$name;
              }
           
              $mysqli_stmt->close();
              $mysqli->close();
          ?>
          

  4. What is csrf attack

    • CSRF (Cross Site Request Forgery) is also known as one click attack or session riding. Its full Chinese name is cross site request forgery.
    • How to prevent
      • Validate HTTP Referer field
      • Use verification code
      • Add a token to the request address and verify it
      • Customize the attribute in the HTTP header and verify it
  5. What's the difference between a cookie and a session

    • Session is a data structure saved in the server to track the user's status. This data can be saved in clusters, databases and files;
      Cookie is a mechanism for the client to save user information. It is used to record some user information. It is also a way to realize Session.
    • Data storage location: the Cookie is saved in the client browser, while the Session is saved on the server
    • Security: cookies are not very secure. Others can analyze cookies stored locally and cheat cookies. Considering security, session should be used.
    • Server performance: the session will be saved on the server for a certain period of time. When access increases, it will occupy the performance of your server. Considering reducing the performance of the server, cookie s should be used.
    • Data size: the data saved by a single cookie cannot exceed 4K. Many browsers restrict a site to save up to 20 cookies.
    • Importance of information: it can be considered to store important information such as login information as a session. If other information needs to be retained, it can be put in a cookie.
  6. What is 16ms optimization?

    • The refresh rate of most devices is 60 times / second, (1000/60 = 16.6ms), which means that the browser's rendering of each frame should be completed within 16ms. Beyond this time, the page rendering will appear stuck phenomenon, affecting the user experience.

Tags: Interview

Posted by scm24 on Thu, 19 May 2022 17:59:27 +0300