阿里巴巴集团web安全标准Ver1.4

集团web安全标准

ver

目的

本文档是为了让大家对各种web安全威胁的产生原因、常见攻击手段有更深入的了解，并且作为各种web安全威胁的修补方案标准，以便大家能够快速的定位漏洞代码和解除安全隐患。

目录

二零一零年 ....................................................................... 错误！未定义书签。 阿里巴巴（http://www.77cn.com.cn） .............................................. 错误！未定义书签。 目的 ............................................................................................................................ 2 使用范围 .................................................................................. 错误！未定义书签。 适合读者 .................................................................................. 错误！未定义书签。 版本控制 .................................................................................. 错误！未定义书签。 分发控制 .................................................................................. 错误！未定义书签。 第一章 页面展示 .............................................................................................................. 5

Cross Site Script ........................................................................................................... 5

安全威胁 ............................................................................................................ 5 代码示例 ............................................................................................................ 5 攻击实例 ............................................................................................................ 6 解决方案 ............................................................................................................ 7 FLASH ........................................................................................................................ 10

安全威胁 .......................................................................................................... 10 代码示例 .......................................................................................................... 10 攻击实例 .......................................................................................................... 10 解决方案 .......................................................................................................... 12 Third-party script references .................................................................................... 14

安全威胁 .......................................................................................................... 14 代码示例 .......................................................................................................... 14 攻击方法 .......................................................................................................... 15 解决方案 .......................................................................................................... 15

第二章 伪装 .................................................................................................................... 15

Cross-Site Request Forgery ....................................................................................... 15

安全威胁 .......................................................................................................... 15 代码示例 .......................................................................................................... 15 攻击实例 .......................................................................................................... 16 解决方案 .......................................................................................................... 17

URL redirect .............................................................................................................. 18

安全威胁 .......................................................................................................... 18 代码示例 .......................................................................................................... 18 攻击方法 .......................................................................................................... 18 解决方案 .......................................................................................................... 20

第三章 注入 .................................................................................................................... 20

SQL injection ............................................................................................................. 20

安全威胁 .......................................................................................................... 21 代码示例 .......................................................................................................... 21 攻击实例 .......................................................................................................... 22 解决方案 .......................................................................................................... 22 Code injection ........................................................................................................... 23

安全威胁 .......................................................................................................... 23 代码示例 .......................................................................................................... 23 攻击实例 .......................................................................................................... 24 解决方案 ................................................................................................ …… 此处隐藏：16626字，全部文档内容请下载后查看。喜欢就下载吧 ……