Xiaodi network security - Notes (3)

1. Common build platform scripts are enabled

ASP PHP ASPX SP PY JAVAWEB Such as the environment

2. domain name IP Directory resolution security issues

IP Address access can find more information, and often find program source code backup files and sensitive information , Domain name access can only find
All files in one folder . Support when building the website IP Access and domain name access , When visiting a domain name, it usually only points to a
A catalog ,IP When accessing, it points to the root directory

3. Common file suffix resolution corresponds to security

  Specifies that the suffix corresponds to a file , When you visit a website and encounter a file that cannot be parsed, the middleware may default or add some settings, resulting in
There was a problem parsing

4. Safety protection in common safety tests
（1）. There will be... On the intranet of the school and inside and outside the enterprise , It will restrict external personnel from accessing the internal network , Limit IP Address , Regulate the permissions of visitors

（2）. Authentication and access control , User based restrictions

3. Limit IP Address access , Authorized access - Only specified IP The address can be accessed . Access denied - Appoint IP Address denied access
Be careful ： stay windows In the authority of , With permission, click reject , Rejection is greater than permission ！！！

                                                                      、

 5.WEB Back door and user and file permissions

Folder settings related permissions , Disable guest user permissions , Cause the connected back door to see nothing , It's a protective skill , It is also a common problem in security testing

Set execution permission , No execution permission , The file is not executed , The code will not execute properly , The back door won't work properly

Bypassing ideas ： Try putting the back door in another executable Directory , For example, there are scripts stored under the directory
Be careful ： The back door cannot be placed in the root directory , If the back door is placed under the root directory, it cannot be executed