Network security learning notes 01 network security foundation

Learning notes The main content is information security /web Security / Penetration test

domain name

A domain name is a string of names separated by dots Internet The name of a computer or computer group on , Locate the computer during data transmission .

Secondary domain name classification

DNS The domain name system

The domain name system （Domain Name System）. It is a domain name and IP A distributed database with address mapping , Make it easier for people to access the Internet .DNS Use UDP port 53. The limit for the length of each level of domain name is 63 Characters , The total length of the domain name cannot exceed 253 Characters .
When we visit a domain name , The system will automatically start from Hosts Look for the corresponding IP Address , Once found , The system will immediately open the corresponding web page , If not found , Then the system will submit the website again DNS Domain name resolution server IP Address resolution .

CDN：Content Delivery Network, The content distribution network . It is a distributed content distribution network built on data network . It can improve the response speed of the system , It can also intercept to a certain extent /f Defense attacks

Common domain name attacks ：DNS ddos Domain name hijacking DNS hijacked Cache poisoning

WEB Basics

WEB Source class corresponding vulnerabilities ：SQL Inject , Upload ,XSS, Code execution , Variable coverage , Logical loopholes , Deserialization, etc
WEB Middleware corresponding vulnerabilities ： Unauthorized access , Variable coverage
WEB Database corresponding vulnerabilities ： Weak password , Elevated privileges
WEB System layer corresponding vulnerabilities ： Raise the right , Remote code execution

Penetration test

Penetration test , also called “ White hat hacker ” test , For the purpose of enhancing security , Use the same technology as malicious attackers 、 Strategies and means , Investigate the security of a given organization 、 Evaluation and testing
Penetration testers are well trained 、 Rich skills , A security expert who can understand system weaknesses and locate them . By adopting a comprehensive set of technologies 、 The procedures of administrative and physical means resist the loopholes in the system ：

Technical means ： Virtual private network （VPN）、 Cryptographic protocol 、 intrusion detection system 、 Intrusion prevention system 、 Access control list 、 Biometric technology 、 Smart card technology and other devices to improve security ;
Administrative means include the application of policies 、 Rules strengthen rules ;
Physical means include cable locks 、 Device lock 、 Alarm system, etc .

Scripting language

Scripting language is also called extended language , Or dynamic language , Is a programming language , Used to control software applications .

asp php aspx jsp javaweb pl py cgi etc.
Script （asp,php,jsp）（ Dynamic scripting language ）
html（scc,js,html）（ Static scripting language ）

Static scripts do not interact with the database , It runs directly on the local browser , And it's very fast , But you can directly view the source code ;

Dynamic scripts interact with databases , Is running on the web Server , The execution result is displayed （ You can also run in the browser , Source code can be seen ）

Reference material ：
official account 0x00 laboratory , Interested friends suggest reading tweets