Web foundation of network security note 02

About web Source code

web Source code is an important information breakthrough of code audit vulnerability , The main knowledge points include contents 、 Script 、 Application etc. .

web Directory structure ：
It is divided into background directories 、 The template directory 、 Database directory 、 Database configuration file .

The script type ：
It mainly includes ASP、PHP、ASPX、JSP、JAVAWEB、Python.

Application classification ：
Portal corresponds to comprehensive vulnerabilities , E-commerce corresponds to business logic vulnerabilities , Forum correspondence XSS Logical loopholes 、 Blog vulnerability is less 、 The third party mainly depends on the function .

Supplementary contents include framework and non framework 、CMS distinguish 、 Open source or internal vulnerability audit and testing .

web Key files in the source code

Backstage path , Database configuration file , Backup file
backstage : It usually refers to those program methods that bypass security control and obtain access to programs or systems . In the software development phase , Programmers often create backdoors in software so that they can modify defects in programming .
In security testing , Back door open source makes it easier to connect to the host , When obtaining host permission , Backdoor open source acts as a command console .

What we need to pay attention to is whether the back door gives permission , Whether to give permission to operate directories or files , Whether to give other users permission .

Reference material ：
official account 0x00 laboratory , If you are interested, please go to twitter