網站的安全防護 (使用ESAPI)
網站的安全防護有什麼什麼可以參考的 opensource lib?
這裡我們介紹的就是 ESAPI,這篇文章主要說明下列幾種威脅的防護
- Information Leakage
- Broken Authentication
- Insecure Storage
- Insecure Communications
- Failure to restrict URL
什麼是ESAPI?
ESAPI 是OWASP的一個開源專案, 該專案框架提供網站安全編碼的設計框架
讓開發人員可以直接使用得到網站防護的效果, 而不用重新開發網站防護的機制
錯誤的處理
駭客常利用錯誤處理不當或是額外的錯誤訊息來進行攻擊
ESAPI提供相對完整的錯誤處理方式與日誌
| Exception Summary | |
|---|---|
| AccessControlException | An AccessControlException should be thrown when a user attempts to access a resource that they are not authorized for. |
| AuthenticationAccountsException | An AuthenticationException should be thrown when anything goes wrong during login or logout. |
| AuthenticationCredentialsException | An AuthenticationException should be thrown when anything goes wrong during login or logout. |
| AuthenticationException | An AuthenticationException should be thrown when anything goes wrong during login or logout. |
| AuthenticationHostException | An AuthenticationHostException should be thrown when there is a problem with the host involved with authentication, particularly if the host changes unexpectedly. |
| AuthenticationLoginException | An AuthenticationException should be thrown when anything goes wrong during login or logout. |
| AvailabilityException | An AvailabilityException should be thrown when the availability of a limited resource is in jeopardy. |
| CertificateException | A CertificateException should be thrown for any problems that arise during processing of digital certificates. |
| ConfigurationException | A ConfigurationException should be thrown when a problem arises because of a problem in one of ESAPI’s configuration files, such as a missing required property or invalid setting of a property, or missing or unreadable configuration file, etc. |
| EncodingException | An EncodingException should be thrown for any problems that occur when encoding or decoding data. |
| EncryptionException | An EncryptionException should be thrown for any problems related to encryption, hashing, or digital signatures. |
| EncryptionRuntimeException | An EncryptionRuntimeException should be thrown for any problems related to encryption, hashing, or digital signatures. |
| EnterpriseSecurityException | EnterpriseSecurityException is the base class for all security related exceptions. |
| EnterpriseSecurityRuntimeException | EnterpriseSecurityRuntimeException is the base class for all security related runtime exceptions. |
| ExecutorException | An ExecutorException should be thrown for any problems that arise during the execution of a system executable. |
| IntegrityException | An IntegrityException should be thrown when a problem with the integrity of data has been detected. |
| IntrusionException | An IntrusionException should be thrown anytime an error condition arises that is likely to be the result of an attack in progress. |
| ValidationAvailabilityException | |
| ValidationException | A ValidationException should be thrown to indicate that the data provided by the user or from some other external source does not match the validation rules that have been specified for that data. |
| ValidationUploadException | |
認證與授權處理
[pastacode lang=”java” message=”” highlight=”” provider=”manual”]
public void doPost(ServletRequest request, ServletResponse response) {
try {
User user = ESAPI.authenticator().login(request, response);
// continue with authenticated user
} catch (AuthenticationException e) {
// handle failed authentication (it's already been logged)
}
[/pastacode]
ESAPI Authentication參考
http://www.owasp.org/index.php/Top_10_2007-Broken_Authentication_and_Session_Management
https://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/Authenticator.html
ESAPI 加密
https://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/Encryptor.html
[pastacode lang=”java” message=”” highlight=”” provider=”manual”]
String myplaintext = "My plaintext";
try {
CipherText ciphertext =
ESAPI.encryptor().encrypt( new PlainText(myplaintext) );
PlainText recoveredPlaintext = ESAPI.encryptor().decrypt(ciphertext) );
assert myplaintext.equals( recoveredPlaintext.toString() );
} catch(EncryptionException ex) {
// Log error then return error designation however appropriate.
}[/pastacode]
Insure Communication
確保資料傳輸過程中是加密處理, 也就是透過 TLS / SSL 傳輸
可以使用ESAPI
void assertSecureChannel(javax.servlet.http.HttpServletRequest request)
throws AccessControlException
[pastacode lang=”java” message=”” highlight=”” provider=”manual”]
ESAPI.httpUtilities().assertSecureChannel();[/pastacode]
Failure to restrict URL Access
https://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/AccessController.html
針對網站資源的授權認證檢查 ESAPI提供完整的驗證檢查, 參考如下
| Method Summary | |
|---|---|
void |
assertAuthorized(java.lang.Object key, java.lang.Object runtimeParameter)assertAuthorized executes the AccessControlRule that is identified by key and listed in the resources/ESAPI-AccessControlPolicy.xml file. |
void |
assertAuthorizedForData(java.lang.String action, java.lang.Object data)Checks if the current user is authorized to access the referenced data. |
void |
assertAuthorizedForFile(java.lang.String filepath)Checks if the current user is authorized to access the referenced file. |
void |
assertAuthorizedForFunction(java.lang.String functionName)Checks if the current user is authorized to access the referenced function. |
void |
assertAuthorizedForService(java.lang.String serviceName)Checks if the current user is authorized to access the referenced service. |
void |
assertAuthorizedForURL(java.lang.String url)Checks if the current user is authorized to access the referenced URL. |
boolean |
isAuthorized(java.lang.Object key, java.lang.Object runtimeParameter)isAuthorized executes the AccessControlRule that is identified by key and listed in the resources/ESAPI-AccessControlPolicy.xml file. |
boolean |
isAuthorizedForData(java.lang.String action, java.lang.Object data)Checks if the current user is authorized to access the referenced data, represented as an Object. |
boolean |
isAuthorizedForFile(java.lang.String filepath)Checks if the current user is authorized to access the referenced file. |
boolean |
isAuthorizedForFunction(java.lang.String functionName)Checks if the current user is authorized to access the referenced function. |
boolean |
isAuthorizedForService(java.lang.String serviceName)Checks if the current user is authorized to access the referenced service. |
boolean |
isAuthorizedForURL(java.lang.String url)Checks if the current user is authorized to access the referenced URL. |
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet
https://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/overview-summary.html