Log4j vulnerabilities haven't been cleaned up yet, and new vulnerabilities are coming again. ...

It has been more than ten days since Apache Log4j 2, which has made a lot of noise, was exposed as a "nuclear bomb-level" vulnerability. It is said that nearly half of the enterprises in the world have been affected.

A large number of R&D and security personnel worked overtime to fix bugs for this late night until today.

The repair of Log4j vulnerability is still in progress, but new vulnerabilities have emerged.

According to Wiz, a cloud security provider, there is a vulnerability named "NotLegit" in Microsoft's Azure application service-this vulnerability will affect all PHP, Node, Ruby and Python applications deployed through "local git".

Wiz called the vulnerability "NotLegit", which has existed since September 20 17 and is likely to have been exploited. Wiz pointed out that the only application that is not affected by the "NotLegit" vulnerability is an IIS-based application, and the specific scope of influence includes:

Since September 20 17, all PHP, Node, Ruby and Python applications deployed with "local Git" have been used in the Azure application service;

From September 20 17, all PHP, Node, Ruby and Python applications deployed in the Azure application service will use Git source code after creating or modifying files in the application container;

After understanding the seriousness of the problem, Microsoft quickly took the necessary measures. Azure application service team conducted an in-depth investigation, found the root cause, and then repaired the application for most affected customers, and notified all customers who were still exposed by email from February 7 to February 7.

No. 1

Because of the wide range of Log4j vulnerabilities, many people who don't understand related technologies also know the concept of security vulnerabilities. For technology developers and security personnel, the problem of security vulnerabilities is actually very common and has become an important topic.

Common security vulnerabilities mainly include the following:

SQL injection

Web applications do not judge the legitimacy of user input data or do not strictly filter it. Attackers can add extra SQL statements at the end of predefined query statements in web applications, and realize illegal operations without the knowledge of administrators, thus deceiving the database server into making unauthorized and arbitrary queries and obtaining corresponding data information.

Invalid authentication.

The part of the application responsible for authentication and session management is not implemented correctly, which allows attackers to reveal passwords, passwords or tokens, and then may gain the identity of other users.

Sensitive data leakage

Attackers do not attack passwords directly, but steal keys from clients (such as browsers), launch man-in-the-middle attacks, or steal plaintext data from servers during transmission. This usually requires a manual attack. By using the graphics processing unit (GPU), the password database retrieved earlier may be violently cracked.

Ultra vires access

Breach of access control (BAC) is a common vulnerability in Web applications. Because of its wide coverage and great harm, OWASP ranks it as the second of the top ten security risks of Web applications.

Security error configuration

Attackers can gain unauthorized access to the system through unrepaired vulnerabilities, access to default accounts, pages that are no longer used, unprotected files and directories, etc.

XSS cross-site scripting attack

When a web page contains unreliable data, but there is no proper verification method to find it, XSS vulnerability will appear. XSS enables attackers to execute scripts in the victim's browser, thus hijacking the session or redirecting to a malicious site.

In fact, the reasons for security problems are far more than the above. In the Internet age, the problem of network security is far more serious than we thought.

second

With the development and popularization of the Internet, it has brought great convenience to our lives, but it has also left us with many problems, such as the disclosure of private data and the spread of computer viruses. Therefore, not only from the perspective of individuals or enterprises, the related issues of network security are the most important.

It is not easy for enterprises to recruit suitable safety inspection talents. It is not that the recruitment requirements of IT companies are harsh. The reality is that a large number of job seekers are limited by professional skills and cannot meet the needs of enterprises.

The safety test engineer's work focuses on the construction and maintenance of enterprise informatization, including technology and management, and his work is relatively stable. With the continuous growth of project experience and in-depth understanding of the industry background, it has irreplaceable competitive advantages in mastering the core network architecture and security technology of enterprises.