I like the book "White Hats Talking about Web Security" by Dao. There is a sentence in the book that I still remember deeply. "The Internet was originally safe. Since there are people who study security, the Internet has become insecure. "".
At first, people who researched computer systems and networks were called "Hacker". They had in-depth knowledge of computers, so they were often able to discover the problems. Hacker Chinese transliteration hackers, hackers are black and white, white hats are those who are proficient Security experts, but technical experts working in the field of anti-hacking, and black hats are groups that use hacking techniques to cause damage or even commit cybercrime.
The rise of firewall technology has changed the pattern of Internet security. Network equipment manufacturers such as Cisco and Huawei have begun to pay attention to network security in network products, and finally changed the trend of Internet security. The rise of firewall and ACL technology has made them directly exposed to the Internet. The above system is protected. For example, the data of a website can be used. In the case of no protection, the database service port allows anyone to connect at will. With the protection of the firewall, only access from trusted sources can be controlled through acl To a large extent, this ensures that the system software is within the trust boundary, and most of the attack sources are eliminated.
The shockwave worm in 2003 was a milestone event. This worm targeting the Windows operating system RPC service (running on port 445) swept the world in a short period of time, causing millions of machines to be infected. The loss is incalculable.
At the end of 2011, the Chinese Internet was involved in the biggest security crisis in history. On December 21, the largest developer community in China, CSDN, was hacked to publish data on 6 million registered users on the Internet Yes, CSDN stores the user's password in plain text in the database. Next, like a grand symphony, hackers subsequently released databases of many large websites such as NetEase, Renren, Tianya, Maopu, and Duowan.
The emergence of SQL injection is a milestone in the history of web security.
The emergence of xss (cross-site scripting attack) is another milestone in the history of web security.
If new technologies are considered when the new technology is not available at the beginning, the defense technology will inevitably lag behind the attack technology.
