owasp web security

// Ps: I thought this was a problem caused by accidental configuration errors. However, when I was bored in recent days, I found that there were hundreds of sites with similar problems, so here is a rough summary! We usually encounter this problem. Direct access to sensitive information of applications deployed in a web container is forbidden. However, when two web containers are used together, due to

He is a well-known security writer with over 10 years of IT experience and has 16 years of experience in the financial industry. He is the founder and managing director of Cobweb Applications. The company provides IT training and data security and analysis support. Q: We have just finished building a WEB application. I want to know which

the blockchain website security detection, and the process of security infiltration, found a lot of web site vulnerabilities, for the blockchain vulnerability we summarized as follows: The general presence of Web site vulnerability exists in the site of the logical loophole, in the member registration, member login, b

HackerUsing the website operating system'sVulnerabilitiesAndWebThe SQL injection vulnerability of the service program is controlled by the Web server. If the Web content is tampered with, important internal data is stolen. More seriously, malicious code is embedded into the Web page, attackers can infringe on website visitors. As a result, more and more users are

A. Why Web security technology is generatingEarly on: The World Wide Web (Wide) consists only of Web sites, which are basically repositories of static documents. This information flow is transmitted only by the server to the browser one-way. Most sites do not validate the legality of the user.Today: already quite diffe

training sessions, and industry meetings, as long as you have mastered the following five common ASP. NET application security defects and recommended correction solutions can take the lead to integrate indispensable security factors into the birth of the application. 1. Do not blindly trust user input In web application development, the biggest mistake for

Common Web Server:apache Httpd, Nginx, Lighthttp. Web Server Security: Whether it is secure + provides security features that are available.Apache SecurityApache's vulnerability is mostly caused by Apache's module, which has few core high-risk vulnerabilities. There are few high-risk vulnerabilities to the default boot

Server aspects1, the first is to NTFS format, and reduce user rights such as users, FAT32 format of the disk does not have permission settings, there is no security can be said; 2, the next is a patch to the full, otherwise the server in the Trojan, that nothing is in vain; 3, then disable the risk of building and service items, this is more difficult, if the simple application of good, if the server running a more tangled program, it is likely beca

Web security is closely related to your application environment and usage. At present, enterprise users are all developing towards full business. The focus of the security situation has evolved from the old network security to application security and full business

Although firewalls are highly efficient in preventing network intrusion and have become a key factor in submitting Secure Web sites and services, all these security measures are achieved at a high cost. In short, the firewall limits performance and scalability. Because the firewall is an online device that may cause a single fault point, it will reduce the network availability. Combining the firewall techno

This article transferred from: http://www.cnblogs.com/TankXiao/archive/2012/03/21/2337194.html The XSS full name (cross site Scripting) multi-site Scripting attack is the most common vulnerability in Web applications. An attacker embeds a client script (such as JavaScript) in a Web page, and when the user browses to the page, the script executes on the user's browser to achieve the attacker's purpose. For e

First, the purposeThis standard is part of the Information system security technology standard, the main purpose is to provide security standards for our "Nginx Web server" configuration according to the Information security management policy requirements. Second, scopeThis specification applies to all our Nginx

In the current Internet era, homepage has become an important means to establish a company image and display itself. It is especially important to configure a powerful and secure Web server. Among many Web Server products, Apache is the most widely used product and a very secure program. However, Apache also has security defects like other applications. This arti

Java Web series: Spring Security Basics, springsecurity Although Spring Security is much more advanced than JAAS, it is still inherently inadequate and cannot achieve authentication and authorization in ASP. NET. Here we will demonstrate the common functions of logging on, logging off, and remembering me. the user-defined providers for authentication avoid depend

and concept of indoctrination. The connotation of SSL certificate is not as simple as it is imagined.wosign-Root certificate Displays trusted Root certification authorities in IE or Firefox browserFor how to implement the data transmission in the customer's website encryption and authentication of the real identity of the site, has been the security industry to continuously upgrade the power of technical standards, more practitioners and experts will

Author: Xuan soul Security Technology Zone http://space.cnblogs.com/group/group_detail.aspx? Gid = 100566 Web security practices (1) HTTP-based Architecture Analysis Common Tools Web security practices (2) HTTP-based Web Architect

Best security practices for 20 Nginx Web ServersNginx is a lightweight, high-performance Web server/reverse proxy and email proxy (IMAP/POP3) that can run on UNIX, GNU/Linux, BSD variants, mac OS X, on Solaris and Microsoft Windows. According to the Netcraft survey, 6% of domain names on the Internet use Nginx Web serv

file upload directory is set to not executable; 2. Determine the file type, set a whitelist. For image processing, you can use the compression function or the Resize function to manipulate the image while destroying the HTML code that may be included in the image; 3. Overwrite the file name and path with a random number: one that cannot be accessed after uploading Again, such files as Shell.php.rar.rar and crossdomain.xml will not be able to attack because of renaming; 4. Set the domain name of

Apache Web page and security optimization? Apache is a cross-platform Web server, because of its simple and efficient, stable security features, is widely used in computer technology in all areas. Now, with its huge number of users, Apache has become the number one Web