webroot web security

Web security practice (6) Information Extraction from web Application Analysis The web security practice series focuses on the practical research and some programming implementation of the content of hacker exposure-web Applicatio

Notes on Authoritative Web Application Security Guide and authoritative web application guideThe Authoritative Web Application Security Guide jumps to: navigation, search Same-origin policy: External webpage JS cannot access the internal content of iframe XSS: inject externa

Web security practice (2) Analysis of http-based web architectureThe web security practice series focuses on the practical research and some programming implementation of the content of hacker exposure-web Application

Course Overview:In web security testing, with the help of the right tools, we can improve our testing efficiency and expand our testing ideas. This lesson will introduce browser and extension, Agent grab packet, sensitive file detection, vulnerability scanning, injection detection, target information collection of common tools usage and test ideas.Course Outline:NOTES:0. Pre-class instructionThe first two c

Author: Xuan soul Prerequisites: None This series navigation http://www.cnblogs.com/xuanhun/archive/2008/10/25/1319523.html Security Technology Zone http://space.cnblogs.com/group/group_detail.aspx? Gid = 100566 Preface The web security practice series focuses on the practical research and some programming implementation of the content of hacker exposure-

Large Web site technology Architecture (i)--large-scale website architecture evolutionLarge Web site technology Architecture (ii)--Architecture modeLarge Web site technology Architecture (iii)--Architecture core elementsLarge Web site technology Architecture (iv)--high-performance architecture of the websiteLarge

Whether it is a Web-based application system or a Web website, they all face various security threats with unstable sources. Some of them have been discovered and have identifiable fixed characteristics, which are different from the website design and code and the behavior habits of attackers. All these are security is

From the birth of the Internet, security threats have been accompanied by the development of the website, a variety of web attacks and information leakage has never stopped. Common attack methods include XSS attack, SQL injection, CSRF, session hijacking, and so on.1. XSS attackAn XSS attack is a cross-site scripting attack in which hackers manipulate web pages,

Author: Xuan soul Web security practices navigation http://www.cnblogs.com/xuanhun/archive/2008/10/25/1319523.html Security Technology Zone http://space.cnblogs.com/group/group_detail.aspx? Gid = 100566 Preface The web security practice series focuses on the practical resear

Set Machine. config to the computer-level default value of the server application. If you want to force specific configurations for all applications on the server, you can use allowOverride = "false" on the For those settings that can be configured based on a single application, the application usually provides the Web. config file. Although multiple The main problem to consider is what settings should be forced by computer policies. This depends on

Web site by black generally refers to the site is injected Trojan or black chain, inject a variety of methods, there are SQL injection, there are Web site permissions injected and so on. The author takes IIS as an example to explain how to prevent the Web site from being hacked by some measures. 1, open the IIS Information Services Manager, under the "

Trojan Overview Malicious Program . Most of them will not directly cause damage to the computer, but are mainly controlled. Web Trojan (SPY)On the surface, it is disguised as a common webpage file or maliciousCodeDirectly insert a normal webpage file. When someone accesses the webpage, the webpage Trojan will automatically download the server of the configured Trojan to the visitor's computer using the system or browser vulnerability of the other

The web security flaw is that you need to do it yourself, and then do some basic analysis.Let me start with an analysis of the SQL injection risk.Bug:testfire site has SQL injection riskBug title: Testfire website > login page > Login box has SQL injection attack problem.1, SQL injection attacks: The attacker to insert SQL commands into the Web form of the Input

Author: Xuan soul Prerequisites: None This series navigation http://www.cnblogs.com/xuanhun/archive/2008/10/25/1319523.html Security Technology Zone http://space.cnblogs.com/group/group_detail.aspx? Gid = 100566 Preface The web security practice series focuses on the practical research and some programming implementation of the content of hacker exposure-

quotation mark and the double "-". Never use dynamically assembled SQL, either using parameterized SQL or directly using stored procedures for data query access. Never use a database connection with administrator rights, and use a separate limited database connection for each app. Do not store confidential information directly, encrypt or hash out passwords and sensitive information. The exception information applied should give as few hints as possible, preferably using a custo

Web for Pentester is a penetration testing platform developed by foreign security researchers, which allows you to learn about common Web vulnerability detection techniques.Download link and document Description:http://pentesterlab.com/exercises/web_for_pentester/"Installation Process"1. Mount the image in the virtual machine. After downloading the iOS image, cre

you decide (note that Windows2000 and Windows XP are under System32). HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX compatibility\ under active Setup Controls creates a new key value {6e449683_c509_11cf_aafa_00aa00 b6015c} based on the CLSID, and then creates a REG_DWORD-type key compatibility under the new key value. and set the key value of 0x00000400 can be. and Windows\command\debug.exe and Windows\ftp.exe to change their names (or delete them). Some of the latest popul

In Gartner's information security Report of August this year, NGFWS, in principle, does go beyond the state port and protocol filtering mechanism of the common firewall, which can perform part of the intrusion prevention function based on deep packet detection technology, and on some high-end devices, can also provide port/ The identity attribute management and policy execution function of a protocol-independent application. The report also highlight

Related Settings for IIS: Delete the virtual directory of the default established site, stop the default Web site, delete the corresponding file directory c:inetpub, configure the public settings for all sites, and set up the relevant number of connection limits, bandwidth settings, and other settings such as performance settings. Configures application mappings, removes all unnecessary application extensions, and retains only asp,php,cgi,pl,aspx app

According to the statistics of the network security events received and processed by CNCERT/CC in the first half of this year, the actual situation of Internet security in China is still not optimistic. Various cyber security incidents have increased markedly compared with the same period last year. Over the past six months, CNCERT/CC received phishing events and