Home > Others

Brief discussion on (safety) test Note II

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

In addition to the normal functional testing, we consider more of the anomaly test, what should be done when the anomaly test?

1. Intercept and modify post requests

Once the request is intercepted, the content of the request header can be arbitrarily increased, deleted and modified

2. Bypass the input limit

Intercept requests, enter super-long content, and if you receive errors such as Error 500:internal server error, be sure to check the server and the app to find deeper reasons. This indicates that there is too little input validation done.

Even if there is a proper input validation, it is possible to ignore the input length, repeatedly commit such a long input, the server's memory may be filled, and the application's response speed will become more and more slow, it will eventually slow like frozen

This is a form of denial of service.

3. Tampering with URLs

Manually to modify the URL, such as http://example.com/web/this URL

can modify Http://root:[email protected]:8080/web/main.php?readonly=false&section=1;

If you have a URL with key=value content, you can add more random key=value content before or after, to try to find the inferior code

4, automatically modify the URL

http://www.squarefree.com/pornzilla/

For the URL contains a number of variables, you can use the above tools in Firefox batch build connection, you can choose to manually click or copy the save, with curl or wget, such as the following

5. Test the processing of URL length

6, editing Cookies,cookise store a lot of users of information, when you can edit cookies, you can consider the security aspects of testing.

When editing cookies, it is important to consider the coding method described in the previous section, which is useful if the authentication can be easily predicted.

7. Uploading files or large files with malicious names

Many XML parsers leave the entire XML structure in memory when parsing XML, and billion laughs attacks are based on this. The entity of this document references the

Two times the previous entity, so when each entity is parsed correctly, there will be billions of ha in memory, usually draining the program's available memory

The XML processor in Windows XP is the victim of this attack and cannot be placed on the desktop or in any system directory

Brief discussion on (safety) test Note II

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
short note on html short note on browser short note on http short note on cookies short note on soap short note on ascii code write short note on html

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More