The first World view Security 1th Chapter My security worldview security three elements: confidentiality, completeness and availability 1. 2. Classification of assets; 3. Threat analysis; 4. Risk analysis; Confirm the solution; Threat Analysis: Risk analysis-dread Model: White Hat Art of War: 1. Security by default blacklist, whitelist principle, minimum privilege principle, 2. Defense-in-depth defense principle in different aspects and different levels; right place to do the right thing; 3. Data is separated from code 4. The principle of unpredictability makes it impossible for an attacker to effectively execute an attack the second Client Script security 2nd Chapter Browser Security Chapter 3rd cross-site Scripting Attack (XSS) Chapter 4th cross sites request forgery (CSRF) 5th Chapter Click Hijack (ClickJacking) 6th Chapter HTML 5 Security Third Server-side Application Security 7th Injection Attack Chapter 8th File Upload Vulnerability 9th Chapter Certification Session Management 10th Chapter access control 11th encryption algorithm and random number 12th Chapter Web Framework Security 13th Chapter Application Layer Denial of Service attack 14th Chapter PHP Security 15th Chapter Web Server Configuration security Fourth article Internet Company Security Operations 16th Chapter Internet Business Security 17th Chapter Security Development Process (SDL) Chapter 18th Security Operations
White Hat Talk Safety study Note (a): World view Security