Cloud Security

"For large software companies or major deployments such as banks or health care firms with large custom software bases, investing in software security can prove to be valuable and provide a measurable return on investment, but that's probably not

I talked about the security of iOS games in-house purchases, archive security, and memory security on my blog. In fact, there is also a very popular problem, but it is regarded as a chicken problem, that is, iOS IPA cracking, because most domestic

Especially Thx's idea :) On the 16th, foreigners announced an unrepaired XSS 0-day release of Alibaba player. Player player is the most widely used flash player in the world, especially for many online love action movie websites abroad. Prior to

I. Vulnerability descriptionSecurity company Bluebox Security recently claims that they have discovered vulnerabilities that may affect 99% devices in the Android system. According to this statement, this vulnerability has existed since Android 1.6 (

Cause: the plaintext account and password are submitted with GET during login. Hazard: 1. The account is not bound with the AD account, although not harmful, however, because the system stores the company's organizational structure and detailed

After a Linux user logs on to login, it carries a user ID (UID) and a group ID (GID ). In the Linux File Management background, we can see that each file has nine more permissions to indicate which users are allowed to perform the operations (read,

Http://www.4.cn gold network through the verification code on the brute force cracking prevention, when you log on to an account with a wrong password, you need to enter the verification code to log on again. Many developers also use the

Most of the time, we don't care too much about character encoding. For Chinese websites, we generally use gb2312, gbk, and gb18030, or UTF-8. However, we may not know how to select different codes, which may lead to program design defects.

I did not know where I saw an article yesterday (probably on the Phantom brigade or a BLOG of a security enthusiast). I said that I used the file name to download the database, it seems like adding "%" to the file name, so IE will request a

I found that even if xp_mongoshell is unavailable, it is still possible to run CMD on the server and get the echo result. here we need to use several other system stored procedures on the SQL SERVER: sp_OACreate, sp_OAGetProperty and sp_OAMethod.

Source: Tianji blog Before taking the IT Certification Examination, I am used to searching online. After a stroll, I accidentally came to the Chinese site of PROMETRIC. The author found that the entire site is an ASP program. Besides, there is a

With the rise of the Internet, more and more people want to own their own websites, but many people do not know website or do not have time to do it, so borrowing others' source code has become a popular method. Because of this, it has created such

The following methods are provided to describe website fraud. These methods do not teach you how to perform website fraud, but do not use them to engage in illegal activities. The method is as follows: Fake website: Domain names of such websites are

Xss is very popular now. in addition, xss tools are everywhere. As a result, just like sqlinj, many websites are hard to find obvious xss bugs. In the past, we used to search for xss in black boxes, and the results were very obvious, for white boxes,

Author: TheLostMindSource: Brilliant notes Since I last found a WebShell management website from the Internet, I found a backdoor, infected with a Trojan, and the database was damaged. So far, it has not been repaired ...... So be especially careful

By: jannockHttp://jannock.cnblogs.com/---------------------------Introduction:CSDN is short for chinese software develop net and is a chinese software development alliance.China's largest developer technology community---- Official website of

In a supply and demand information published on the site to test the page http://www.xxx.com/new/new.asp? Id = 49 I did the following test :( 1) http://www.xxx.com/new/new.asp? Id = 49'Microsoft ole db Provider for ODBC Drivers error

Security testing is a process for verifying the security services of applications and identifying potential security defects.Note: Security Testing does not ultimately prove that the application is secure, but is used to verify the effectiveness of

Http://www.thespanner.co.uk/2009/05/08/opera-xss-vectors/ It turns out I was right. originally I thought the protocols reported by my javascript fuzzer were false positives but as like lots of my code it seems to know better than me I tested the

Above (《Web Application Security Series: install and configure WVS (1)") We talked about how to configure a proxy server and how to configure HTTP proxy settings and SOCKS proxy settings. To sniff HTTP Communication, you must configure the web