Cloud Security

Analysis of Cross-Site Request Forgery (CSRF) protection methods CSRF (Cross-site request forgery, also known as "one click attack" or session riding, usually abbreviated as CSRF or XSRF, is a type of malicious use of websites. (1) CSRF attack

Attack Big Data Application Analysis (I) 0x01 PrefaceWith the advent of the big data era, more and more big data technologies have been gradually applied to actual production. However, as a security personnel, our focus must be on security, what are

DoS attack analysis and Defense Analysis of 12 lines of JS Code There is a 12-line JavaScript code that can crash Firefox, Chrome, and Safari browsers, as well as restart the iPhone and crash android, the author of this article analyzes and

Technical Analysis of Long-standing path hijacking   Today, the technology I want to explain has existed for a long time, but as far as I know, there are not many articles that have explained this technology in detail and complete. Of course,

Analysis of QQ simulated login implementation It was originally issued together with the previous article. Later, it was put on hold.I'm glad to have been involved in the discussion and discussion. (B) slot (4). In fact, I don't have any advanced

CubeCart "char" parameter SQL Injection VulnerabilityCubeCart "char" parameter SQL Injection Vulnerability Release date:Updated on:Affected Systems: CubeCart Description: CVE (CAN) ID:CubeCart is an open-source shopping software.The SQL

CubeCart Cross-Site Request Forgery VulnerabilityCubeCart Cross-Site Request Forgery Vulnerability Release date:Updated on:Affected Systems: CubeCart Description: CVE (CAN) ID:CubeCart is an open-source shopping software.The HTTP request

PETYA ransomware: encrypts the entire hard disk and locks the user's computer Recently, security experts have discovered a new type of ransomware, Petya, which can cause a computer blue screen crash (BSoD) and before the operating system is loaded,

Analysis on storage encryption methods from Apple and FBI tearing X Earlier in the year, Apple and the FBI had a fierce fight against the public hall. The incident finally relied on the assistance of a third party (an Israeli criminal company) to

Classic algorithm learning-Bubble Sorting public function __construct($method, UriInterface $uri, HeadersInterface $headers, array $cookies, array $serverParams, StreamInterface $body, array $uploadedFiles = []){ $this->originalMethod =

99% of websites in Web security are ignored.   Web security is a problem that cannot be emphasized. We find that many websites in China do not implement full-site https, and there are few practices for other security policies, the purpose of this

An SQL injection vulnerability exists in the vivo app store. Rt   python sqlmap.py -u "http://main.appstore.vivo.com.cn/rec/newapps?nt=WIFI&u=-57806365&;model=vivo+Y13iL&density=1.5&pictype=webp&elapsedtime=13993004&screensize=480_854&an=4.4.4&imei=8

The SQL injection vulnerability exists in a website of maopu. Http://zone.wooyun.org/content/26213 Lady.mop.com/news/bencandy.php? Fid = 47 & aid = 908Existing Injection ParametersFind  Parameter: fid (GET) Type: boolean-based blind Title: AND

P2P Financial Security Sum credit, resetting login/transaction password, and other defects In the dark of the night, I dug a wave of data, only to find the big factory ~~~~~~~~~~~~ The final launch before January 1, April successfully completed the

A gps scheduling station of Anhua agricultural insurance has the java deserialization vulnerability, which can directly write a large amount of leaked policy information (name, mobile phone number, and other sensitive information) Http: // 221.8.57.

The SQL injection vulnerability exists in a website of maopu. The SQL injection vulnerability lady.mop.com/news/bencandy.php on a website in maopu? Fid = 47 & aid = 908 injection parameter findParameter: fid (GET)Type: boolean-based blindTitle: AND

A vulnerability in Taikang Life Insurance affects users' mobile phone names (direct SQL transfer) Taikang Life Insurance Co., Ltd. was founded in August 22, 1996 and is headquartered in Beijing. After 19 years of steady and innovative development,

CVE-2016-0636 Vulnerabilities0x00 vulnerability Overview Vulnerability No.: CVE-2016-0636, a variant of the Vulnerability (CVE-2013-5838) that Adam Gowdiak reported to Oracle on 2013. Oracle has not fixed this vulnerability in some code branches,

Basic Analysis of threat intelligence: crawling, walking, and analysis (Part 3) This is the last article (1 and 2) of the threat intelligence basic trilogy. This article will continue to discuss how threat intelligence is implemented in security

Analysis on Recon Technology In this article, we will learn some popular network detection technologies and write some Snort detection rules in practice. Exercise 1: network discovery Nmap is one of the most popular tools in the information security