security study guide

ArticleDirectory Authentication Authorization Secure Communication I feel very lacking in website security, so I want to study it well, so I ran to the MS website to find information ~ Http://www.microsoft.com/china/technet/security/guidance/secmod01.mspx I learned to keep some text ~ Article 1 Construct a secure distributed Web Applica

Notes on Authoritative Web Application Security Guide and authoritative web application guideThe Authoritative Web Application Security Guide jumps to: navigation, search Same-origin policy: External webpage JS cannot access the internal content of iframe XSS: inject external JS into iframe for internal execution (you

Question: Apple released a detailed technical document that revealed some security technical information built into iOS and App Store for the first time. What do you think of this document? Does this document indicate that Apple devices pose a great threat to the company's BYOD policy, or that iPhone and iPad manufacturers still have a long way to go to solve iOS security problems? The iOS

CSS design guide, Study Notes 1, css design guide This article is about some notes and Experiences after reading Charles Wyke-Smit's "CSS design guide" over the past few days. I seem to be getting started with web design when I was a freshman, because it is not a computer Major, all of them are self-taught. I remember

EntryThis is the user's Guide to support OAuth2.0. For OAuth1.0, everything is different, so look at its user guide.This user guide is divided into two sections, the first part is the OAuth2.0 provider (OAuth 2.0 Provider), and the second part is the client of OAuth2.0 (OAuth 2.0 client)OAUTH2.0 provides endThe purpose of the OAuth2.0 provider is to expose protected resources. Establish a list of clients th

15th. Web server configuration Security 15.1 ApacheSafetyIt is important to use the "least privilege Principle" when installing Web Server on a Linux deployment . Try not to use root deployment. 15.2 NginxSafetyNginx Security Configuration Guide Technical manual PDF DownloadFree in http://linux.linuxidc.com/user name and password are www.linuxidc.comspecific down

contains sensitive dataq never directly store user-supplied (user-supplied) the arrayq careful use of serialization (serialization)q use local methods with caution (Native methods)q Clear Sensitive informationJava Safe anti-patternq ignoring those full-pattern code inadvertently creates a loophole.typical of Java Secure encoding anti-pattern (antipatterns):Ignore language features ( such as Integer overflow (Overflow))do not pay attention to using serialization , do not pay attention

a page in the same session and destroyed when the session ends. So Sessionstorage is not a persistent local store, only session-level storage. localstorage is used for persistent local storage, and the data is never expired unless the data is actively deleted. Advantage:q storage space: storage space Larger : each individual storage space under IE8 is 10M, and other browsers are slightly different, but much larger than cookies . q server: The stored content is not sent to the server: When s

does does appear to has any style information associated with it. The document tree is shown below. 2.2Browser Sandboxthe current browser is mostly a multi-process architecture, the browser of the various function modules, each browser instances are separated, and when a process crashes, it does not affect other processes. sandboxes can access local file systems, memory, database, and network requests through the encapsulated API. Browser plugins are a source of threats that program bro

Java Study Notes 45 (multithreading 2: security issues and solutions), java Study Notes Thread security issues and solutions: Security issues occur when multiple threads use one shared data. A classic case: Tickets are sold in cinemas, with a total of 100 seats and a maximu

[In-depth study of Web security] in-depth use of XSS vulnerabilities and in-depth study of xss Preface Starting from this lesson, Xiaozhai has changed the layout again, hoping to give you a better reading experience. The basic principle of XSS is HTML code injection. In this lesson, we will take a deeper look at How To Exploit XSS. Analysis on XSS Exploitation Te

The links listed below are online documents, and enthusiasts who are interested in information security can serve as an introductory guide. Background knowledge General knowledge Sun Certified-solaris 910 Security Administrator Learning Guide PICOCTF Information Application software

OSSIM-based Information System Security Risk Assessment Implementation Guide OSSIM-based Information System Security Risk Assessment Implementation Guide Some people will think that the risk assessment is not just scanning hosts, but scanning the whole network with some famous foreign

On June 23, February 11, J. D. Meier announced the release of patterns Practices WCF security guide on his blog. J. D. Meier wrote in his blog:For end-to-end application scenarios, this Guide guides developers to design and implement authentication and authorization in WCF. With this standardized guide document (inclu

MySQL security guide (1) () MySQL security guide (1) () The ORACLE tutorial is: MySQL security guide (1) (). MySQL Security Guide Author: Y

Payload) and an encryption algorithm (for example, 3DES), while providing data confidentiality for all RADIUS messages. Windows Server 2003 to have a secure default configuration at the time of release. To improve the ease of use of this chapter, only the settings that are not modified by the Member Server Baseline Policy (MSBP) are described here. For more information on the MSBP settings, see Chapter 3rd, "Creating a Member Server Baseline." For information on all default settings, see the si

The ORACLE tutorial is: MySQL security guide (1) (). MySQL Security GuideAuthor: Yan ZiAs a MySQL System Administrator, you have the responsibility to maintain the data security and integrity of your MySQL database system. This article mainly introduces how to build a secure MySQL system and provides you with a

UNIX-based Web server Security Guide One. Security vulnerabilities Vulnerabilities on Web servers can be considered in the following ways: 1. Secret files, directories, or important data that you do not have access to on a Web server. 2. When sending information to the server from a remote user, especially when something like a credit card, it is illegally int

This document defines the security setting standards that the Information System Department maintains and manages Tomcat WEB servers. This document aims to guide system administrators in the secure configuration of Tomcat WEB servers. This article applies to tomcat Web servers 4.X, 5.x, and 6.x.Chapter 4 account management and authentication and authorization1.1 account1.1.1 shared Account ManagementSecurit

A long time ago, a predecessor recommended Angularjs to me. But I didn't study hard at the time, just to read a document. Later awakened ... So determined to understand this series of documents, and free translation (English level is not enough ... Can not be said to be translated, some really do not understand, I hope everyone in the process of the visit pointed out the mistakes therein. After 1 months of intermittent efforts, finally the