随笔分类 -  OWASP

About The Open Web Application Security Project https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project
摘要:Subresource Integrity Abstract This specification defines a mechanism by which user agents may verify that a fetched resource has been delivered witho 阅读全文
posted @ 2020-06-19 10:41 ChuckLu 阅读(444) 评论(0) 推荐(0) 编辑
摘要:The goal of this section is to introduce, discuss, and provide language specific mitigation techniques for HttpOnly. Who developed HttpOnly? When? Acc 阅读全文
posted @ 2020-05-06 15:06 ChuckLu 阅读(489) 评论(0) 推荐(0) 编辑
摘要:没有加密的<script>alert('XSS')</script> 加密一次的结果%3Cscript%3Ealert('XSS')%3C%2Fscript%3E http://localhost:25665/MvcExample/%3Cscript%3Ealert('XSS')%3C/script 阅读全文
posted @ 2020-04-23 18:56 ChuckLu 阅读(353) 评论(0) 推荐(0) 编辑
摘要:Prevent Cross-Site Scripting (XSS) in ASP.NET Core Accessing encoders in code The HTML, JavaScript and URL encoders are available to your code in two 阅读全文
posted @ 2020-04-22 13:39 ChuckLu 阅读(716) 评论(0) 推荐(0) 编辑
摘要:All is XSS that comes to the .NET 通杀.NET的XSS! https://localhost:44345/(A(%22onerror=%22alert%601%60%22))/xss.aspx (A("onerror="alert`1`")) 在asp.net的ur 阅读全文
posted @ 2020-04-21 18:49 ChuckLu 阅读(394) 评论(0) 推荐(0) 编辑
摘要:如果在方法上添加了[ValidateAntiForgeryToken],没处理好 请求没有带参数 2019-09-17 14:02:45,142 ERROR [36]: System.Web.Mvc.HttpAntiForgeryException (0x80004005): The require 阅读全文
posted @ 2019-09-16 17:35 ChuckLu 阅读(549) 评论(0) 推荐(0) 编辑
摘要:What is the difference between XSS and CSRF from their execution perspective? https://www.quora.com/What-is-the-difference-between-XSS-and-CSRF-from-t 阅读全文
posted @ 2019-09-16 17:00 ChuckLu 阅读(217) 评论(0) 推荐(0) 编辑
摘要:https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) Overview Cross-Site Request Forgery (CSRF) is an attack that forces an end user to e 阅读全文
posted @ 2019-09-16 16:49 ChuckLu 阅读(331) 评论(0) 推荐(0) 编辑
摘要:https://blog.csdn.net/ttu1evldelfq5btqik/article/details/78763329 列表 https://baijiahao.baidu.com/s?id=1584015151646929279&wfr=spider&for=pc ZAP https: 阅读全文
posted @ 2019-01-16 15:41 ChuckLu 阅读(699) 评论(0) 推荐(0) 编辑
摘要:https://en.wikipedia.org/wiki/Cross-site_scripting Definition Cross-site scripting (XSS) is a type of computer security vulnerability typically found 阅读全文
posted @ 2018-12-03 15:07 ChuckLu 阅读(797) 评论(0) 推荐(0) 编辑
摘要:brute force cracking 暴力破解 Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypte 阅读全文
posted @ 2017-11-01 18:11 ChuckLu 阅读(390) 评论(0) 推荐(0) 编辑

点击右上角即可分享
微信分享提示