随笔分类 - OWASP
About The Open Web Application Security Project
https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project
摘要:Subresource Integrity Abstract This specification defines a mechanism by which user agents may verify that a fetched resource has been delivered witho
阅读全文
摘要:The goal of this section is to introduce, discuss, and provide language specific mitigation techniques for HttpOnly. Who developed HttpOnly? When? Acc
阅读全文
摘要:没有加密的<script>alert('XSS')</script> 加密一次的结果%3Cscript%3Ealert('XSS')%3C%2Fscript%3E http://localhost:25665/MvcExample/%3Cscript%3Ealert('XSS')%3C/script
阅读全文
摘要:Prevent Cross-Site Scripting (XSS) in ASP.NET Core Accessing encoders in code The HTML, JavaScript and URL encoders are available to your code in two
阅读全文
摘要:All is XSS that comes to the .NET 通杀.NET的XSS! https://localhost:44345/(A(%22onerror=%22alert%601%60%22))/xss.aspx (A("onerror="alert`1`")) 在asp.net的ur
阅读全文
摘要:如果在方法上添加了[ValidateAntiForgeryToken],没处理好 请求没有带参数 2019-09-17 14:02:45,142 ERROR [36]: System.Web.Mvc.HttpAntiForgeryException (0x80004005): The require
阅读全文
摘要:What is the difference between XSS and CSRF from their execution perspective? https://www.quora.com/What-is-the-difference-between-XSS-and-CSRF-from-t
阅读全文
摘要:https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) Overview Cross-Site Request Forgery (CSRF) is an attack that forces an end user to e
阅读全文
摘要:https://blog.csdn.net/ttu1evldelfq5btqik/article/details/78763329 列表 https://baijiahao.baidu.com/s?id=1584015151646929279&wfr=spider&for=pc ZAP https:
阅读全文
摘要:https://en.wikipedia.org/wiki/Cross-site_scripting Definition Cross-site scripting (XSS) is a type of computer security vulnerability typically found
阅读全文
摘要:brute force cracking 暴力破解 Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypte
阅读全文