摘要: copy from: https://learn.microsoft.com/zh-cn/archive/blogs/brian_swan/do-stored-procedures-protect-against-sql-injection When I’ve asked people about 阅读全文
posted @ 2023-03-21 22:27 saaspeter 阅读(28) 评论(0) 推荐(0) 编辑
摘要: from: https://owasp.org/www-community/attacks/Session_fixation Description Session Fixation is an attack that permits an attacker to hijack a valid us 阅读全文
posted @ 2023-03-21 18:08 saaspeter 阅读(89) 评论(0) 推荐(0) 编辑
摘要: 在介绍xss的英文文章中常看到sink这个词语。查了下: A sink is a potentially dangerous JavaScript function that can caused undesirable effects if attacker controlled data is 阅读全文
posted @ 2023-03-21 16:59 saaspeter 阅读(128) 评论(0) 推荐(0) 编辑
摘要: Since Java Strings are based on char arrays and Java automatically checks array bounds, buffer overflows are only possible in unusual scenarios: If yo 阅读全文
posted @ 2023-03-21 10:17 saaspeter 阅读(12) 评论(0) 推荐(0) 编辑