Code Vulnerability Scanning Common Vulnerabilities

Code Vulnerability Scanning Common Vulnerabilities 1. Log Injection (Log Forging Vulnerability) Vulnerability Description Writing unauthenticated user input to a log file can cause an attacker to forge log entries or inject malicious information into the log. A bug in log forgery occurs when: Data enters the application from an untrusted ...

Posted on Sun, 05 Dec 2021 14:57:20 -0500 by AaZmaN

Network security -- HTML Foundation

1. Loopholes General type: the vulnerability corresponding to the third-party software, application and system. Each user using the software or application system has this vulnerability. If a vulnerability is found, it can block n more than one website Event type: non general vulnerability, which mainly refers to the specific vulnerability of ...

Posted on Sun, 05 Dec 2021 04:21:11 -0500 by TangoGirl

Implementation of springboot web application security policy

backgroundRecently, the project has been launched, and Party A requires to pass the safety inspection before acceptance. Therefore, a series of safety reinforcement has been carried out for the system according to the scanning results. This paper introduces some common safety problems and protection strategies, and provides corresponding soluti ...

Posted on Sat, 04 Dec 2021 19:14:29 -0500 by tomdude48

[CTF from 0 to 1 learning] 2. CTF cryptography

cryptography Summary Cryptography is a technical science that studies the compilation and deciphering of passwordsThe technical and scientific science of keeping information confidential is called cryptocodingCryptography is the science and technology for deciphering cryptography Basic Model of Information Security Basic cryptographic ...

Posted on Sat, 04 Dec 2021 14:11:13 -0500 by mhewall

DOS command details

0DOS command DOS command, a computer term, refers to the command of DOS operating system, which is a disk oriented operation command. 1DOS command classification DOS commands provided for users can be divided into three categories: 1.1 internal commands It is a part of the resident memory in DOS command. It is loaded into memory by the ...

Posted on Tue, 30 Nov 2021 22:53:46 -0500 by tukon

SSRF--gopher protocol FastCGI

FastCGI definition: What is CGI CGI Full name"Universal Gateway Interface"(Common Gateway Interface),be used for HTTP A tool by which a server communicates with program services on other machines, CGI The program must run on the network server. tradition CGI The main disadvantage of the interface mode is poor performance because each time ...

Posted on Tue, 30 Nov 2021 09:02:40 -0500 by David-fethiye

sql injection for web Security

Blind injection of sql injection catalogue Blind injection principle Boolean blind note Time blind injection sqlmap blind injection     1, Blind injection principle 1. Blind injection application scenario Blind injection is often used where there is no detailed echo when interacting with the database; Boolean blind injection is inj ...

Posted on Sun, 28 Nov 2021 06:39:38 -0500 by MrRosary

SQL injection (query method and blind injection)

Many injections have no echo, which may be caused by the problem of SQL query method. At this time, we need to use relevant error reporting or blind injection for subsequent operations. sql statement addition, deletion, modification and query: For example, insert statement injection can be used to inject into the database during user reg ...

Posted on Tue, 09 Nov 2021 20:19:00 -0500 by MikeX

WAF bypass - SQL injection

WAF bypass - SQL injection Conduct operations on data, such as case, encryption and decryption, encoding and decoding, so as to make the interception invalid For example, take sqlilabs-less-2 as an example (assuming that the security dog has been set to prohibit querying the database): At this point, when you enter the following statement ...

Posted on Tue, 09 Nov 2021 18:16:00 -0500 by Bryan Ando

Learning and using spring security

Reference link: spring security - Basic Introduction (I): https://blog.csdn.net/qq_22172133/article/details/86503223 Take you to Spring Security!: https://www.cnblogs.com/lenve/p/11242055.html 1 Introduction The core functions of spring security mainly include: Certification (who are you) Authorization (what can you do) Attack protection (ag ...

Posted on Fri, 05 Nov 2021 01:21:58 -0400 by darga333