Programmer Help

Code Vulnerability Scanning Common Vulnerabilities 1. Log Injection (Log Forging Vulnerability) Vulnerability Description Writing unauthenticated user input to a log file can cause an attacker to forge log entries or inject malicious information into the log. A bug in log forgery occurs when: Data enters the application from an untrusted ...

1. Loopholes General type: the vulnerability corresponding to the third-party software, application and system. Each user using the software or application system has this vulnerability. If a vulnerability is found, it can block n more than one website Event type: non general vulnerability, which mainly refers to the specific vulnerability of ...

backgroundRecently, the project has been launched, and Party A requires to pass the safety inspection before acceptance. Therefore, a series of safety reinforcement has been carried out for the system according to the scanning results. This paper introduces some common safety problems and protection strategies, and provides corresponding soluti ...

cryptography Summary Cryptography is a technical science that studies the compilation and deciphering of passwordsThe technical and scientific science of keeping information confidential is called cryptocodingCryptography is the science and technology for deciphering cryptography Basic Model of Information Security Basic cryptographic ...

0DOS command DOS command, a computer term, refers to the command of DOS operating system, which is a disk oriented operation command. 1DOS command classification DOS commands provided for users can be divided into three categories: 1.1 internal commands It is a part of the resident memory in DOS command. It is loaded into memory by the ...

FastCGI definition: What is CGI CGI Full name"Universal Gateway Interface"(Common Gateway Interface)，be used for HTTP A tool by which a server communicates with program services on other machines, CGI The program must run on the network server. tradition CGI The main disadvantage of the interface mode is poor performance because each time ...

Blind injection of sql injection catalogue Blind injection principle Boolean blind note Time blind injection sqlmap blind injection     1, Blind injection principle 1. Blind injection application scenario Blind injection is often used where there is no detailed echo when interacting with the database; Boolean blind injection is inj ...

Many injections have no echo, which may be caused by the problem of SQL query method. At this time, we need to use relevant error reporting or blind injection for subsequent operations. sql statement addition, deletion, modification and query: For example, insert statement injection can be used to inject into the database during user reg ...

WAF bypass - SQL injection Conduct operations on data, such as case, encryption and decryption, encoding and decoding, so as to make the interception invalid For example, take sqlilabs-less-2 as an example (assuming that the security dog has been set to prohibit querying the database): At this point, when you enter the following statement ...

Reference link: spring security - Basic Introduction (I): https://blog.csdn.net/qq_22172133/article/details/86503223 Take you to Spring Security!: https://www.cnblogs.com/lenve/p/11242055.html 1 Introduction The core functions of spring security mainly include: Certification (who are you) Authorization (what can you do) Attack protection (ag ...