榜单
服务器优惠
AI论文
-
4.4 谨慎管理调试日志
谨慎管理调试日志 详细描述 建议 CWE/OWASP 谨慎管理调试日志 详细描述 调试日志通常设计为用于检测和纠正应用程序中的缺陷。 这些日志可能泄漏敏感信息,这可能有助于攻击者创建更强大的攻击。 建议 开发人员应考虑调试日志在生产环境中可能出现的风险。 一般来说,我们建议他们在生产中禁用。 通常由应用程序用于输出调试消息的Andr... -
空标题文档
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by... -
Why web2py
Why web2py Why web2py web2py is one of many web application frameworks, but it has compelling and unique features. web2py was originally developed as a teaching tool, with the ... -
7.3 检查 Activities
检查 Activities 详细描述 建议 参考 CWE/OWASP 检查 Activities 通常在Android应用程序中,Activity是应用程序中的“屏幕”。 详细描述 任何应用程序都可以调用exported 和 enabled 的Activity . 这可能允许攻击者以开发者可能不想要的方式加载UI元素,例如跳过密码锁... -
Security
Security Security The Open Web Application Security Project[owasp ] (OWASP) is a free and open worldwide community focused on improving the security of application software. O... -
Web Services Security Testing Cheat Sheet Introduction
permalink: /Web_Service_Security_Testing_Cheat_Sheet/ Web Services Security Testing Cheat Sheet Introduction Purpose Checklist Pre-Assessment Information Gathering Testing Phas... -
安全
安全 (Security) 相关资源 安全 (Security) 常见漏洞 XSS(Cross-site scripting) SQL Injection Command Injection Code Execution File Disclosure File Inclusion CSRF(Cross-site request forger... -
Introduction
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. These cheat sheets were created by... -
Limit Use of UUID
Limit Use of UUID Details Remediation References CWE/OWASP Limit Use of UUID Details Most mobile devices have a unique ID, also called a Universal Unique Identifier (UUID... -
2.7 避免敏感数据的查询字符串
避免敏感数据的查询字符串 详细描述 建议 参考 CWE/OWASP 避免敏感数据的查询字符串 详细描述 一个主要的突破口是执行一个简单的经过修改过的查询字符串。查询字符串参数是可见的,并且可能经常意外地缓存(从网络历史记录,Web服务器或代理日志等)。应该避免使用未加密的有意义的数据作为查询字符串。 如果用户凭证作为查询字符串参数传输,而...