Security Policy Information Security Standards Organizational Aspects of Security Roles and Responsibilities Security in context of the Systems Development Life Cycle (“SDLC”) Se...

Escaper Overview HTML HTML Attributes URLs CSS JavaScript Encoding detectEncoding() getEncoding() normalizeEncoding() setEncoding() setDoubleEncode() setHtmlQuoteType() ...

练习 51：lessweb 挑战练习 破坏它 研究性学习 练习 51：lessweb 原文：Exercise 51: lessweb 译者：飞龙 协议：CC BY-NC-SA 4.0 自豪地采用谷歌翻译 我们很接近这本书的末尾了，所以在最后两个练习中我将给你一个项目。你将要创建一个 Web 服务器。在本练习中，你只需了...

Crypto Module Nonces createNonce checkAndMarkNonce Random values rand genRandomAlphaNumbers genRandomNumbers genRandomSalt genRandomBytes uuidv4 JSON Web Tokens (JWT) jwt...

米斯特白帽培训讲义 漏洞篇 CSRF 利用 附录 米斯特白帽培训讲义 漏洞篇 CSRF 讲师：gh0stkey 整理：飞龙 协议：CC BY-NC-SA 4.0 CSRF（Cross-site request forgery跨站请求伪造，也被称为“One Click Attack”或者Session Riding，通常缩写为CSR...

Introduction Goals of Input Validation Input validation strategies Implementing input validation Whitelisting vs blacklisting Validating free-form Unicode text Regular express...

Introduction Goals of Input Validation Input validation strategies Implementing input validation Whitelisting vs blacklisting Validating free-form Unicode text Regular express...

Contributors to the initial version of the project Contributors to the initial version of the project If you want to modify something regarding the mention made to you (typo/li...

介绍 检测和利用 SQL 注入漏洞 直连 DBMS 介绍 译自：Introduction 检测和利用 SQL 注入漏洞 假设你正在进行 Web 应用审计，发现有某个 Web 页面接受来自用户端提供的动态数据，这些数据通过 GET ，POST 或 Cookie 参数或 HTTP User-Agent 请求头发送。因而，你想测试是...

Introduction Preparation Understand Risk Management Basics in the context of Application Security Threat Modeling Terminologies Define Objectives Identify application design R...