brute force cracking   暴力破解

Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies. Just as a criminal might break into, or "crack" a safe by trying many possible combinations, a brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.

Session fixation

http://www.c-sharpcorner.com/UploadFile/ajyadav123/session-fixation-vulnerability-detection-in-Asp-Net/
https://www.codeproject.com/Articles/210993/Session-Fixation-vulnerability-in-ASP-NET

http://blog.csdn.net/newjueqi/article/details/7548976

https://en.wikipedia.org/wiki/Session_fixation#Countermeasures

https://www.cnblogs.com/luminji/archive/2012/05/30/2511357.html

Improper Session Management

https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management

Cross-site Scripting (XSS)  跨站点脚本攻击

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

http://blog.csdn.net/yefan2222/article/details/7091863

solution

https://github.com/mganss/HtmlSanitizer

OTP flooding attack  One-time passwords  短信动态验证码

http://www.wwpass.com/company/blog/vulnerability-of-one-time-passwords-over-sms

WEB安全扫描器Netsparker推荐给大家

下载链接: http://pan.baidu.com/s/1pJI4gHX 密码: pygm

ASP.NET web application security review: Do's & Don'ts

https://www.codeproject.com/Articles/291562/Asp-net-web-application-Security-Review-Dos-Dont

web security的更多相关文章

  1. SPRING SECURITY JAVA配置:Web Security

    在前一篇,我已经介绍了Spring Security Java配置,也概括的介绍了一下这个项目方方面面.在这篇文章中,我们来看一看一个简单的基于web security配置的例子.之后我们再来作更多的 ...

  2. System.Web.Security 在winform中是什么命名空间呢

    des.Key = ASCIIEncoding.ASCII.GetBytes(System.Web.Security.FormsAuthentication.HashPasswordForStorin ...

  3. System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(string, string)已过时的解决办法

    FormsAuthentication.HashPasswordForStoringInConfigFile 方法是一个在.NET 4.5中已经废弃不用的API,参见: https://msdn.mi ...

  4. Talk In Web Security(安全世界观): Devleping a Secure WebSite

    Writer:BYSocket(泥沙砖瓦浆木匠) 微博:BYSocket 豆瓣:BYSocket Reprint it anywhere u want. Why to write about Web ...

  5. ref:web security最新学习资料收集

    ref:https://chybeta.github.io/2017/08/19/Web-Security-Learning/ ref:https://github.com/CHYbeta/Web-S ...

  6. 『转』Dr.Web Security Space 8 – 免费3个月

    简短的测试五个问题,任意回答问题,都将获得Dr.Web Security Suite 3个月免费许可证以及大蜘蛛企业安全套件2个月来保护整个公司!活动地址:https://www.drweb.com/ ...

  7. [Security] Web Security Essentials

    In this course, we'll learn how to exploit and then mitigate several common Web Security Vulnerabili ...

  8. web hack & web security

    web hack & web security https://www.hacksplaining.com/lessons https://www.hacksplaining.com/ OK ...

  9. Portswigger web security academy:WebSockets

    Portswigger web security academy:WebSockets 目录 Portswigger web security academy:WebSockets Lab: Mani ...

  10. Portswigger web security academy:Clickjacking (UI redressing)

    Portswigger web security academy:Clickjacking (UI redressing) 目录 Portswigger web security academy:Cl ...

随机推荐

  1. java 基本数据类型及自己主动类型提升

    基本数据类型:8种 1.整型: byte    1个字节    8位    -128到127 short   2个字节    16位  -2^15到(2^15)-1 int    4个字节    32 ...

  2. 宝马男砍人不慎刀落反被杀 防卫过当or故意伤害(在生命受到威胁的情况下,已经很难判断对方意图了,而且假如于莫是老弱妇幼,可能现在死的就是于莫了)

    如果被砍的是周律师他就不会说是防为过当吧,宝马车主跑回自己的车边时最危险,不知道他车上还有什么刀枪之类的.这如果判防卫过当,恶人会更恶,老实人连防卫都不敢了. 不知道在这个没有法治的国家会是如何判案的 ...

  3. Thread.setDaemon设置说明

    转载地址:http://blog.csdn.net/m13666368773/article/details/7245570 Thread.setDaemon的用法,经过学习以后了解: 1. setD ...

  4. 16. 3Sum Closest[M]最接近的三数之和

    题目 Given an array nums of n integers and an integer target, find three integers in nums such that th ...

  5. Spring《六》管理Bean

    BeanWrapper BeanFactory ApplicationContext 1.通常情况下使用BeanFactory.ApplicationContext 2.ApplicationCont ...

  6. 开发辅助 | 前端开发工程师必懂的 UI 知识

           移动 UI 设计的世界 ... 1.屏幕尺寸 屏幕大小,指屏幕对角线的长度,而不是屏幕的宽度或高度: 单位为英寸 如 iPhone 7 屏幕尺寸为 4.7 英寸:三星 S6 屏幕尺寸为 ...

  7. 列表查询组件代码, 简化拼接条件SQL语句的麻烦

    列表查询组件代码, 简化拼接条件SQL语句的麻烦 多条件查询

  8. Uva 11324 The Largest Clique【强连通 DAG动规 spfa】

    白书上的例题 做一遍tarjan后,缩点,每一个scc节点的权为它的结点数,做一次DAG上的动规,求出路径上的最大点权和,就可以了 #include<cstdio> #include< ...

  9. 记一次redis-cluster的切换

    # redis-cli -h 10.5.8.18 -c -p 8001 cluster nodes|grep master 6d2f817064a10631648f24f450a37237b3d53f ...

  10. 随手记之TCP Keepalive笔记-tcp_keepalive_timer

    这里可以找到大部分处理逻辑,net/ipv4/Tcp_timer.c: static void tcp_keepalive_timer (unsigned long data) { struct so ...