brute force cracking   暴力破解

Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies. Just as a criminal might break into, or "crack" a safe by trying many possible combinations, a brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.

Session fixation

http://www.c-sharpcorner.com/UploadFile/ajyadav123/session-fixation-vulnerability-detection-in-Asp-Net/
https://www.codeproject.com/Articles/210993/Session-Fixation-vulnerability-in-ASP-NET

http://blog.csdn.net/newjueqi/article/details/7548976

https://en.wikipedia.org/wiki/Session_fixation#Countermeasures

https://www.cnblogs.com/luminji/archive/2012/05/30/2511357.html

Improper Session Management

https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management

Cross-site Scripting (XSS)  跨站点脚本攻击

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

http://blog.csdn.net/yefan2222/article/details/7091863

solution

https://github.com/mganss/HtmlSanitizer

OTP flooding attack  One-time passwords  短信动态验证码

http://www.wwpass.com/company/blog/vulnerability-of-one-time-passwords-over-sms

WEB安全扫描器Netsparker推荐给大家

下载链接: http://pan.baidu.com/s/1pJI4gHX 密码: pygm

ASP.NET web application security review: Do's & Don'ts

https://www.codeproject.com/Articles/291562/Asp-net-web-application-Security-Review-Dos-Dont

web security的更多相关文章

  1. SPRING SECURITY JAVA配置:Web Security

    在前一篇,我已经介绍了Spring Security Java配置,也概括的介绍了一下这个项目方方面面.在这篇文章中,我们来看一看一个简单的基于web security配置的例子.之后我们再来作更多的 ...

  2. System.Web.Security 在winform中是什么命名空间呢

    des.Key = ASCIIEncoding.ASCII.GetBytes(System.Web.Security.FormsAuthentication.HashPasswordForStorin ...

  3. System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(string, string)已过时的解决办法

    FormsAuthentication.HashPasswordForStoringInConfigFile 方法是一个在.NET 4.5中已经废弃不用的API,参见: https://msdn.mi ...

  4. Talk In Web Security(安全世界观): Devleping a Secure WebSite

    Writer:BYSocket(泥沙砖瓦浆木匠) 微博:BYSocket 豆瓣:BYSocket Reprint it anywhere u want. Why to write about Web ...

  5. ref:web security最新学习资料收集

    ref:https://chybeta.github.io/2017/08/19/Web-Security-Learning/ ref:https://github.com/CHYbeta/Web-S ...

  6. 『转』Dr.Web Security Space 8 – 免费3个月

    简短的测试五个问题,任意回答问题,都将获得Dr.Web Security Suite 3个月免费许可证以及大蜘蛛企业安全套件2个月来保护整个公司!活动地址:https://www.drweb.com/ ...

  7. [Security] Web Security Essentials

    In this course, we'll learn how to exploit and then mitigate several common Web Security Vulnerabili ...

  8. web hack & web security

    web hack & web security https://www.hacksplaining.com/lessons https://www.hacksplaining.com/ OK ...

  9. Portswigger web security academy:WebSockets

    Portswigger web security academy:WebSockets 目录 Portswigger web security academy:WebSockets Lab: Mani ...

  10. Portswigger web security academy:Clickjacking (UI redressing)

    Portswigger web security academy:Clickjacking (UI redressing) 目录 Portswigger web security academy:Cl ...

随机推荐

  1. Spark SQL with Hive

    前一篇文章是Spark SQL的入门篇Spark SQL初探,介绍了一些基础知识和API,可是离我们的日常使用还似乎差了一步之遥. 终结Shark的利用有2个: 1.和Spark程序的集成有诸多限制 ...

  2. hdu5592/BestCoder Round #65 树状数组寻找第K大

    ZYB's Premutation    Memory Limit: 131072/131072 K (Java/Others) 问题描述 ZYBZYB有一个排列PP,但他只记得PP中每个前缀区间的逆 ...

  3. 通过QEMU-GuestAgent实现从外部注入写文件到KVM虚拟机内部

    本文将以宿主上直接写文件到VM内部为例讲解为何要注入以及如何实现 tag: qemu-ga, qemu guest agent, kvm, guest-file-write, inject 小慢哥的原 ...

  4. Centos下MongoDB数据库的安装以及配置开机自启动(三)

    最近写了一个用node来操作MongoDB完成增.删.改.查.排序.分页功能的示例,并且已经放在了服务器上地址:http://39.105.32.180:3333. 在服务器上完全可以用yum来安装管 ...

  5. Habernate配置一对一,一对多,多对多(二)

    一.开篇 紧接着上篇的博客来写:http://www.cnblogs.com/WJ--NET/p/7845000.html(habernate环境的搭建) 二.配置一对一 2.1.新建客户类和公司类( ...

  6. UWP 读取XML文件

    一.读取本地XML文件时要将xxx.xml文件的“生成操作”改为“嵌入的资源”会比较好,在手机上运行的话需要改为“内容” <?xml version="1.0" encodi ...

  7. HDU 1176 免费馅饼【动态规划】

    解题思路:用a[i][j]表示在第i秒在地点j的掉落馅饼的数量,设整个馅饼掉落的时间持续为timemax,即为矩阵的高度,一共0到10个地点,为矩阵的长度,如图,即可构成数塔,因为考虑到在地点0的时候 ...

  8. Html5必看:教你如何选择移动APP开发框架

    如何选择移动APP开发框架一直是困扰很多新手的难题,今天杭州APP开发小编就和大家一起分享一下HTML5 移动app开发过程中框架该如何选择?当然我们得先从下面几个方面来评估一个框架的优越性,然后再做 ...

  9. CADisplayLink & NSTimer

    屏幕刷新与UI更新不同步:屏幕刷新由硬件(+GPU)保证,UI更新由软件(CPU保证). 出现卡顿的原因是软件的计算速度跟不上硬件的刷新速度. 一 简介 1 所在框架 CADisplayLink和其它 ...

  10. 面向对象和结构化程序设计的区别X

    面向对象和结构化程序设计的区别 结构化程序的概念首先是从以往编程过程中无限制地使用转移语句而提出的.转移语句可以使程序的控制流程强制性的转向程序的任一处,在传统流程图中,就是用上节我们提到的" ...