brute force cracking   暴力破解

Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies. Just as a criminal might break into, or "crack" a safe by trying many possible combinations, a brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.

Session fixation

http://www.c-sharpcorner.com/UploadFile/ajyadav123/session-fixation-vulnerability-detection-in-Asp-Net/
https://www.codeproject.com/Articles/210993/Session-Fixation-vulnerability-in-ASP-NET

http://blog.csdn.net/newjueqi/article/details/7548976

https://en.wikipedia.org/wiki/Session_fixation#Countermeasures

https://www.cnblogs.com/luminji/archive/2012/05/30/2511357.html

Improper Session Management

https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management

Cross-site Scripting (XSS)  跨站点脚本攻击

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

http://blog.csdn.net/yefan2222/article/details/7091863

solution

https://github.com/mganss/HtmlSanitizer

OTP flooding attack  One-time passwords  短信动态验证码

http://www.wwpass.com/company/blog/vulnerability-of-one-time-passwords-over-sms

WEB安全扫描器Netsparker推荐给大家

下载链接: http://pan.baidu.com/s/1pJI4gHX 密码: pygm

ASP.NET web application security review: Do's & Don'ts

https://www.codeproject.com/Articles/291562/Asp-net-web-application-Security-Review-Dos-Dont

web security的更多相关文章

  1. SPRING SECURITY JAVA配置:Web Security

    在前一篇,我已经介绍了Spring Security Java配置,也概括的介绍了一下这个项目方方面面.在这篇文章中,我们来看一看一个简单的基于web security配置的例子.之后我们再来作更多的 ...

  2. System.Web.Security 在winform中是什么命名空间呢

    des.Key = ASCIIEncoding.ASCII.GetBytes(System.Web.Security.FormsAuthentication.HashPasswordForStorin ...

  3. System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(string, string)已过时的解决办法

    FormsAuthentication.HashPasswordForStoringInConfigFile 方法是一个在.NET 4.5中已经废弃不用的API,参见: https://msdn.mi ...

  4. Talk In Web Security(安全世界观): Devleping a Secure WebSite

    Writer:BYSocket(泥沙砖瓦浆木匠) 微博:BYSocket 豆瓣:BYSocket Reprint it anywhere u want. Why to write about Web ...

  5. ref:web security最新学习资料收集

    ref:https://chybeta.github.io/2017/08/19/Web-Security-Learning/ ref:https://github.com/CHYbeta/Web-S ...

  6. 『转』Dr.Web Security Space 8 – 免费3个月

    简短的测试五个问题,任意回答问题,都将获得Dr.Web Security Suite 3个月免费许可证以及大蜘蛛企业安全套件2个月来保护整个公司!活动地址:https://www.drweb.com/ ...

  7. [Security] Web Security Essentials

    In this course, we'll learn how to exploit and then mitigate several common Web Security Vulnerabili ...

  8. web hack & web security

    web hack & web security https://www.hacksplaining.com/lessons https://www.hacksplaining.com/ OK ...

  9. Portswigger web security academy:WebSockets

    Portswigger web security academy:WebSockets 目录 Portswigger web security academy:WebSockets Lab: Mani ...

  10. Portswigger web security academy:Clickjacking (UI redressing)

    Portswigger web security academy:Clickjacking (UI redressing) 目录 Portswigger web security academy:Cl ...

随机推荐

  1. Linux体验之旅(一)——制作U启,安装rhel-server-6.3

    U启制作: 双击UltraISO: 点击文件→打开: 选择rhel-server6.3 点击启动→选择写入硬盘映像 最后选择格式化优盘→写入→完毕 注意:启动盘制作完毕后一定记得将rhel-serve ...

  2. 初学ToggleButton 点击button,更换button背景图片;再次点击,恢复之前背景图

    上方的图标,R.drawable.register_checked  是选中图片 下方的图标,   R.drawable.register_unchecked 是未选中图片 默认是上方的选中效果.点击 ...

  3. 修改eclipse最近访问的工程的配置文件

    此文件为:org.eclipse.ui.ide.prefs 配置项为:RECENT_WORKSPACES= 示例:RECENT_WORKSPACES=E\:\\Workspaces\\wokspace ...

  4. linux的chmod,chown命令 详解

    指令名称 : chmod 使用权限 : 所有使用者 使用方式 : chmod [-cfvR] [--help] [--version] mode file... 说明 : Linux/Unix 的档案 ...

  5. 流式计算新贵Kafka Stream设计详解--转

    原文地址:https://mp.weixin.qq.com/s?__biz=MzA5NzkxMzg1Nw==&mid=2653162822&idx=1&sn=8c4611436 ...

  6. C# 正则表达式

    C# 正则表达式 正则表达式 是一种匹配输入文本的模式..Net 框架提供了允许这种匹配的正则表达式引擎.模式由一个或多个字符.运算符和结构组成. 定义正则表达式 下面列出了用于定义正则表达式的各种类 ...

  7. hdu 3416 Marriage Match IV 【 最短路 最大流 】

    求边不可重复的最短路条数 先从起点到终点用一次dijkstra,再从终点到起点用一次dijkstra,来判断一条边是否在最短路上 如果在,就将这条边的两个端点连起来,容量为1 再跑一下dinic(), ...

  8. SQL基本语句:1.模式 3.索引

    每次很长时间不用sql语句之后,都需要把基础的捡一捡,索性做个笔记,以后可以长看

  9. CDR发展史-CorelDRAW经历了哪些版本?

    1989年CorelDRAW横空出世,它引入了全彩矢量插图和版面设计程序,这在计算机图形领域掀起了一场风暴般的技术革新.两年后,Corel又推出了首款一体化图形套件(第 3 版),将矢量插图.版面设计 ...

  10. BZOJ2194: 快速傅立叶之二 FFT_卷积

    Code: #include <cstdio> #include <algorithm> #include <cmath> #include <cstring ...