brute force cracking   暴力破解

Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies. Just as a criminal might break into, or "crack" a safe by trying many possible combinations, a brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.

Session fixation

http://www.c-sharpcorner.com/UploadFile/ajyadav123/session-fixation-vulnerability-detection-in-Asp-Net/
https://www.codeproject.com/Articles/210993/Session-Fixation-vulnerability-in-ASP-NET

http://blog.csdn.net/newjueqi/article/details/7548976

https://en.wikipedia.org/wiki/Session_fixation#Countermeasures

https://www.cnblogs.com/luminji/archive/2012/05/30/2511357.html

Improper Session Management

https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management

Cross-site Scripting (XSS)  跨站点脚本攻击

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

http://blog.csdn.net/yefan2222/article/details/7091863

solution

https://github.com/mganss/HtmlSanitizer

OTP flooding attack  One-time passwords  短信动态验证码

http://www.wwpass.com/company/blog/vulnerability-of-one-time-passwords-over-sms

WEB安全扫描器Netsparker推荐给大家

下载链接: http://pan.baidu.com/s/1pJI4gHX 密码: pygm

ASP.NET web application security review: Do's & Don'ts

https://www.codeproject.com/Articles/291562/Asp-net-web-application-Security-Review-Dos-Dont

web security的更多相关文章

  1. SPRING SECURITY JAVA配置:Web Security

    在前一篇,我已经介绍了Spring Security Java配置,也概括的介绍了一下这个项目方方面面.在这篇文章中,我们来看一看一个简单的基于web security配置的例子.之后我们再来作更多的 ...

  2. System.Web.Security 在winform中是什么命名空间呢

    des.Key = ASCIIEncoding.ASCII.GetBytes(System.Web.Security.FormsAuthentication.HashPasswordForStorin ...

  3. System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(string, string)已过时的解决办法

    FormsAuthentication.HashPasswordForStoringInConfigFile 方法是一个在.NET 4.5中已经废弃不用的API,参见: https://msdn.mi ...

  4. Talk In Web Security(安全世界观): Devleping a Secure WebSite

    Writer:BYSocket(泥沙砖瓦浆木匠) 微博:BYSocket 豆瓣:BYSocket Reprint it anywhere u want. Why to write about Web ...

  5. ref:web security最新学习资料收集

    ref:https://chybeta.github.io/2017/08/19/Web-Security-Learning/ ref:https://github.com/CHYbeta/Web-S ...

  6. 『转』Dr.Web Security Space 8 – 免费3个月

    简短的测试五个问题,任意回答问题,都将获得Dr.Web Security Suite 3个月免费许可证以及大蜘蛛企业安全套件2个月来保护整个公司!活动地址:https://www.drweb.com/ ...

  7. [Security] Web Security Essentials

    In this course, we'll learn how to exploit and then mitigate several common Web Security Vulnerabili ...

  8. web hack & web security

    web hack & web security https://www.hacksplaining.com/lessons https://www.hacksplaining.com/ OK ...

  9. Portswigger web security academy:WebSockets

    Portswigger web security academy:WebSockets 目录 Portswigger web security academy:WebSockets Lab: Mani ...

  10. Portswigger web security academy:Clickjacking (UI redressing)

    Portswigger web security academy:Clickjacking (UI redressing) 目录 Portswigger web security academy:Cl ...

随机推荐

  1. Oracle 单表选择率

    听了猫大师的课,对Oracle CBO又加深了一步理解: 单表选择率: selectivity=1/ndv*a4nulls ocard来自dba_tables.num_rows ndv 来自dba_t ...

  2. CentOS 6 安装最新的 Redis 2.8 ,安装 TCMalloc

    1,遇到的问题就是 redis 2.8 版本号依赖 Google 的 TCMalloc TCMalloc(Thread-Caching Malloc)是google开发的开源工具──"goo ...

  3. Codeforces Round #282 (Div. 1)B. Obsessive String KMP+DP

    B. Obsessive String   Hamed has recently found a string t and suddenly became quite fond of it. He s ...

  4. caffe:使用C++来提取任意一张图片的特征

    0x00 关于使用C++接口来提取特征,caffe官方提供了一个extract_features.cpp的例程,但是这个文件的输入是blob数据,即使输入层使用的是ImageData,也需要在depl ...

  5. Java IO 基础

    早上复习了IO.NIO.AIO相关的概念,将其中一些要点记录一下. 从编程语言层面 BIO | NIO | AIO 以Java的角度,理解,linux c里也有AIO的概念(库),这些概念不知道什么原 ...

  6. c++面向对象程序设计 课后题 答案 谭浩强 第四章

    c++面向对象程序设计课后题答案 谭浩强 第四章 1: #include <iostream> using namespace std; class Complex {public: Co ...

  7. dell台式机设置U盘启动步骤

    在开机启动看见DELL的标志后,连续按F12键进入BIOS界面,然后按照界面进行操作,操做完成后保存退出,然后再按F12键选择U盘启动. 注意硬盘模式需要选择为disabled.

  8. 整理windows相关软件的环境变量

    java: JAVA_HOME    [安装java的home目录] PATH              [在最后添加] ;%JAVA_HOME%\bin; CLASSPATH    [文本框的起始位 ...

  9. Repeater控件使用小结持续更新

    Repeater嵌套Repeater绑定数据 前台代码 <!--注意层级关系不要写错了--> <asp:Repeater ID="rpGroup" runat=& ...

  10. appium连接夜游神的方法

    很多小伙伴想连接夜游神模拟器,但是无法连接,下面是夜游神的链接方法 第一步:先打开夜游神模拟器 第二步:打开运行输入cmd,输入夜游神连接方法:adb connect 127.0.0.1:62001第 ...