brute force cracking   暴力破解

Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies. Just as a criminal might break into, or "crack" a safe by trying many possible combinations, a brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.

Session fixation

http://www.c-sharpcorner.com/UploadFile/ajyadav123/session-fixation-vulnerability-detection-in-Asp-Net/
https://www.codeproject.com/Articles/210993/Session-Fixation-vulnerability-in-ASP-NET

http://blog.csdn.net/newjueqi/article/details/7548976

https://en.wikipedia.org/wiki/Session_fixation#Countermeasures

https://www.cnblogs.com/luminji/archive/2012/05/30/2511357.html

Improper Session Management

https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management

Cross-site Scripting (XSS)  跨站点脚本攻击

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

http://blog.csdn.net/yefan2222/article/details/7091863

solution

https://github.com/mganss/HtmlSanitizer

OTP flooding attack  One-time passwords  短信动态验证码

http://www.wwpass.com/company/blog/vulnerability-of-one-time-passwords-over-sms

WEB安全扫描器Netsparker推荐给大家

下载链接: http://pan.baidu.com/s/1pJI4gHX 密码: pygm

ASP.NET web application security review: Do's & Don'ts

https://www.codeproject.com/Articles/291562/Asp-net-web-application-Security-Review-Dos-Dont

web security的更多相关文章

  1. SPRING SECURITY JAVA配置:Web Security

    在前一篇,我已经介绍了Spring Security Java配置,也概括的介绍了一下这个项目方方面面.在这篇文章中,我们来看一看一个简单的基于web security配置的例子.之后我们再来作更多的 ...

  2. System.Web.Security 在winform中是什么命名空间呢

    des.Key = ASCIIEncoding.ASCII.GetBytes(System.Web.Security.FormsAuthentication.HashPasswordForStorin ...

  3. System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(string, string)已过时的解决办法

    FormsAuthentication.HashPasswordForStoringInConfigFile 方法是一个在.NET 4.5中已经废弃不用的API,参见: https://msdn.mi ...

  4. Talk In Web Security(安全世界观): Devleping a Secure WebSite

    Writer:BYSocket(泥沙砖瓦浆木匠) 微博:BYSocket 豆瓣:BYSocket Reprint it anywhere u want. Why to write about Web ...

  5. ref:web security最新学习资料收集

    ref:https://chybeta.github.io/2017/08/19/Web-Security-Learning/ ref:https://github.com/CHYbeta/Web-S ...

  6. 『转』Dr.Web Security Space 8 – 免费3个月

    简短的测试五个问题,任意回答问题,都将获得Dr.Web Security Suite 3个月免费许可证以及大蜘蛛企业安全套件2个月来保护整个公司!活动地址:https://www.drweb.com/ ...

  7. [Security] Web Security Essentials

    In this course, we'll learn how to exploit and then mitigate several common Web Security Vulnerabili ...

  8. web hack & web security

    web hack & web security https://www.hacksplaining.com/lessons https://www.hacksplaining.com/ OK ...

  9. Portswigger web security academy:WebSockets

    Portswigger web security academy:WebSockets 目录 Portswigger web security academy:WebSockets Lab: Mani ...

  10. Portswigger web security academy:Clickjacking (UI redressing)

    Portswigger web security academy:Clickjacking (UI redressing) 目录 Portswigger web security academy:Cl ...

随机推荐

  1. UI_KVC赋值

    使用KVC对person的属性进行赋值 [aperson setValue:@"yadong" forKey:@"name"]; [aperson setVal ...

  2. bzoj1503: [NOI2004]郁闷的出纳员(伸展树)

    1503: [NOI2004]郁闷的出纳员 题目:传送门 题解: 修改操作一共不超过100 直接暴力在伸展树上修改 代码: #include<cstdio> #include<cst ...

  3. 【转】使用Docker+Jenkins自动构建部署

    转载自 https://segmentfault.com/a/1190000012921606 环境 阿里云ESC,宿主机服务器安装Docker,在安全规则中确认8080端口开启. 客户端mac 运行 ...

  4. zset 有序集合

    zadd key score1 value1 score2 value2 .. 添加元素 redis 127.0.0.1:6379> zadd stu 18 lily 19 hmm 20 lil ...

  5. 使用jquery获取ul中当前正在点击的li的索引

    <ul class="list"> <li>哈哈</li> <li>呵呵</li> <li>嘻嘻</l ...

  6. SQL的几个路径

    这个是主数据库文件存放的地方 C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER2014\MSSQL\DATA

  7. Eclipse中切换GIT分支

    切换GIT分支: 右击项目——Team——Switch To——选择你要切换的分支.

  8. 密信(MeSince),将取代传统电子邮件

    电子邮件发展至今已经有几十年的历史,但仍然是最重要的现代互联网应用之一.在全球范围内,每小时发送的非垃圾邮件数量超过30亿封,从工作场景的使用到个人生活,电子邮件都扮演着不可或缺的角色.但是由于明文电 ...

  9. tcpsock for Golang

    前记:本文所述的 tcpsock 库托管在 Github. Golang 中的 net 标准库已对 TCP 网络编程作了简洁(却很不简单)的封装,基本上,可直接通过引用其提供的相关接口开发简易的网络应 ...

  10. elk集群配置配置文件中节点数配多少

    配置elk集群时,遇到,elasticsearch配置文件中的一个配置discovery.zen.minimum_master_nodes: 2.这里是三配的2 看到某一位的解释是这样:为了避免脑裂, ...