brute force cracking   暴力破解

Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies. Just as a criminal might break into, or "crack" a safe by trying many possible combinations, a brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.

Session fixation

http://www.c-sharpcorner.com/UploadFile/ajyadav123/session-fixation-vulnerability-detection-in-Asp-Net/
https://www.codeproject.com/Articles/210993/Session-Fixation-vulnerability-in-ASP-NET

http://blog.csdn.net/newjueqi/article/details/7548976

https://en.wikipedia.org/wiki/Session_fixation#Countermeasures

https://www.cnblogs.com/luminji/archive/2012/05/30/2511357.html

Improper Session Management

https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management

Cross-site Scripting (XSS)  跨站点脚本攻击

https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

http://blog.csdn.net/yefan2222/article/details/7091863

solution

https://github.com/mganss/HtmlSanitizer

OTP flooding attack  One-time passwords  短信动态验证码

http://www.wwpass.com/company/blog/vulnerability-of-one-time-passwords-over-sms

WEB安全扫描器Netsparker推荐给大家

下载链接: http://pan.baidu.com/s/1pJI4gHX 密码: pygm

ASP.NET web application security review: Do's & Don'ts

https://www.codeproject.com/Articles/291562/Asp-net-web-application-Security-Review-Dos-Dont

web security的更多相关文章

  1. SPRING SECURITY JAVA配置:Web Security

    在前一篇,我已经介绍了Spring Security Java配置,也概括的介绍了一下这个项目方方面面.在这篇文章中,我们来看一看一个简单的基于web security配置的例子.之后我们再来作更多的 ...

  2. System.Web.Security 在winform中是什么命名空间呢

    des.Key = ASCIIEncoding.ASCII.GetBytes(System.Web.Security.FormsAuthentication.HashPasswordForStorin ...

  3. System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(string, string)已过时的解决办法

    FormsAuthentication.HashPasswordForStoringInConfigFile 方法是一个在.NET 4.5中已经废弃不用的API,参见: https://msdn.mi ...

  4. Talk In Web Security(安全世界观): Devleping a Secure WebSite

    Writer:BYSocket(泥沙砖瓦浆木匠) 微博:BYSocket 豆瓣:BYSocket Reprint it anywhere u want. Why to write about Web ...

  5. ref:web security最新学习资料收集

    ref:https://chybeta.github.io/2017/08/19/Web-Security-Learning/ ref:https://github.com/CHYbeta/Web-S ...

  6. 『转』Dr.Web Security Space 8 – 免费3个月

    简短的测试五个问题,任意回答问题,都将获得Dr.Web Security Suite 3个月免费许可证以及大蜘蛛企业安全套件2个月来保护整个公司!活动地址:https://www.drweb.com/ ...

  7. [Security] Web Security Essentials

    In this course, we'll learn how to exploit and then mitigate several common Web Security Vulnerabili ...

  8. web hack & web security

    web hack & web security https://www.hacksplaining.com/lessons https://www.hacksplaining.com/ OK ...

  9. Portswigger web security academy:WebSockets

    Portswigger web security academy:WebSockets 目录 Portswigger web security academy:WebSockets Lab: Mani ...

  10. Portswigger web security academy:Clickjacking (UI redressing)

    Portswigger web security academy:Clickjacking (UI redressing) 目录 Portswigger web security academy:Cl ...

随机推荐

  1. Java之旅--Web.xml解析

    Windows的IIS,是用UI界面进行网站的配置.Linux以下的差点儿全部系统,都是使用配置文件来进行配置,Java容器(JBoss/Tomcat/Jetty/WebSphere/WebLogic ...

  2. Android之弹出菜单框【注冊上下文菜单】

    注冊上下文菜单:(长按弹出一个菜单) 第一种创建方法(与长按事件结合): public class MainActivity extends Activity { private TextView u ...

  3. 三种数据库日期转字符串对照sql server、oracle、mysql(V4.11)

    三种数据库日期转换对照: http://blog.csdn.net/zljjava/article/details/17552741 SQL类型转换函数:cast(type1 as type2) 数据 ...

  4. web前端简单布局

    jquery实现的计算器

  5. POJ 1155 树形DP

    题意:电视台发送信号给很多用户,每个用户有愿意出的钱,电视台经过的路线都有一定费用,求电视台不损失的情况下最多给多少用户发送信号. 转自:http://www.cnblogs.com/andre050 ...

  6. HDU 1203 I NEED A OFFER!【01背包】

    解题思路:攒下的钱n相当于包的容量,然后是m个学校的申请费用,申请费用相当于每一个物品的消耗,得到offer的概率相当于每一个物品的价值. 因为要求的是至少得到一份0ffer的概率的最大概率,可以转化 ...

  7. Kattis -I Can Guess the Data Structure!

    I Can Guess the Data Structure! There is a bag-like data structure, supporting two operations: 1 x1  ...

  8. Codeforces Round #493 (Div. 2) A. Balloons 贪心水题

    由于是输出任意一组解,可以将价值从小到大进行排序,第一个人只选第一个,第二个人选其余的.再比较一下第一个人选的元素和第二个人所选元素和是否相等即可.由于已将所有元素价值从小到大排过序,这样可以保证在有 ...

  9. 区间dp+四边形不等式优化

    区间dp+四边形优化 luogu:p2858 题意 给出一列数 \(v_i\),每天只能取两端的数,第 j 天取数价值为\(v_i \times j\),最大价值?? 转移方程 dp[i][j] :n ...

  10. 多个账号GitHub账号配置

    1.vi config 重复以上步骤就行 然后#注释下  是个人账号还是公司用的账号 mv id_rsa   id_rsa_qq   做下区别,防止冲突 ,别忘了,路径也要改下 mv   id_rsa ...