此文转载 XXE VALID USE CASE This is a nonmalicious example of how external entities are used: <?xml version="1.0" standalone="no" ?> <!DOCTYPE copyright [ <!ELEMENT copyright (#PCDATA)> <!ENTITY c SYSTEM "http://www.…

Web Application Penetration Testing Local File Inclusion (LFI) Testing Techniques Jan 04, 2017, Version 1.0 Contents What is a Local File Inclusion (LFI) vulnerability? Example of Vulnerable Code Identifying LFI Vulnerabilities within Web Application…

Testing the performance of web application is easy . It's easy to design unrealistic scenario . Easy to collect and measure the performance data. And ,even if you manage to design a sound scenario and collect the right data. It's easy to use the worn…

SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(usernames, passwords ..etc.) Web application reads, updates and inserts data in the database. Interaction with DB done using SQL. WHY ARE THEY SO DANGEROUS…

How to hack a website? An application installed on a computer. ->web application pen-testing A computer uses an OS + Other applications -> server-side attacks. Managed by humans -> client-side attacks Target: metastable VM…

WHAT IS A WEBSITE Computer with OS and some servers. Apache, MySQL ...etc. Cotains web application. PHP, Python ...etc. Web application is executed here and not on the client's machine. How to hack a website? An application installed on a computer. -…

相关学习资料 http://www.cnblogs.com/LittleHann/p/3823513.html http://www.cnblogs.com/LittleHann/p/3828927.html http://www.searchsecurity.com.cn/showcontent_56011.htm https://www.owasp.org/index.php/File:OWASP_Testing_Guide_Presentation.zip information syst…

http://www.ivizsecurity.com/blog/penetration-testing/live-cd-penetration-testing-pen/ Yesterday I was researching for some of the other lesser known live CDs for penetration testing.  While I’m an avid user and a fan of backtrack, someone mentioned t…

Adding Sign-On to Your Web Application Using Windows Azure AD 14 out of 19 rated this helpful - Rate this topic This document will show you how to configure a .NET application to perform web single sign-on against your Windows Azure AD enterprise dir…

SYMPTOMS When you browse a Microsoft .NET Framework 2.0 ASP.NET Web application, you may receive one of the following exceptions: Exception 1 Exception type: FileNotFoundException Exception message: Could not load file or assembly 'App_Web_-e9dbmaj,…