web security
brute force cracking 暴力破解
Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies. Just as a criminal might break into, or "crack" a safe by trying many possible combinations, a brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.
Session fixation
http://www.c-sharpcorner.com/UploadFile/ajyadav123/session-fixation-vulnerability-detection-in-Asp-Net/
https://www.codeproject.com/Articles/210993/Session-Fixation-vulnerability-in-ASP-NET
http://blog.csdn.net/newjueqi/article/details/7548976
https://en.wikipedia.org/wiki/Session_fixation#Countermeasures
https://www.cnblogs.com/luminji/archive/2012/05/30/2511357.html
Improper Session Management
https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management
Cross-site Scripting (XSS) 跨站点脚本攻击
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
http://blog.csdn.net/yefan2222/article/details/7091863
solution
https://github.com/mganss/HtmlSanitizer
OTP flooding attack
http://www.wwpass.com/company/blog/vulnerability-of-one-time-passwords-over-sms
WEB安全扫描器Netsparker推荐给大家
下载链接: http://pan.baidu.com/s/1pJI4gHX 密码: pygm
ASP.NET web application security review: Do's & Don'ts
https://www.codeproject.com/Articles/291562/Asp-net-web-application-Security-Review-Dos-Dont
