随笔分类 -  安全与测试

摘要：授权方式：署名，非商业用途，保持一致，转载时请务必以超链接(http://www.fwolf.com/blog/post/320)的形式标明文章原始出处和作者信息及本声明。什么是HTTP Referer简言之，HTTP Referer是header的一部分，当浏览器向web服务器发送请求的时候，一般会带上Referer，告诉服务器我是从哪个页面链接过来的，服务器籍此可以获得一些信息用于处理。比如从我主页上链接到一个朋友那里，他的服务器就能够从HTTP Referer中统计出每天有多少用户点击我主页上的链接访问他的网站。Referer其实应该是英文单词Referrer，不过拼错的人太多了，所以编 阅读全文

摘要：http://www.ibm.com/developerworks/cn/web/1102_niugang_csrf/简介：CSRF（Cross Site Request Forgery, 跨站域请求伪造）是一种网络的攻击方式，该攻击可以在受害者毫不知情的情况下以受害者名义伪造请求发送给受攻击站点，从而在并未授权的情况下执行在权限保护之下的操作，有很大的危害性。然而，该攻击方式并不为大家所熟知，很多网站都有 CSRF 的安全漏洞。本文首先介绍 CSRF 的基本原理与其危害性，然后就目前常用的几种防御方法进行分析，比较其优劣。最后，本文将以实例展示如何在网站中防御 CSRF 的攻击，并分享一些开 阅读全文

摘要：(1)普通的XSS JavaScript注入(2)IMG标签XSS使用JavaScript命令(3)IMG标签无分号无引号(4)IMG标签大小写不敏感(5)HTML编码(必须有分号)(6)修正缺陷IMG标签">(7)formCharCode标签(计算器)(8)UTF-8的Unicode编码(计算器)(9)7位的UTF-8的Unicode编码是没有分号的(计算器)(10)十六进制编码也是没有分号(计算器)(11)嵌入式标签,将Javascript分开(12)嵌入式编码标签,将Javascript分开(13)嵌入式换行符(14)嵌入式回车(15)嵌入式多行注入JavaScript, 阅读全文

摘要：ByRohit T|July 23rd, 2012http://resources.infosecinstitute.com/ibm-rational-appscan/IBM Rational Appscan is one of the most widely used tools in the arena of web application penetration testing. It is a desktop application which aids security professionals to automate the process of vulnerability as 阅读全文

摘要：http://resources.infosecinstitute.com/appscan-part-2/ByRohit T|August 16th, 2012----------------------------------------------------------------------------------------------------------------------------Thefirst partof this article focused on configuring a scan in Rational Appscan, and as mentioned 阅读全文

摘要：<Hudson-ci‎ |Using Hudson‎ |Installing Hudson(Redirected fromHudson-ci/Installing Hudson RPM)Hudson Continuous Integration ServerWebsiteDownloadCommunityMailing List•Forums•IRCBugzillaOpenHelp WantedBug DayContributeBrowse SourceInstalling Hudson on RedHat, Oracle Enterprise Linux & other RPM 阅读全文

摘要："Install as Windows Service" from the menu:Confirm your intention to install as a service. The installation will place the program files to the directory designated as the slave root directory (from the "configure executors" screen.)Once the installation succeeds, you'll be a 阅读全文

摘要：src:https://developers.google.com/google-apps/sso/saml_reference_implementationSecurity Assertion Markup Language (SAML) is an XML standard that allows secure web domains to exchange user authentication and authorization data. Using SAML, an online service provider can contact a separate online iden 阅读全文

摘要：1. src http://www.muneebahmad.com/index.php/archives/81package com.examples.htmlunit;import java.io.IOException;import java.net.URL;import java.util.List;import com.gargoylesoftware.htmlunit.BrowserVersion;import com.gargoylesoftware.htmlunit.Page;import com.gargoylesoftware.htmlunit.RefreshHandler; 阅读全文