Tag:Loophole
-
Time:2021-9-13
The stack is a cloud native one-stop data center PAAS. We have an interesting open source project on GitHub and gitee: flinkx. Remember to point us a star! star! star! Gitee open source project:https://gitee.com/dtstack_dev… GitHub open source project:https://github.com/DTStack/fl… Flinkx is a unified batch stream data synchronization tool based on Flink. It can collect both static […]
-
Time:2021-8-26
Recently, a friend set up a mall and wanted me to test it for him, so I had this article.The official account is sent: AI boy, will get a push for AI learning gift package. Background description “A few days ago, a friend found me through QQ. He said he found my shared” vulnerability scanning […]
-
Time:2021-8-22
Last night, I received an email in my mailbox and automatically ran to the dustbin I felt something wrong at work this morning. I turned it out of the dustbin It looks like a very serious and official notification document. It’s about this long (anyway, I have to get up with the key information) […]
-
Time:2021-8-13
Problems encountered in IE browser remote code execution high risk vulnerability (cve-2019-1367) reinforcement 1、 Background introduction Internet Explorer is a web browser launched by Microsoft. The number of users is huge. On September 23, Microsoft urgently released a security update to fix a Remote Code Execution Vulnerability affecting IE browser. The Google threat analysis team […]
-
Time:2021-8-4
Send you the following java learning materials. There is a way to get them at the end of the text preface SQL injection vulnerability is one of the most common vulnerabilities of web security. In Java, with the use of precompiling and various ORM frameworks, the injection problems are becoming less and less. Novice code […]
-
Time:2021-7-28
Recently, apple, an international mobile phone manufacturer, officially launched its latest vulnerability submission reward plan for developers in all security fields. Apple raised the bonus ceiling from $200000 to $1.5 million. The specific bonus will be determined according to the complexity and severity of the vulnerability exploitation chain. Ivan krsti, head of security engineering and […]
-
Time:2021-7-25
DOM-based vulnerabilities In this section, we will describe what isDOM, explain yesDOMHow does the unsafe handling of data introduce vulnerabilities, and suggestions on how to preventDOMLoopholes. What is DOM Document Object Model(DOM)Document object model is the hierarchical representation of elements on a page by web browser. Websites can be manipulated using JavaScriptDOMNodes and objects, and […]
-
Time:2021-7-21
SQL injection background The full name of SQL is“Structured query language”It is a kind of language between relational algebra and relational calculus. Its functions include query, manipulation, definition and control. It is a universal and powerful relational database standard language. It is a kind of query language developed by St. Joseph research experiment of IBM […]
-
Time:2021-7-14
Insecure deserialization In this section, we will introduce what is insecure deserialization and describe how it can expose a website to high-risk attacks. We will focus on typical scenarios and demonstrate some concrete examples of PHP, ruby, and Java deserialization. Finally, we will introduce some methods to avoid unsafe deserialization vulnerabilities. It is often difficult […]
-
Time:2021-7-13
Nguyen Jan, an independent security researcher in Vietnam, released a functional “proof of concept public vulnerability” exploit program for a group of vulnerabilities called proxylogon in Microsoft Exchange server. That is to say, he released the code that can be used by hackers to attack Microsoft customers on Microsoft’s open source platform. Although the code […]
-
Time:2021-7-12
HTTP request smuggling In this section, we will explain what HTTP request smuggling is and describe how common request smuggling vulnerabilities are created. What is HTTP request smuggling HTTP request smuggling is a technology that interferes with the processing of multiple HTTP request sequences. Request smuggling vulnerability is very harmful, it allows attackers to bypass […]
-
Time:2021-7-2
Click to get “C and C + + security coding” PDF e-book, extraction code: uj6d content validity · · · · · · “C and C + + secure coding” is a book about C and C + + secure coding《 C and C + + security coding introduces the dangerous and destructive basic programming errors in C and C […]
