Page 55-Safety Programming Tutorials: Learn Safety Online-php.cn

Article Tags

Safety

Home

Technical articles

Operation and Maintenance

Safety

XSS attack principles and protection

XSS (Cross Site Scripting), also known as CSS, is a common method in Web attacks. Through this attack, the user terminal can be controlled to perform a series of malicious operations, such as stealing, tampering, and adding user data. Or lead to phishing websites, etc.

Nov 30, 2019 pm 02:27 PM

xss跨站脚本攻击

How to obtain credit card data using Bluetooth

This article is recommended by the web server security column. Students in need should read it carefully. This article demonstrates how to use Bluetooth to obtain credit card data from FUZE. FUZE is an IoT device the same size as an ordinary credit card. You can use a smartphone App to program the FUZE card through Bluetooth.

Nov 29, 2019 pm 05:47 PM

蓝牙信用卡数据

Common web security interview questions (share)

Background When I went out for interviews before, I was often asked some security questions. Security involves a huge field, and I only have a superficial understanding of it. I have to find information to review before every interview, which is very troublesome. So I systematically sorted it out based on some of the information I collected before and my interview experience. I hope it will be helpful to everyone. Text: First, we briefly introduce several common attack methods: SQL injection, XSS, CSRF, click hijacking, man-in-the-middle attack...

Nov 29, 2019 pm 05:37 PM

web安全面试

Detailed explanation of the five-layer protocol of the network

Computer network five-layer protocol: 1. Application layer (HTTP, SMTP, FTP, ping, telnet, DNS, DHCP); 2. Transport layer (TCP, UDP); 3. Network layer (IP, ICMP); 4. Data link Road layer (ARP, RARP); 5. Physical layer.

Nov 29, 2019 pm 04:54 PM

协议网络

Detailed explanation of TCP's three-way handshake and four-way wave

TCP is a protocol for connection-oriented, reliable process-to-process communication; TCP provides full-duplex service, that is, data can be transmitted in both directions at the same time.

Nov 29, 2019 pm 04:43 PM

TCP

Detailed explanation of HTTP protocol

The http (Hypertext Transfer) protocol is the most widely used network protocol on the Internet. It is mainly used for Web services and is implemented by computers processing text information in the format of HTML (Hypertext Markup Language).

Nov 29, 2019 am 10:08 AM

HTTP协议

Detailed introduction to penetration testing and vulnerability scanning

This article introduces penetration testing and vulnerability scanning from the web server security column, hoping to help everyone understand it better. Penetration testing is an assessment method that evaluates the security of computer network systems by simulating the attack methods of malicious hackers.

Nov 28, 2019 pm 05:53 PM

渗透测试漏洞扫描

Detailed introduction to data storage security of DSMM

Below, the web server security tutorial column will introduce the data storage security of DSMM to everyone. I hope it will be helpful to everyone. Data storage security is part of data center security and organizational security. This process includes three process areas: storage media security, logical storage security, and data backup and recovery.

Nov 28, 2019 pm 05:19 PM

DSMM数据存储安全

Why HTTPS is more secure than HTTP

HTTP (Hypertext Transfer Protocol) is currently the most widely used protocol on the Internet. As people's awareness of network security increases, HTTPS is increasingly adopted. Whether we are visiting some shopping websites, or logging into some blogs, forums, etc., we are all protected by HTTPS.

Nov 28, 2019 pm 03:52 PM

httpshttp安全

How to perform security analysis on web logs

This article is recommended by the web security tutorial. Everyone is welcome to communicate and discuss. 0x02 Log analysis skills: Determine the time range of the intrusion, use this as a clue to find suspicious logs within this time range, conduct further investigation, and finally identify the attacker and restore the attack process.

Nov 27, 2019 pm 06:05 PM

web日志安全分析

How to fix remote command execution vulnerability in Apache axis component

This article is recommended by the web server security column. Everyone is welcome to come to this column to learn together. The essence of the remote command execution vulnerability in the "Apache axis" component is that the administrator configures the AdminService incorrectly, which can be repaired by disabling the axis remote management function.

Nov 27, 2019 pm 05:41 PM

修复apache远程命令执行漏洞

Safe Development Practice Principles

This article introduces the practical principles of security development to everyone in the web security tutorial column. Everyone is welcome to discuss and learn. Security development practice principles: 1. Security training; 2. Security application development; 3. “Security+DevOps=DevSecOps”; 4. Application security testing; 5. Continuous monitoring and analysis.

Nov 26, 2019 pm 05:59 PM

安全开发实践原则

Three process injection techniques in Miter ATT&CK matrix

Below, the web server security column will introduce three process injection techniques in the "Mitre ATT&CK" matrix. I hope it can help you. Three process injection techniques: classic process injection, "Process Hollowing" and "Process Doppelgänging".

Nov 26, 2019 am 10:02 AM

Mitre ATT&CK矩阵进程注入

Summary of 40 commonly used intrusion ports for hackers worth collecting

Commonly used ports used by hackers: 1. Port 21 penetration analysis; 2. Port 22 penetration analysis; 3. Port 23 penetration analysis; 4. 25 and 465 ports penetration analysis; 5. 53 ports penetration analysis.

Nov 23, 2019 pm 05:17 PM

渗透基础黑客常用端口