Page 52-Safety Programming Tutorials: Learn Safety Online-php.cn

Article Tags

Safety

Home

Technical articles

Operation and Maintenance

Safety

Introduction to Linux local privilege escalation vulnerability

Website security tutorial: This article introduces you to the issues related to Linux local privilege escalation vulnerabilities. It has certain reference value and I hope it can help everyone.

Sep 01, 2020 pm 04:49 PM

linux漏洞

What are the methods of port scanning?

Web server security: Port scanning methods include: 1. nmap detection port; 2. masscan detection port; 3. socket detection port; 4. telnet detection port; 5. nc detection port.

Aug 10, 2020 pm 05:19 PM

端口扫描

What are the three ways of sql injection?

There are three ways of sql injection: 1. Numeric injection; when the input parameter is an integer, there may be a numeric injection vulnerability. 2. Character injection; when the input parameter is a string, a character injection vulnerability may exist. 3. Other types (for example: search injection, cookie injection, POST injection, etc.).

Jul 20, 2020 pm 04:46 PM

sql注入

What does pseudo-random number mean?

Pseudo-random numbers are random number sequences calculated from the "[0,1]" uniform distribution using a deterministic algorithm. Pseudo-random numbers are not truly random numbers, but have statistical characteristics similar to random numbers, such as uniformity, independence, etc. Methods for generating pseudo-random numbers include: 1. Direct method, which is generated based on the physical meaning of the distribution function; 2. Reversal method; 3. Acceptance-rejection method.

Jun 29, 2020 am 10:17 AM

伪随机数

What harm can be caused by file inclusion vulnerabilities?

The possible harms caused by file containing vulnerabilities are: 1. The files of the web server are browsed by the outside world, resulting in information leakage; 2. The script is arbitrarily executed, resulting in the website being tampered with. File inclusion vulnerabilities are a common vulnerability affecting web applications that rely on scripts to run.

Jun 29, 2020 am 09:51 AM

文件包含漏洞危害

What are the methods of SQL injection defense?

SQL injection defense methods include: 1. PreparedStatement; 2. Use regular expressions to filter incoming parameters; 3. String filtering. Among them, using a precompiled statement set is a simple and effective method because it has built-in ability to handle SQL injection.

Jun 29, 2020 am 09:34 AM

sql注入防御

What does sql injection mean?

SQL injection means that the user can submit a database query code and obtain certain data that needs to be known based on the results returned by the program. SQL injection attacks are one of the common means used by hackers to attack databases. We can achieve effective protection through database security protection technology.

Jun 29, 2020 am 09:20 AM

sql注入

What are the CSRF defense methods?

CSRF defense methods include: 1. Verify the HTTP Referer field; 2. Add token to the request address and verify it; 3. Customize attributes in the HTTP header and verify it. CSRF is an attack method that coerces users to perform unintended operations on the web application they are currently logged in to.

Jun 29, 2020 am 09:08 AM

csrf防御方法

What does cross-site request forgery mean?

Cross-site request forgery, often abbreviated as CSRF or XSRF, is an attack method that coerces users to perform unintentional operations on the web application they are currently logged in to. CSRF takes advantage of the website's trust in the user's web browser.

Jun 28, 2020 pm 05:05 PM

跨站请求伪造

What are the xss defense measures?

XSS defense measures: 1. Do not insert untrusted data in allowed locations; 2. Decode HTML before inserting untrusted data into HTML element content; 3. Decode attributes before inserting untrusted data into common HTML attributes; 4. URL decoding before inserting untrusted data into HTML URL attributes.

Jun 28, 2020 pm 04:57 PM

xss防御措施

What are the three major types of cross-site scripting attacks?

There are three major types of cross-site scripting attacks on XSS: 1. Persistent cross-site; 2. Non-persistent cross-site; 3. DOM cross-site. Persistent cross-site is the most direct type of hazard, and the cross-site code is stored on the server; non-persistent cross-site is a reflective cross-site scripting vulnerability, which is the most common type.

Jun 28, 2020 pm 04:48 PM

跨站脚本攻击XSS

What is a cross-site scripting attack?

Cross-site scripting attacks, also known as XSS, refer to exploiting website vulnerabilities to maliciously steal information from users. Cross-site scripting attacks are divided into three categories: 1. Persistent cross-site; 2. Non-persistent cross-site; 3. DOM cross-site. Among them, persistent cross-site is the most direct type of harm.

Jun 28, 2020 pm 04:34 PM

跨站脚本攻击

What is a CSRF attack? How to prevent it?

CSRF attack refers to cross-site request forgery, which means that the attacker performs illegal operations as a legitimate user through site requests. Methods to prevent CSRF attacks: Perform token verification in HTTP requests. If there is no token in the request or the token content is incorrect, it will be considered a CSRF attack and the request will be rejected.

Jun 19, 2020 pm 05:31 PM

CSRF

XSS classification and defense measures

Web server security: XSS is divided into three categories, namely: 1. Reflected XSS; 2. Storage XSS; 3. DOM XSS. XSS defense measures: 1. Filter and escape input and output; 2. Avoid using methods such as eval and new Function to execute strings.

Jun 17, 2020 pm 05:27 PM

XSS防御措施