Security Testing Tutorial
Security Testing Useful Resources
Selected Reading
- Security Testing - Automation Tools
- Testing Malicious File Execution
- Security Testing - Denial of Service
- Security Testing - Buffer Overflows
- Testing Security - Web Service
- Security Testing - Ajax Security
- Unvalidated Redirects and Forwards
- Components with Vulnerabilities
- Cross Site Request Forgery
- Missing Function Level Access Control
- Testing Sensitive Data Exposure
- Testing Security Misconfiguration
- Insecure Direct Object Reference
- Testing Cross Site Scripting
- Testing Broken Authentication
- Security Testing - Injection
- Hacking Web Applications
- Security Testing - Cookies
- Security Testing - Same Origin Policy
- Security Testing - Cryptography
- Encoding and Decoding
- HTTPS Protocol Basics
- HTTP Protocol Basics
- Security Testing - Malicious Software
- Security Testing - Process
- Security Testing - Overview
- Security Testing - Home
Security Testing Useful Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Security Testing - Same Origin Policy
Security Testing - Same Origin Popcy
萨米血统政策是网络应用安全模式的一个重要概念。
What is Same Origin Popcy?
根据这一政策,它允许从同一地点出发的纸面上运行,这些纸面可以合并如下:
Domain
Protocol
Port
Example
这种行为背后的原因是安全的。 如果您有一个窗口和gmail.com。 在另一个窗口中,当时的DONOT希望有一份文字从试着.com进入或修改电子邮件内容,或代表你在电子邮件范围内采取行动。
下面是同一来源的网页。 如前所述,同一来源考虑领域/protocol/port。
http://website.com
http://website.com/
http://website.com/my/contact.html
下面是不同来源的网页。
http://www.site.co.uk(another domain)
http://site.org (another domain)
https://site.com (another protocol)
http://site.com:8080 (another port)
Same Origin popcy Exceptions for IE
互联网探索者对空间探索组织有两个主要例外。
第一个领域与信任区有关。 如果这两个领域都处于高度信任的地区,那么Same的原产地政策则不能完全适用。
IE的第二个例外涉及港口。 IE没有将港口纳入Same Origin政策,因此,http://website.com和http://wesite.com:4444 从同一来源考虑,不实行限制。