Security Testing Tutorial
Security Testing Useful Resources
Selected Reading
- Security Testing - Automation Tools
- Testing Malicious File Execution
- Security Testing - Denial of Service
- Security Testing - Buffer Overflows
- Testing Security - Web Service
- Security Testing - Ajax Security
- Unvalidated Redirects and Forwards
- Components with Vulnerabilities
- Cross Site Request Forgery
- Missing Function Level Access Control
- Testing Sensitive Data Exposure
- Testing Security Misconfiguration
- Insecure Direct Object Reference
- Testing Cross Site Scripting
- Testing Broken Authentication
- Security Testing - Injection
- Hacking Web Applications
- Security Testing - Cookies
- Security Testing - Same Origin Policy
- Security Testing - Cryptography
- Encoding and Decoding
- HTTPS Protocol Basics
- HTTP Protocol Basics
- Security Testing - Malicious Software
- Security Testing - Process
- Security Testing - Overview
- Security Testing - Home
Security Testing Useful Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Components with Vulnerabilities
Components with Vulnerabipties
这种威胁发生时,诸如图书馆和应用程序等构成部分几乎总是以完全的特权执行。 如果利用弱势部分,则使黑客的工作更容易造成严重数据损失或服务器占用。
让我们在简单图表的帮助下理解这一缺陷的威胁代理人、攻击者、安全弱点、技术影响和商业影响。
Example
以下实例是使用已知脆弱性的部件:
攻击者不能提供象征性身份,即可在完全许可的情况下援引任何网络服务。
借助于 Java的春天框架,采用带有语言注射脆弱性的遥控编码。
Preventive Mechanisms
不仅仅限于数据库/框架,还查明网络应用中正在使用的所有组成部分和版本。
更新公共数据库、项目邮寄名单等所有组成部分。
添加安全包裹,内容是脆弱的。