自定义博客皮肤VIP专享

*博客头图:

格式为PNG、JPG,宽度*高度大于1920*100像素,不超过2MB,主视觉建议放在右侧,请参照线上博客头图

请上传大于1920*100像素的图片!

博客底图:

图片格式为PNG、JPG,不超过1MB,可上下左右平铺至整个背景

栏目图:

图片格式为PNG、JPG,图片宽度*高度为300*38像素,不超过0.5MB

主标题颜色:

RGB颜色,例如:#AFAFAF

Hover:

RGB颜色,例如:#AFAFAF

副标题颜色:

RGB颜色,例如:#AFAFAF

自定义博客皮肤

-+

cnbird's blog

cnbird's blog

  • 博客(35)
  • 资源 (2)
  • 收藏
  • 关注

转载 FCKeditor本地test.html

FCKeditor助手 by jacksfunction BuildBaseUrl( sUrl,command ){if(sUrl.indexOf("http://")return sUrl+document.getElementById('cmbConnector').value +'?Command=' + command +'&Type=' + documen

2012-04-26 10:58:45 1249

转载 Application Security Logging

How to Do Application Logging Right is the best guidance I have come across to date. Co-written byAnton Chuvakin and Gunnar Peterson for the IEEE Security & Privacy Journal, the paper describes the

2012-04-25 16:48:40 869

转载 影子发的渗透测试导图

http://hi.baidu.com/p3rlish/blog/item/51c448399f4c02d33a87cee0.html

2012-04-23 20:47:57 964

转载 XSS Shortening Cheatsheet

In the course of a recent assessment of a web application, I ran into an interesting problem. I found XSS on a page, but the field was limited (yes, on the server side) to 20 characters. Of course I c

2012-04-23 20:27:10 787

转载 PhpMyAdmin setup.php RFI Attacks Detected

SpiderLabs is the corporate sponsor of the WASC Distributed Web Honeypots Project which is an awesome research project to identify automated web attacks.  I was looking in our centralModSecurity A

2012-04-23 20:19:34 1757 1

转载 NfSpy – ID-spoofing NFS Client Tool – Mount NFS Shares Without Account

http://www.darknet.org.uk/2012/04/nfspy-id-spoofing-nfs-client-tool-mount-nfs-shares-without-account/https://github.com/bonsaiviking/NfSpy

2012-04-23 20:15:56 901

转载 McAfee Web Gateway And Squid Proxy 3.1.19 Bypass

http://packetstormsecurity.org/files/111842/McAfee-Web-Gateway-And-Squid-Proxy-3.1.19-Bypass.html# Exploit Title: Proxy URL Filtering Bypass# Date: 13/04/2012# Author: Gabriel Menezes Nunes#

2012-04-18 10:15:09 2711

原创 source conference archive(包括视频)

http://www.sourceconference.com/archive/http://www.irongeek.com/i.php?page=videos%2Fnotacon9%2Fmainlist&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+IrongeeksSecuritySite+%28Irongeek%2

2012-04-18 09:47:17 864

转载 dom xss scanner

http://code.google.com/p/ra2-dom-xss-scanner/downloads/detail?name=ra.two.xpi&can=2&q=

2012-04-18 09:43:53 911

原创 数据库攻防实践与SOX安全审计

http://security.ctocio.com.cn/39/12311539.shtmlhttp://tech.it168.com/a2012/0414/1337/000001337417.shtmlhttp://netsecurity.51cto.com/art/201204/331272.htm

2012-04-17 16:53:59 1025

转载 使用 Spring 2.5 注释驱动的 IoC 功能

http://www.ibm.com/developerworks/cn/java/j-lo-spring25-ioc/

2012-04-17 10:37:34 656

转载 Current O2 support for analyzing Spring MVC

During the past week I spent some time documenting O2's support for Spring MVC apps.There is still quite a lot to do before we can do a proper security analysis of the JPetStore and PetClini

2012-04-17 09:12:48 717

转载 Slide Show: 10 SQL Injection Tools For Database Pwnage

http://www.darkreading.com/galleries/security/news/232900180/slide-show-10-sql-injection-tools-for-database-pwnage.html

2012-04-17 09:06:59 1078

转载 iBatis解决自动防止sql注入

#xxx# 代表xxx是属性值,map里面的key或者是你的pojo对象里面的属性, ibatis会自动在它的外面加上引号,表现在sql语句是这样的where xxx = 'xxx' ;(1)ibatis xml配置:下面的写法只是简单的转义name like '%$name$%' (2) 这时会导致sql注入问题,比如参数name传进一个单引号“'”,生成的sql语句会是:name

2012-04-16 21:57:51 12242 3

转载 Spring+Ibatis集成开发实例

http://blog.csdn.net/daryl715/article/details/1760793 首先简历数据库demo(本文选mysql)数据库脚本: CREATE TABLE `ibatis` (  `id` varchar(20) NOT NULL,  `name` varchar(20) default NULL,  PRIMARY KEY

2012-04-16 11:16:04 1067

转载 ibatis学习(三)---ibatis与spring的整合

http://www.blogjava.net/freeman1984/archive/2007/12/07/166112.html http://www.cnblogs.com/kelin1314/archive/2009/01/05/1369864.html

2012-04-16 10:59:33 806

转载 在分层架构下寻找java web漏洞

【IT168 专稿】 web开发应用程序(网站),是目前应用最广泛的程序。但是开发者的水平参差不齐,导致了各种各样web漏洞的出现。本文站在分层架构的角度,分析一下如何在java web程序中找到可能出现的种种漏洞。    本文讨论的只是web程序上的漏洞,和其它漏洞,是相对独立的。这句话看似废话,实际上却说明了时常被忽略的因素,即:“很多人认为只要我开发web程序没有漏洞,web服务器就

2012-04-16 10:35:03 1022

转载 超强JSP防SQL注入攻击

第一种采用预编译语句集,它内置了处理SQL注入的能力,只要使用它的setString方法传值即可:String sql= "select * from users where username=? and password=?;PreparedStatement preState = conn.prepareStatement(sql);preState.setString(1, us

2012-04-16 10:32:28 5629 2

转载 Oracle数据安全解决方案系列-----Database Vault安装篇

http://space.itpub.net/3704/viewspace-559855http://www.red-database-security.com/wp/installing_oracle_datavault.pdf现在在安全方面谈及比较热的话题是啥,大家搜索下就会发现, SOX, Basel II, HIPAA, J-SOX, GLB, Privacy laws

2012-04-14 14:24:49 3812

转载 sql 2008注入经验

select top 1 oid,name from(select top 1 oid,name from [active].[order] order by oid) t order by oid desc for xml raw select%20top%201%20name%20from(select%20top%201%20name%20from%20[order]%20order

2012-04-12 23:44:24 1385

转载 SQL2005/2008手工注入之批量爆数据for xml path

http://www.cqsec.com/read/SQL2005_2008_Injection_By_Hand_For_XML_Path

2012-04-12 18:25:55 1020

转载 Drupal FCKEditor/CKEditor PHP Execution

http://packetstormsecurity.org/files/111157/Drupal-FCKEditor-CKEditor-PHP-Execution.html

2012-04-10 13:50:26 845

转载 Liferay Java code execution

http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Application_Liferayhttp://www.exploit-db.com/exploits/18715/http://prezi.com/eq54nnaodlzm/berlinsides-0x02-xml-related-hacks/

2012-04-10 11:57:00 844

转载 Snort 2 DCE/RPC preprocessor Buffer Overflow

http://www.exploit-db.com/exploits/18723/

2012-04-10 10:03:53 895

转载 Fusker - A NodeJS Security Framework

http://www.slideshare.net/wearefractal/fusker-a-nodejs-security-framework-8850586http://bishankochher.blogspot.com/2011/12/nodejs-security-good-bad-and-ugly.html

2012-04-09 15:50:06 1807

转载 SQL Injection through HTTP Headers

http://resources.infosecinstitute.com/sql-injection-http-headers/

2012-04-09 09:43:24 584

转载 oracle attack module

https://github.com/carnal0wnage/carnal0wnage-code/tree/master/oraclemodules_public

2012-04-06 14:10:37 650

转载 Http-Only is not secure [testing]

Its been a while since i posted. I've been bogged down with code reviews and training but even when you deliver training you learn something new. This is particularly true when training developers k

2012-04-06 13:40:59 996

原创 automation sdlc

1. construction CWE,CAPEC,CCR2.verification CWE,CWRAF,CWSS,CAPES,CCR3.deployment SCAP,CVE,OVALhttp://measurablesecurity.mitre.org/

2012-04-04 21:58:26 620

转载 expression language injection

http://www.wisec.it/sectou.php?id=4e6e1cae16dc7 https://www.aspectsecurity.com/uploads/downloads/2011/09/ExpressionLanguageInjection.pdf

2012-04-04 16:35:24 2661

原创 simeon和Frank写的书支持一下

Web渗透技术及实战案例解析http://www.phei.com.cn/module/goods/wssd_content.jsp?bookid=31659

2012-04-04 14:22:48 1029

转载 HTML5 Top 10 Threats Stealth Attacks and Silent Exploits

HTML5 is an emerging stack for next generation applications. HTML5 is enhancing browser capabilities and able to execute Rich Internet Applications in the context of modern browser architecture. Int

2012-04-01 14:57:28 970 1

原创 sqlmap gui

This is a awesome sqlmap python gui made by xcedz.To make it work get and install python 2.7 and download the last version of sqlMap-devsvn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap sq

2012-04-01 14:56:53 2121

原创 sql injection

http://code.google.com/p/sqlifuzzer/downloads/detail?name=sqlifuzzer-0.5h.tgz&can=2&q=

2012-04-01 13:53:44 642

转载 OWASP Top 10 Tools and Tactics

http://resources.infosecinstitute.com/owasp-top-10-tools-and-tactics/http://www.techweb.com.cn/news/2011-03-31/1010553.shtml

2012-04-01 13:49:27 798

附件2 金融行业信息系统信息安全等级保护测评指南(报批稿)

附件2 金融行业信息系统信息安全等级保护测评指南(报批稿)

2013-06-21

ISO 27000中文系列

ISO 27000中文系列主要是包括iso 27001 ISO 27002实施指南 iso 27003风险评估指南

2010-07-04

空空如也

TA创建的收藏夹 TA关注的收藏夹

TA关注的人

提示
确定要删除当前文章?
取消 删除