- 博客(45)
- 资源 (2)
- 收藏
- 关注
原创 jboss pentest
http://www.redteam-pentesting.de/en/publications/jboss/-bridging-the-gap-between-the-enterprise-and-you-or-whos-the-jboss-now
2012-03-29 23:00:06 889
原创 solaris 9 下载
http://web.cs.sunyit.edu/network/downloads/OperatingSystems/Solaris/x86/Solaris_9_0904/sol-9-u7-install-x86.ziphttp://www.mmnt.net/db/0/0/ftp.farlep.net/pub/Solaris/new
2012-03-29 11:40:37 3260
原创 近期要购买的书籍
1.IT治理http://product.china-pub.com/198862&ref=browse2.白帽子讲安全http://product.china-pub.com/1991153.SAP实施大全http://product.china-pub.com/194971
2012-03-27 10:29:21 1039
转载 struts2 xsltResult Local code execution vulnerability
the file:http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/xslt/XSLTResult.javaString pathFromRequest = ServletActionContext.getRequest().getParamete
2012-03-26 12:57:10 965
转载 安全设计原则
https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/principles.html
2012-03-24 18:08:23 1582
转载 SAP Direct Browsing URLs for Pentesting
List of SAP HTTP Resources to hack at…/rep/build_info.html/rep/build_info.jsp/run/build_info.html/run/build_info.jsp/rwb/version.html/sap/bc/bsp/esh_os_service/favicon.gif/
2012-03-23 11:05:47 1258
转载 Using SQLMap for Automated Vulnerability Assessment
Vulnerability assessors and code auditors are often faced with situations where a large volume of code needs to be audited quickly to enable a deployment. In these situations large web applications n
2012-03-23 08:55:22 1770
原创 owasp appsec
https://www.owasp.org/index.php/OWASP_AppSec_Research_2010_-_Stockholm,_Swedenhttps://www.owasp.org/index.php/AppSec_Brasil_2009http://vimeo.com/user4863863/videoshttps://www.owasp.org/index.php
2012-03-22 12:56:20 751
转载 setup a fake ap with backtrack5
Recently I needed to setup a fake access point for a presentation, I fired up my Backtrack5 VM, Connected my Alfa AWUS036H USB adapter and started to configure the Fake AP.There are a lot of Tut
2012-03-22 09:00:21 3909
原创 scap
http://web.nvd.nist.gov/view/ncp/repository?page_num=1http://nvd.nist.gov/scapproducts.cfm
2012-03-21 22:37:04 1043
转载 How to Practice Your Web Application Testing Skills
For those who are learning web application security testing (or just trying to stay sharp) it's often difficult to find quality websites to test one's skills. There are a few scattered around the Inte
2012-03-21 10:18:34 923
转载 YEAR OF SECURITY FOR JAVA – WEEK 11 – X-XSS-PROTECTION
What is it and why should I care?X-XSS-Protection is a Microsoft IE technology used to help prevent reflected XSS attacks in IE.Note 1: This is not a “panacea” for XSS. There is no excuse for
2012-03-21 10:18:16 1791
转载 A New Venn Of Access Control For The API Economy
Cloud providers and many federated IAM practitioners are excited about OAuth, a new(ish) security technology on the scene. I’ve written about OAuth in Protecting Enterprise APIs With A Light Touch
2012-03-21 10:14:54 1042
转载 Protecting your Web Apps from the Tyranny of Evil with OWASP
http://tv.ssw.com/1492/protecting-your-web-apps-from-the-tyranny-of-evil-with-owasp
2012-03-21 10:12:28 661
转载 T5WTPYAFGP - Encrypt Sensitive Information
At South by Southwest this year, during my talk Defense Against The Dark Arts - ESAPI I covered the "Top 5 Ways To Protect Your Application From Getting Pwnd" [T5WTPYAFGP]. After a couple offline
2012-03-21 10:11:57 1001
转载 Implementing DLP: Deploy
Up until this point we’ve focused on all the preparatory work before you finally turn on the switch and start using your DLP tool in production. While it seems like a lot, in practice (assuming you kn
2012-03-13 09:03:24 801
转载 Top 20 Security Blogs
Veracode’s nomination for “Best Corporate Security Blog” at the 2012 Social Security Bloggers Awards got the Veracode Marketing team thinking about the other great information security blogs we follow
2012-03-13 09:02:17 1106
转载 SQL Injection Cheat Sheet
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
2012-03-12 11:09:08 824
转载 Exploiting hard filtered SQL Injections 3
This is a follow-up post of the first edition of Exploiting hard filtered SQL Injectionsand at the same time a writeup for Campus Party CTF web4. In this post we will have a closer look atgroup_co
2012-03-09 16:21:29 805
转载 DPScan Drupal Security Scanner Tutorial
There are different CMS (content management system) are available like wordpress, Joomla, light CMS and Drupal. Security of each CMS is very important and as a penetration tester point we need to make
2012-03-07 13:13:27 1141
转载 分析能力
这天,新上任的邢县长到小吃摊吃早餐,刚找个板凳坐下,就听炸油条的胡老头一边忙活一边唠叨:“大家吃好喝好哦,城管要来撵摊儿了,起码三天你们捞不着吃咱炸的油条了!” 邢县长心里一惊:省卫生厅领导最近要来视察,昨天下午县里才决定明后两天开展突击整治,这老头儿怎么今天一早就知道了? 哪料这件事还没弄明白,另一件事儿让县长脑袋里的问号更大了。一天,他照例到胡老头这儿吃油条。没想到,老头居
2012-03-06 22:08:43 3070
原创 元谷存储巴士T250 2.5寸USB3.0硬盘盒支持1T 串口SATA硬盘盒3.0
http://detail.tmall.com/item.htm?id=14601884506&wwdialog=bbxxbbmc&prt=1331034541339&prc=1
2012-03-06 19:54:53 1392
转载 從 Github 被 Hack,談 Rails 的安全性( Mass-assignment )
http://blog.xdite.net/posts/2012/03/05/github-hacked-rails-security/
2012-03-06 18:16:01 792
转载 Full Detailed Basic SQL Injection - Zer0PwN
_,.----.. _________________________ ,-:::::::::::+ ________ | .::;;%%%%%%;:::::. | | ,:::%%%-'" "`
2012-03-06 17:44:25 1637
转载 google dark
google dork:"YOUR QUERY GOES HERE" {site:codepad.org OR site:snipt.net OR site:heypasteit.com OR site:slexy.org OR site:codeupload.com OR site:dragbox.org OR site:pastebay.org OR site:ideone.com OR
2012-03-06 17:40:25 744
转载 Testing the Security of Virtual Data Centers
https://community.rapid7.com/community/metasploit/blog/2012/03/05/how-to-own-a-virtual-data-center
2012-03-06 12:51:28 752
转载 骗你不是人 硬盘传输速度提升4倍的方法
2010年04月01日 07:22 IT168网站原创 作者:IT168内存硬盘频道 编辑:林伟明在普通的日子,我们是不会刻意强调内容的真伪,毕竟IT168平时的评测报告是建立在事实的基础上。但今天的情况有点特殊,因为是“愚人节”。为保证下面的内容是真实,我们可以大胆说出承诺——骗你不是人。 【IT168 内存硬盘 评测】如果有人告诉你,同一款移动硬盘的传输速度能有机会提升4倍,你会
2012-03-06 11:51:39 14966
转载 java security week
http://www.jtmelton.com/2012/01/02/year-of-security-for-java-week-1-session-fixation-prevention/
2012-03-05 17:42:49 687
转载 Top Ten Web Hacking Techniques of 2011
https://blog.whitehatsec.com/vote-now-top-ten-web-hacking-techniques-of-2011/Every year the Web security community produces a stunning amount of new hacking techniques published in various white pap
2012-03-05 17:42:11 1158
转载 Penetration Testing : Applications
http://www.dis9.com/penetration-testing-applications.htmlInstalling:1sudo apt-get install nmap nessus openvas-server openvas-clientsudo apt-get install nmap
2012-03-05 16:25:33 3169
转载 Google Privacy Checklist: What to Do Before Google's Privacy Policy Changes on March 1
http://www.pcworld.com/article/250950/google_privacy_checklist_what_to_do_before_googles_privacy_policy_changes_on_march_1.html
2012-03-05 10:37:35 741
转载 Checking For Vulnerabilities in Path Fragments
http://www.acunetix.com/blog/web-security-zone/articles/web-vulnerabilities-path-fragments/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+acunetixwebapplicationsecurityblog+%28Acunetix+We
2012-03-05 10:26:29 1154
转载 php mvc开辟系列教程
http://www.cesclub.com/bw/jishuzhongxin/wangluokaifajishu/2012/0103/19238.html
2012-03-04 09:27:42 551
原创 java集成的构造方法
1. 子类的构造的方程中必须调用基类的构造方法2.子类可以在自己的构造方法中使用super()调用基类的构造方法3.如果子类的构造方法中没有显示的调用基类构造方法,则系统默认调用基类无参数的构造方法4.如果子类的构造方法中既没有显示调用基类构造方法,而基类中又没有无参的构造方法,则编译出错 5. abstract抽象类或者抽象方法,只做定义不做初始化.抽象方法就是被重写的语
2012-03-03 21:28:05 747
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人