摘抄——OWASP_Code_Review_Guide-V1_1 (1)

最新推荐文章于 2022-03-16 13:24:46 发布

u013224189

最新推荐文章于 2022-03-16 13:24:46 发布

阅读量796

点赞数

分类专栏： web安全文章标签： web安全

web安全专栏收录该内容

21 篇文章 0 订阅

订阅专栏

                    
                        
                    
                    不信任的数据来源 
HTTP REQUEST STRINGS 
request.accepttypes
request.browser
request.files
request.headers
request.httpmethod
request.item
request.querystring
request.form 
request.cookies
request.certificate
request.rawurl
request.servervariables
request.url
request.urlreferrer
request.useragent
request.userlanguages
request.IsSecureConnection
request.TotalBytes
request.BinaryRead
InputStream
HiddenField.Value
TextBox.Text
recordSet 
 
HTML OUTPUT 
response.write
<% =
HttpUtility
HtmlEncode
UrlEncode
innerText
innerHTML
 
INPUT AND OUTPUT STREAMS 
Java.io
java.util.zip
java.util.jar
FileInputStream
ObjectInputStream
FilterInputStream
PipedInputStream - 
SequenceInputStream
StringBufferInputStream
BufferedReader
ByteArrayInputStream
CharArrayReader
File
ObjectInputStream
PipedInputStream
StreamTokenizer
getResourceAsStream
java.io.FileReader
java.io.FileWriter
java.io.RandomAccessFile
java.io.File
java.io.FileOutputStream
mkdir
renameTo
 
SERVLETS 
javax.servlet.*
getParameterNames
getParameterValues
getParameter
getParameterMap
getScheme
getProtocol
getContentType
getServerName
getRemoteAddr
getRemoteHost
getRealPath
getLocalName
getAttribute
getAttributeNames
getLocalAddr
getAuthType
getRemoteUser
getCookies
isSecure
HttpServletRequest
getQueryString
getHeaderNames
getHeaders
getPrincipal
getUserPrincipal
isUserInRole
getInputStream
getOutputStream
getWriter
addCookie
addHeader
setHeader
setAttribute
putValue
javax.servlet.http.Cookie
getName
getPath
getDomain
getComment
getMethod
getPath
getReader
getRealPath
getRequestURI
getRequestURL
getServerName
getValue
getValueNames
getRequestedSessionId
 
CROSS SITE SCRIPTING 
javax.servlet.ServletOutputStream.print
javax.servlet.jsp.JspWriter.print
java.io.PrintWriter.print
 
RESPONSE SPLITTING 
javax.servlet.http.HttpServletResponse.sendRedirect
addHeader, setHeader
 
REDIRECTION 
sendRedirect
setStatus
addHeader, setHeader
 
SQL & DATABASE 
0dbc
executeQuery
select
insert
update
delete
execute
executestatement
createStatement
java.sql.ResultSet.getString
java.sql.ResultSet.getObject
java.sql.Statement.executeUpdate
java.sql.Statement.executeQuery
java.sql.Statement.execute
java.sql.Statement.addBatch 
java.sql.Connection.prepareStatement 
java.sql.Connection.prepareCall
 
SESSION MANAGEMENT 
getSession
invalidate
getId 
 
Ajax and JavaScript 
document.write
eval
document.cookie
window.location
document.URL

                