How to prevent XSS attacks in Servlet based web applications
Servlets use jsp as the view template. jsp itself has XSS vulnerabilities. If the Web application is based on Servlet Technology and uses jsp as the view template without introducing any security framework, your application has XSS vulnerabilities.
This paper mainly introduces how to prevent XSS attacks in web applications based on Servlet.
1 ...
Posted by peterj on Sun, 02 Jan 2022 07:31:33 +0100
03 - collect thread safety, lock, Callable, JUC auxiliary classes
catalogue
1. List collection thread safety
2.HashSet set thread safety
3.HashMap collection thread safety
4. Eight questions
5. Fair lock and unfair lock
6. Re entrant lock
7. Deadlock
8.Callable interface
FutureTask
9.JUC auxiliary class
9.1 CountDownLatch decrease count
9.2 CyclicBarrier
9.3 Semaphore semaphore
1. List collec ...
Posted by iluv8250 on Sun, 02 Jan 2022 01:17:17 +0100
Secret secret credentials of Kubernetes(k8s)
What is Secret
The main function of Secret is to keep private data, such as password, OAuth token and ssh key.
Secret is subordinate to the Service Account resource object and a part of the Service Account. A Service Account object can include multiple different secret objects, which are used for authentication activities for different pu ...
Posted by Sonu Kapoor on Sun, 02 Jan 2022 00:15:59 +0100
Basic logic of XSS test bypass
The previous section talked about the closure of XSS, and some articles will confuse the closure with bypass. In my opinion, closing is the basis for meeting the basic syntax requirements of the browser for script execution; Bypassing is a breakthrough means used when the program is equipped with imperfect security measures. So how should this ...
Posted by FourthChapter on Fri, 31 Dec 2021 16:21:58 +0100
Review the permission framework Shiro used 2 years ago
1, Rights Management Overview
Permission management generally refers to that users can access and only access their authorized resources according to the security rules or security policies set by the system. Permission management appears in almost any system, as long as there are users and passwords. Many people often confuse the concepts of ...
Posted by bentobenji on Thu, 30 Dec 2021 12:25:51 +0100
Encryption method: symmetric and asymmetric encryption
catalogue
Symmetric encryption
Asymmetric encryption
Code example
Software applications inevitably need data interaction and storage, especially data transmission through the Internet. In some scenarios, data can be transmitted in clear text; In some scenarios, even if the data is plaintext, it is necessary to avoid data tampering during t ...
Posted by Jene200 on Wed, 29 Dec 2021 02:49:31 +0100
Based on seedubuntu20 04 cross site scripting attack (XSS)
XSS attack is similar to CSRF, but it is more difficult and common than CSRF.
CSRF is to forge a cross site request. He has to cheat others into his well-designed website first, but when an untrusted third-party website jumps, the site will often intimate remind you of the risk of being attacked. But the cross site scripting attack is differen ...
Posted by aruns on Mon, 27 Dec 2021 06:46:23 +0100
Practical analysis and summary of various binary vulnerability principles
This part will make a systematic analysis of common binary vulnerabilities to facilitate the location and identification of what types of vulnerabilities are in the process of vulnerability mining. If you want to do a good job, you must first sharpen its tools.
catalogue
0x01 stack overflow vulnerability principle
0x02 heap overflow vulnerab ...
Posted by groundwar on Sun, 26 Dec 2021 22:42:39 +0100
Privilege level protection basis for code segments (consistent code segments and inconsistent code segments) in the protection mode of privilege level transfer
Learn from Mr. Tang zuolin
refine:
You can jump between code segments (privilege level switching) without using the call gate (jump from low privilege level to high privilege level) and TSS task status segment (jump from high privilege level to low privilege level). What you use is the basis for privilege level protection of code segments in ...
Posted by Sakesaru on Sat, 25 Dec 2021 22:29:56 +0100
WP of the preliminary competition of the third "fifth space" cyber security competition
Preliminary competition of the third "fifth space" cyber security competition
Official account: Th0r security
web
webftp
Sweep path to 1 txt. . Direct access 1 Txt can see the flag, because it is a static target, so it should be put in by other masters. I dare not say and I dare not ask. f1ag{g28F28EPTjRoxM9sNBDtMS3ZPuIPX ...
Posted by pro on Sat, 25 Dec 2021 13:02:16 +0100