1.使用一个SQL注入攻击表(Use an SQL Injection Cheat Sheet) SQL注入攻击是一种恶性的行为,SQL注入攻击是一个可以让黑客利用代码的弱点进入你的数据库的安全漏洞。虽然这篇文章不是Mysql相关的,但是很多PHP程序员都是用的Mysql数据库,所以如果你想写安全的代码的话学习如何避免(SQL注入)是很容易...
.htaccess后门 https://github.com/sektioneins/pcc/wiki/PHP-htaccess-injection-cheat-sheet 参考 https://www.91ri.org/838.html
https://owasp.org/www-community/attacks/Command_Injection https://owasp.org/www-community/attacks/Code_Injection https://owasp.org/www-community/attacks/xss/ 避免SQL 注入 SQL 注入发生在查询语句是由连接未转义的字符串生成的场景,比如: $username = $_GET['username']; $sql ="SELECT * FROM user...
Logging needs to record login attempts - ideally both successful and failed - but needs to not capture passwords or other credentials, and logs should be secure against tampering, log injection attacks, indirect XSS (attacking the log viewer), and denial-of-service. Session token generation needs...
Currently the PHPIDS detects all sorts of XSS, SQL Injection, header injection, directory traversal, RFE/LFI, DoS and LDAP attacks. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action ...
SQL injection cheat sheet Oracle PL/SQL Cheat sheet MySQL cheats (Pdf) PostgreSQL cheat sheet Oracle Programming/SQL Cheatsheet Oracle server architecture (Pdf) JavaScript JavaScript cheat sheet jQuery 1.2 cheat sheet (Pdf) jQuery 1.3.2 cheat sheet (Pdf) ...
XML External Entity Injection(XXE) 2019-10-31 14:13 −写在前面 安全测试fortify扫描接口项目代码,暴露出标题XXE的问题, 记录一下。官网链接: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#JAXP_DocumentBuilde... ...
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application - PHPIDS/PHPIDS
JNDI-Injection-Exploit-Plus:修改版JNDI注入工具,支持JINDI、反序列化Payload生成、反序列化包装器 phone_dict:一个实用的特殊手机号字典 IDOR_detect_tool:一款API水平越权漏洞检测工具 URLFinder:类似JSFinder的golang实现,一款用于快速提取检测页面中JS与URL的工具,更快更全更舒服 go_proxy_pool:无环境依赖开箱即用...
SQL Injection Attacks Cross site request forgery XSRF/CSRF Session Hijacking Hide Files from the Browser Securely Upload Files Use SSL Certificates For HTTPs Deploy PHP Apps on Clouds Note: please do not consider it as a complete cheat sheet. There must be better ways and more unique solutions ...