セキュリティ・キャンプ全国大会 2019 開発と運用トラックで提供した講義の資料の一部です。誤りに気がついたら、ぜひ @y0n3uchy あるいは @lmt_swallow にお知らせください。
Cross-site scripting (XSS) cheat sheet This cross-site scripting (XSS) cheat sheet contains many vectors that can help you bypass WAFs and filters. You can select vectors by the event, tag or browser and a proof of concept is included for every vector. You can download a PDF version of the XSS cheat sheet. This is a PortSwigger Research project. Follow us on Twitter to receive updates. Downloaded
CS 253 Web Security Fall 2021 This course is a comprehensive overview of web security. The goal is to build an understanding of the most common web attacks and their countermeasures. Given the pervasive insecurity of the modern web landscape, there is a pressing need for programmers and system designers to improve their understanding of web security issues. We'll be covering the fundamentals as we
Looking for an introduction to Cross-Site Request Forgery (CSRF)? This post will be a little different - instead of telling you what it is, I’m going to show you. Ready? Setting the Scene You’re a responsible, hardworking person. You’ve saved up your money over the years at Definitely Secure Bank®. The Definitely Secure Bank logo. You love Definitely Secure Bank - they’ve always been good to you,
Cross-origin resource sharing (CORS) In this section, we will explain what cross-origin resource sharing (CORS) is, describe some common examples of cross-origin resource sharing based attacks, and discuss how to protect against these attacks. This topic was written in collaboration with PortSwigger Research, who popularized this attack class with the presentation Exploiting CORS misconfigurations
HTTP request smuggling In this section, we'll explain HTTP request smuggling attacks and describe how common request smuggling vulnerabilities can arise. Labs If you're already familiar with HTTP request smuggling and just want to practice on a series of deliberately vulnerable sites, check out the link below for an overview of all labs in this topic. View all HTTP request smuggling labs What is H
Cloudflare tracks and analyzes web performance and security metrics across all of your domains, without impacting site speed or end-user experience. Get actionable insights into the caching of your website for a better cache-hit ratio and further drive down your bandwidth costs. See exactly what resources on your website are cached and what aren’t. Make configuration changes to improve cache-hit r
JSer.info #481 - TypeScript 3.9 Betaがリリースされました。 Announcing TypeScript 3.9 Beta | TypeScript Promise.allの型改善、awaited typeの追加、ビルドパフォーマンスの改善などが行われています。 また// @ts-ignoreのように型チェックを無視するのではなく、Type Errorとなることを期待する// @ts-expect-errorコメントディレクティブの追加が行われています。 その他には、classのGetter/Setterをトランスパイルした際にenumrable: trueとなっているのを、ECMAScript仕様に合わせてenumerable: falseに変更されています。 iOS13.4/iPadOS13.4/macOSでそれぞれSafari 13.1がリリースされ
JWT attacks In this section, we'll look at how design issues and flawed handling of JSON web tokens (JWTs) can leave websites vulnerable to a variety of high-severity attacks. As JWTs are most commonly used in authentication, session management, and access control mechanisms, these vulnerabilities can potentially compromise the entire website and its users. Don't worry if you're not familiar with
JPCERTコーディネーションセンター(Japan Computer Emergency Response Team Coordination Center:JPCERT/CC)は1月5日、「JVNVU#98351146: トレンドマイクロ製 InterScan Web Security シリーズの管理画面用サービスにおける複数の脆弱性」において、トレンドマイクロのWebゲートウェイ向けセキュリティ対策製品「InterScan Web Securityシリーズ」の管理画面用サービスに脆弱性が存在すると伝えた。 対象の脆弱性を悪用されると、攻撃者によって任意のコードやコマンドが実行される危険性があるとされており注意が必要。脆弱性に関する情報は次のページにまとまっている。 アラート/アドバイザリ:InterScan Web Securityシリーズにおける管理画面サービスの複数の脆弱性について
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く