Web sec
- 5. 動態 靜態 網站
• 靜態 .html
• 動態 .php .asp .jsp …
Server
Server
程式
我想想…
傳甚麼好呢
DB
- 6. HTTP method
• 常見 GET POST
• 駭客在掃主機常用的 HEAD
• 邪惡的 DELETE /
• 還有一堆髒髒的 method
• 伺服器不一定支援就是了 ╮(╯▽╰)╭
- 9. Top 10
• A1 Injection
• A2 Broken Authentication and Session Management
• A3 Cross-Site Scripting (XSS)
• A4 Insecure Direct Object References
• A5 Security Misconfiguration
• A6 Sensitive Data Exposure
• A7 Missing Function Level Access Control
• A8 Cross-Site Request Forgery (CSRF)
• A9 Using Components with Known Vulnerabilities
• A10 Unvalidated Redirects and Forwards