Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Browsing all 12749 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

Threat Hunting When the Perimeter is Vague

Written by: Amiram Cohen Are Domains Malicious? The most basic capability of malware is the ability to communicate. Most malware will use the DNS protocol to enable robust communication. Typical...

View Article



Image may be NSFW.
Clik here to view.

Automated Dashboard with various correlation visualizations in R

(This article was first published on R Programming DataScience+ , and kindly contributed toR-bloggers) Categories Programming Tags Correlation Data Visualisation R Programming In this article, you...

View Article

Image may be NSFW.
Clik here to view.

First major Kubernetes flaw enables hackers to access backend servers undetected

A Google team first designed the Kubernetes tool, which now is managed by the nonprofit Cloud Native Computing Foundation. (Wikimedia Commons) Share Written byJeff Stone Dec 5, 2018 | CYBERSCOOP...

View Article

Image may be NSFW.
Clik here to view.

汽车系统如何变得更安全?QNX 说要做到这七点

我们不得不承认一个事实,当汽车越来越智能的时候,随之而来的风险也越来越大。 这不是一个耸人听闻的说法。早在前几年,菲亚特克莱斯勒就由于车机被黑客入侵后远程遥控而进行了大规模召回,更不用说因为「网红效应」而被各种破解的特斯拉,以及系统不稳定经常出现「死机」的新晋网红蔚来 ES8。总之,一旦汽车软件出现问题,那么就会对驾驶安全带来很大的隐患。...

View Article

Rob Allen: Migrating to password_verify

In a new post to his site, Rob Allen walks through the process of migrating an older site to use the password hashing functions in php instead of the previous custom implementation. I’ve recently been...

View Article


Image may be NSFW.
Clik here to view.

Veracode 2018软件安全报告:绝大多数漏洞修复周期超过1个月

近期,Veracode 公司发布《2018年软件安全报告(第9版)》,主要内容如下: 一、概述 报告数据来自真实存在的应用程序,对2万多亿行代码进行了70万次扫描。扫描时间为期一年(2017年4月1日至2018年3月31日)。 遵循行业最佳实践 首次扫描的 OWASP Top 10 合规通过率连续三年下降,将至22.5%。...

View Article

Image may be NSFW.
Clik here to view.

感性认识JWT

好久没写博客了,因为最近公司要求我学 spring cloud ,早点将以前软件迁移到新的架构上。所以我那个拼命的学呐,总是图快,很多关键的笔记没有做好记录,现在又遗忘了很多关键的技术点,极其罪恶! 现在想一想,还是踏踏实实的走比较好。这不,今天我冒了个泡,来补一补前面我所学所忘的知识点。 想要解锁更多新姿势?请访问我的博客。 常见的认证机制 今天我么聊一聊JWT。...

View Article

Image may be NSFW.
Clik here to view.

大学生网络安全能力大赛正式启动报名!

活动简介 大学生网络安全能力大赛,是面向国内知名网络安全专业院校学生及爱好互联网安全的青年展开的奖学金大赛。旨在提升高校IT人才对网络安全的重视度,吸引更多的优秀人才进入这一重要的领域,维护国家和人民的利益。 大赛将通过专业的评审团评选出符合大赛标准的优秀作品及人才,并向互联网安全行业输送优质的新安全人才,实现大学生的安全梦。 活动时间 比赛时间:2018年12月3号-2019年2月22号...

View Article


Delphi Indy “SSL routines:SSL23_GET_CLIENT_HELLO:http request” means you ge ...

Delphi Indy “SSL routines:SSL23_GET_CLIENT_HELLO:http request” means you get an http request, but expecting an httpsrequest Posted by jpluimers on 2018/12/05 A client got this with Delphi Indy “SSL...

View Article


Off-The-Shelf Hacker: Adding MQTT and Cron to the Lawn Sprinkler Project

This week we’ll continue our journey on building an automated sprinkler system . The project highlights key design and implementation concepts that off-the-shelf hackers will face in the systems they...

View Article

Image may be NSFW.
Clik here to view.

The silent CVE in the heart of Kubernetes apiserver

Dec 5, 2018 by Abraham Ingersoll What’s the big fuss over the latest Kubernetes apiserver vulnerability? Early on Monday December 3rd, a boulder splashed into the placidly silent Kubernetes security...

View Article

Image may be NSFW.
Clik here to view.

Reflections on being an indie hacker

Introduction My name is Tigran and by definition, I’m probably a half-indie hacker. Why half you may ask? Because I’m a full-time software engineer at Buffer but at the same time I build an online...

View Article

Image may be NSFW.
Clik here to view.

BUF早餐铺 | 国家级网络攻击行动利用Adobe Flash 0day漏洞;英国电信将剥离华为4G设备 ...

各位 Buffer 早上好,今天是 2018 年 12 月 6 日星期四,农历十月二十九。今天的早餐铺内容有: 研究人员发现使用Adobe Flash 0day漏洞的国家级网 络攻击行动; 研究人员发现新的类 Spectre 攻击 SplitSpectre; 谷歌修复安卓系统中11个严重RCE漏洞; 美国共和党众议院全国委员会调查邮件泄露事件 ; 国电信将剥离华为4G设备并禁止其竞标核心5G设备;...

View Article


Image may be NSFW.
Clik here to view.

Flash 0day + Hacking Team远控:利用最新Flash 0day漏洞的攻击活动与关联分析

背景 360威胁情报中心在2018年11月29日捕获到两例使用Flash 0day漏洞配合微软Office Word文档发起的APT攻击案例,攻击目标疑似乌克兰。这是360威胁情报中心本年度第二次发现在野0day漏洞攻击。攻击者将包含Flash...

View Article

Image may be NSFW.
Clik here to view.

Google to Amazon: We’ll See Your Security Hub and Raise You a Command Centre

Add to favorites Google Cloud releases new centralised security database Dominant cloud provider Amazon Web Services (AWS)’s launch of the AWS Security Hub was among its headline announcements at last...

View Article


3 Ways CISOs Can Boost Their Credibility Within the Enterprise

Security Boulevard Exclusive Series: What I Learned About Being a CISO After I Stopped Being a CISO In this series we’re talking with former CISOs to collect the lessons they’ve learned about the job...

View Article

Is A Cybersecurity Degree Worth It?

Ready to learn Cybersecurity?Browse courseslike Cyber Security for the IoT developed by industry thought leaders and Experfy in Harvard Innovation Lab. Now that we have solidly entered the Information...

View Article


6 Ways to Improve Your Security Posture Using Critical Security Controls

As we near the end of 2018, technology professionals and businesses alike are looking back on the last 12 months and evaluating highs and lows. For businesses, this can be an essential step when it...

View Article

Image may be NSFW.
Clik here to view.

A hierarchy of data security controls

For most enterprise IT security professionals, there are some common reasons that we need to protect a given data set. For the most part, they fall into a few easy categories: Meeting a compliance or...

View Article

Image may be NSFW.
Clik here to view.

GUEST ESSAY: 5 security steps all companies should adopt from the...

The United States Intelligence Community , or IC, is a federation of 16 separate U.S. intelligence agencies, plus a 17th administrative office. The IC gathers, stores and processes large amounts of...

View Article
Browsing all 12749 articles
Browse latest View live


click here for Latest and Popular articles on Mesothelioma and Asbestos


Latest Images