Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Browsing all 12749 articles
Browse latest View live

How AppSec Reduces Unplanned Work

Unplanned work is the enemy of productivity in all aspects of life. Any activity that pops up unexpectedly and eats up your time and resources is a productivity killer. You’ve probably experienced...

View Article



Image may be NSFW.
Clik here to view.

调查:对数据价值的评估错误带来极大风险

信息安全团队常会低估或高估数据资产的真正价值,令安全控制措施排序更加困难。 新调查研究显示,很多信息安全团队因为错误估计企业信息资产的真正价值而削弱了数据可用性与安全性。...

View Article

Image may be NSFW.
Clik here to view.

深入剖析:一场针对法国工业领域的网络钓鱼活动

网络安全公司F-Secure的研究人员在最近观察到了一场针对法国工业领域的网络钓鱼活动,目标涵盖化工制造、航空航天、汽车、银行等领域,以及软件提供商和IT服务提供商。研究人员表示,从2018年10月开始,他们捕获了多封钓鱼电子邮件。从内容和附件来看,它们均采用了相似的模板。 网络钓鱼电子邮件...

View Article

Image may be NSFW.
Clik here to view.

Book Review: Hacking for Dummies 6th Edition

Hacking for Dummies by Kevin Beaver is an information security professional’s introduction to ethical hacking. It is 22 chapters of information ranging from definitions (kept to a minimum) to...

View Article

Image may be NSFW.
Clik here to view.

访谈|一位全球500强企业信息安全官的安全观

国内信息安全水平比较发达的城市,当属北京和上海。两者的信息化普及程度和人员的IT水平均为国内领先,尤其是后者,由于大批跨国企业的存在,其安全市场也更加具有开放竞争的属性。除了网络安全提供商以外,活跃在安全市场上的,是这个市场的另一重要角色信息安全官。近日,安全牛记者走访了一家500强企业的CISO,顾伟。 个人简介: 顾伟,某世界 500...

View Article


Security Think Tank: Prevention and detection key to disrupting malware comms

Attackers use command and control servers to maintain communications with systems that have been compromised within a network that has been targeted. This allows them to “direct” malware that can...

View Article

How to hire for potential: Why transferable skills outrank experience

While working for Hershey as a security officer, Kirlin was given the opportunity to help improve security planning. His data-backed solution, a staffing plan that accounted for historically busy...

View Article

Image may be NSFW.
Clik here to view.

Mint木马变种泛滥,伪装“抖音电脑版”肆虐网络

0×1 前言...

View Article


Image may be NSFW.
Clik here to view.

Spring Security系列之核心过滤器源码分析(四)

文章来源 前面的部分,我们关注了Spring Security是如何完成认证工作的,但是另外一部分核心的内容:过滤器,一直没有提到,我们已经知道Spring Security使用了springSecurityFillterChian作为了安全过滤的入口,这一节主要分析一下这个过滤器链都包含了哪些关键的过滤器,并且各自的使命是什么。 核心过滤器概述 由于过滤器链路中的过滤较多,即使是Spring...

View Article


3 Ways CISOs Can Break Out of the ‘Security as Necessary Evil’ Mentality

Security Boulevard Exclusive Series: What I Learned About Being a CISO After I Stopped Being a CISO In this series we’re talking with former CISOs to collect the lessons they’ve learned about the job...

View Article

Image may be NSFW.
Clik here to view.

API Security Weekly: Issue #9

Vulnerabilities If you are using Kubernetes, you should install a patch for it as soon as possible. There was a huge privilege escalation vulnerability that got fixed this week . The flaw allows...

View Article

Image may be NSFW.
Clik here to view.

金帽子年度评选活动参选名单曝光:大众评审-年度最受关注安全应急响应中心

2018年11月,由公安部第一研究所指导,嘶吼传媒主办的“金帽子”奖年度评选活动正式上线。活动上线后,众多企业和组织纷纷踊跃报名。随着时间的推移,该评选活动也进入到了活动的评选投票阶段。在此,嘶吼再次向大家介绍正在参与评选本届“金帽子奖”的朋友们,今天为大家展示的是年度最受关注安全应急响应中心。...

View Article

Image may be NSFW.
Clik here to view.

人工智能技术有望成为防火墙 助力构建网络安全

目前青少年网络环境情况不容乐观,大量超年龄、过度娱乐、色情、暴力等内容充斥网络,对青少年健康成长造成了巨大的负面影响。 为此,各界正在积极行动,由共青团中央未来网、作业帮等机构和企业发起的全国首份《共建青少年信息安全清朗环境倡议》也因此应运而生。与此同时,不少企业还开始以人工智能技术构筑上网防火墙,营造健康清朗的青少年网络环境。 青少年网络环境不容忽视...

View Article


探讨人工智能与网络安全

当前,越来越多的人工智能产品及应用,正在改变人们的生活,如何保证其便捷与安全兼备?12月11日,2018人工智能与网络安全新技术论坛在重庆举行,20多位来自国内外的专家学者就人工智能发展应用趋势,互联网、物联网中的网络安全等话题进行了深入交流。...

View Article

Image may be NSFW.
Clik here to view.

聚焦2018中国存储与数据峰会 紫晶存储助推行业发展

中国存储与数据峰会从2005年启动至今,已经连续举办了14届。2018年12月11日至12月12日,全面升级的"2018中国存储与数据峰会"在北京国际饭店召开。本次峰会由百易传媒主办,中国计算机学会、武汉国家光电研究中心、SNIA等组织协办,汇集十大主题论坛、两场CIO论坛、近百场专业知识分享。这是鲜少的高水准行业峰会,是存储厂商非常好的技术交流与资源互换的平台。来自IBM、英特尔、华为、浪潮、紫光...

View Article


Midsized Businesses Need Enterprise-Sized Security

Though cybersecurity is not a one-size-fits-all proposition, it is also not accurate to say that smaller companies need smaller security. Osterman Research surveyed 900 security pros worldwide and...

View Article

Image may be NSFW.
Clik here to view.

Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)

Executive summary In October 2018, our AEP (Automatic Exploit Prevention) systems detected an attempt to exploit a vulnerability in the Microsoft windows operating system. Further analysis led us to...

View Article


Image may be NSFW.
Clik here to view.

Taking notes with Standard Notes

Online note-taking tools seem to have bloomed like 100 flowers . The tallest ones in that garden are usually proprietary, closed source applications like Evernote, Zoho Notebook, Google Keep, and...

View Article

Blog Review: Dec. 12

Mentor’s Harry Foster checks out how much time and effort is spent on verification of FPGAs and points to the increasing demand for verification engineers. Cadence’s Paul McLellan digs into IC...

View Article

Image may be NSFW.
Clik here to view.

ThinkPHP5 远程代码执行漏洞分析

作者:启明星辰ADLab 公众号: ADLab 漏洞介绍 2018年12月9日,Thinkphp团队发布了一个补丁更新,修复了一处由于路由解析缺陷导致的代码执行漏洞。该漏洞危害程度非常高,默认环境配置即可导致远程代码执行。经过启明星辰ADLab安全研究员对ThinkPHP的56个小版本的源码分析和验证,确定具体受影响的版本为: ThinkPHP 5.0.5-5.0.22 ThinkPHP...

View Article
Browsing all 12749 articles
Browse latest View live