Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Browsing all 12749 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

Recreating the NBA lead tracker graphic

(This article was first published on R Statistical Odds & Ends , and kindly contributed toR-bloggers) For each NBA game, nba.com has a really nice graphic which tracks the point differential...

View Article



Image may be NSFW.
Clik here to view.

ThinkPHP5 远程命令执行漏洞分析

前言 Thinkphp官方最近修复了一个严重的远程代码执行漏洞。这个主要漏洞原因是由于框架对控制器名没有进行足够的校验导致在没有开启强制路由的情况下可以构造恶意语句执行远程命令,受影响的版本包括5.0和5.1版本。 测试环境: ThinkPHP 5.1 beta + win10 64bit + wamp 漏洞分析...

View Article

Image may be NSFW.
Clik here to view.

逻辑让我崩溃之越权姿势分享

0×00 写在前面 本文涉及到三种越权思路,每种方式分别对应了一个实际的案例分享。这是自己在平时的测试中积累并值得分享的一些测试经验,可能不能将问题探究到多深入,希望文中的思路能有所用。 0x01 修改返回包的越权 前情提要 “修改返回包”这个越权的应用场景是一个请求使用加密算法加密请求的应用系统,测试过程中几乎所有的请求均加密,返回包为明文,此处可以使用如下案例中的方式进行越权测试。 案例分享...

View Article

Image may be NSFW.
Clik here to view.

RISC-V Will Stop Hackers Dead From Getting Into Your Computer

The greatest hardware hacks of all time were simply the result of finding software keys in memory. The AACS encryption debacle ― the09 F9 key that allowed us to decrypt HD DVDs ― was the result of...

View Article

Threat Stack Introduces Bulk Data Export Feature

One of the biggest benefits of the Threat Stack Cloud Security Platform is the deep level of visibility we bring to observing operator behaviors in customers’ cloud runtime environments. We frame this...

View Article


Image may be NSFW.
Clik here to view.

[Update: Down to $259] Arlo Pro (first-gen) security camera 2-pack on sale...

Keeping a watchful eye on all areas of your home can be hard when power outlets aren't always available. There are battery-powered security cameras to help with that, and the best we've ever tested are...

View Article

Image may be NSFW.
Clik here to view.

Twins on the up

(This article was first published on HighlandR , and kindly contributed toR-bloggers) Are multiple births on the increase? My twin boys turned 5 years old today. Wow, time flies. Life is never dull,...

View Article

Image may be NSFW.
Clik here to view.

What Is SSL Certificate CN (Common Name) and Usage?

Common Name or CN is generally used in SSL Certificates. CN is used to define the server name which will be used for secure SSL connection. Generally this SSL certificate used to secure connection...

View Article


创建自签名 SSL 数字证书以配置开发测试环境站点 HTTPS 访问

1 什么数字证书(Certificate) 数字证书是一种用于电脑的身份识别机制。由数字证书颁发机构(CA)对使用私钥创建的签名请求文件做的签名(盖章),表示 CA 结构对证书持有者的认可。数字证书拥有以下几个优点: 使用数字证书能够提高用户的可信度 数字证书中的公钥,能够与服务端的私钥配对使用,实现数据传输过程中的加密和解密...

View Article


Image may be NSFW.
Clik here to view.

AWS Security Profile (and re:Invent 2018 wrap-up): Eric Docktor, VP of AWS...

We sat down with Eric Docktor to learn more about his 19-year career at Amazon, what’s new with cryptography, and to get his take on this year’s re:Invent conference. (Need a re:Invent recap? Check...

View Article

Image may be NSFW.
Clik here to view.

Dragos Selected as SC Media 2019 SCADA Security Award Finalist

Dragos’ industrial cybersecurity platform provides comprehensive asset identification, threat detection, and response HANOVER, Md. (BUSINESS WIRE) lt;a...

View Article

Image may be NSFW.
Clik here to view.

Agari Recognized as 2019 SC Magazine Awards “Best Email Security Solution”...

Next-Generation Secure Email Cloud Selected for Ability to Detect, Defend against and Deter Advanced Email Attacks FOSTER CITY, Calif. (BUSINESS WIRE) Agari , the next-generation Secure Email Cloud...

View Article

Image may be NSFW.
Clik here to view.

Cylance Narrows the Cybersecurity Skills Gap with Virtual CISO

CISO-in-a-Box Offering Helps Security Executives Meet Industry Standards, Deploy Proven Frameworks, and Adhere to Compliance Regulations IRVINE, Calif. (BUSINESS WIRE) lt;a...

View Article


Image may be NSFW.
Clik here to view.

It’s past time to pay much more attention to API security

Organizations manage 363 APIs, on average. But vulnerable APIs can expose your data to anyone who knows how to ask for it. API security starts with the basics. The original version of this post was...

View Article

Security, Scaling and Power

If anyone has doubts about the slowdown and increasing irrelevance of Moore’s Law, Intel’s official unveiling of its advanced packaging strategy should leave little doubt. Inertia has ended and the...

View Article


Image may be NSFW.
Clik here to view.

Google Beefs Up Android Key Security for Mobile Apps

Changes to how data is encrypted can help developers ward off data leakage and exfiltration. Google is making a few tweaks to its tools for Android mobile developers to boost the security of their...

View Article

Image may be NSFW.
Clik here to view.

Web Fuzz

发现post请求的接口的时候,可以这样试试: <?xml version="1.0"?> <!DOCTYPE a [ <!ENTITY test "THIS IS A STRING!"> ]> <methodCall><methodName>&test;</methodName></methodCall>...

View Article


Image may be NSFW.
Clik here to view.

攻防最前线:通过电力线“搞定”物理隔离计算机

什么是电力线攻击技术? 电力线攻击技术是近些年出现的一种新型跨网络攻击技术。相比于传统的基于声、光、电磁、热等媒介的跨网络攻击技术,这种技术构建了一种新型的电(电流)隐蔽通道,攻击者可以通过交流电源线获取物理隔离网络中的信息,其隐蔽性更强,危害更大。在标准计算机上运行恶意软件,通过调节CPU工作负载在电力线上直接生成寄生信号,然后利用接收器等设备对电力线中的电流进行感知、还原等工作,完成信息窃取。...

View Article

Image may be NSFW.
Clik here to view.

网络钓鱼报告显示,微软、PayPal和Netflix是首要目标

【51CTO.com快译】电子邮件安全提供商Vade Secure跟踪分析了北美25个最常被网络钓鱼攻击冒充欺骗的品牌。在2018年第三季度报告中,共跟踪分析了86个品牌,这些品牌在该公司检测到的所有攻击中占了95%。 总体而言,Vade Secure表示,第三季度网络钓鱼攻击增加了20.4%,头号目标是微软,其次是PayPal、Netflix、美国银行和富国银行。 图1:最受青睐的网络钓鱼目标...

View Article

Image may be NSFW.
Clik here to view.

零信任架构:网络安全新范式

作者:360企业安全集团副总裁 左英男...

View Article
Browsing all 12749 articles
Browse latest View live




Latest Images