SEARCH KEYWORD -- Security vulnerability


  How to check whether a web page can be loaded in iframe

Sometimes you may want to load other website's page in your own website's iframe, but due to some security concerns, other website may have security configurations which prevent you from loading their pages into your iframe. In this case, if you try to load them, you would see a blank page or a text message telling that it's prohibited. Fortunately, you can detect this before you actually decide to load it. To prevent a page from being loaded by an iframe from other site, the response ...

   HTTP,HTML,IFRAME,SECURITY,X-FRAME-OPTIONS,CONTENT-SECURITY-POLICY     2018-07-27 22:36:02

  Beauty of code : How to write graceful PHP code

Writing good code is an art. In order to achieve this, it is necessary to develop good programming habits at the beginning. Good programming habits not only contributes to the early project design (modular),but also allows you to the code easier to understand, so that the maintenance of the code is easier. Bad programming habits will result in more code bugs, and will make future maintenance work difficult. We introduce some good programming habits taking PHP as example. Hope this will help you....

   PHP,Good code     2012-08-26 12:23:03

  Turn on SecurityManager in Java

SecurityManager in Java is to check whether the application codes can access some restricted resource such as file, socket etc. This can be used in applications which have high security requirements. With this feature turned on, our system resources can be secured with only permitted operations. When JVM starts, it will first check whether the SecurityManager is on by checking the system property java.security.manager, if it's on, then an instance of SecurityManager will be created and it can be...

   SecurityManager,enable,program     2013-12-16 05:03:53

  Some hidden XSS injection vulnerabilities

XSS injection refers to a Web page generates some unexpected executable js codes based on user input  and these executable codes are executed by web browser,i.e, the source code sent to web browser by the server contains some illegal js codes, and these illegal js codes are related to user's input. Common XSS injection vulnerabilities can be fixed with some functions such as htmlspecialchars(escaping HTML special characters) and strip_tags() or similar, but there are some hidden XSS injecti...

   XSS,PHP,Security,Code,JavaScript     2012-08-27 20:32:08

  How does CSDN dare to use plain text as password?

Recently, the China's largest Chinese IT community website named CSDN leaked its user's account information. Later today CSDN made an announcements to its users on their website. The announcement said that some user account information was leaked and the passwords of the accounts were stored as plain text in their database before 2009, and after 2009, they adopted an encryption algorithm to encrypt user password. They urged all users who registered the account before 2009 to change their passwor...

   Security,Information leak,CSDN,Plain text     2011-12-22 09:10:01

  Top 10 Best Free PHP Frameworks of 2015

Like it or not, PHP is still, the most celebrated as well as an influential platform which is widely admired for its brilliant HTML, database integration support, intuitive features, and simple in learning too. Using diverse PHP frameworks, developers can create robust, effective, well- defined and stable web application with an ease and therefore, saving towards development cost is possible.   In essence, these frameworks facilitate scalability and enduring maintenance by obeying developm...

   PHP FRAMWORKS,CAKEPHP,LARAVEL,CODEIGNITER,ZEND ,PHALCONPHP,YII ,FUELPHP,SYMFONY,PHPIXIE,SLIM     2015-10-02 04:56:03

  The Risks of Prioritizing Features Over Security in China's EV Industry

In recent years, China's electric vehicle (EV) industry has seen a surge in innovation and growth. Companies like BYD, NIO, XPeng, and Xiaomi have become household names, not just in China but globally. These companies have been at the forefront of integrating cutting-edge technology into their vehicles, often promoting new features such as autonomous driving, advanced infotainment systems, and seamless connectivity. However, this rapid pace of innovation has raised concerns about whether these...

   SECURITY,CHINA,EV CAR     2024-11-20 01:14:18

  Different types of keystore in Java -- PKCS11

PKCS11 keystore is designed for hardware storage modules(HSM). It's an interface to talk to the HSMs. It doesn't actually store any keys but provide a set of classes to communicate with the underlying HSM. The actual keys and certificates are stored on the HSMs. The reason for storing the keys and materials is to ensure security and efficiency. Since the keys are on the HSMs, they are safe to be stolen. All encryption/decryption operations are performed on the HSMs as well, this incre...

   PKCS11,keystore,HSM,Java     2015-01-08 00:39:12

  Building Security onto Your Mobile Application

Analysts state that more than 75% of the mobile applications will fail the basic security tests in 2015 – Gartner Research. Enterprises that follow the Bring Your Own Device (BYOD) approach and facilitate mobile computing to their employees are susceptible to security threats and other vulnerabilities, unless they implement stringent security measures. In the development or deployment of mobile applications, a business can be severely impacted both financially and otherwise, if they are to...

   Web Application Development Company, iPhone App Development Company     2015-08-21 07:22:32

  Why should we drop or reduce use of MD5?

MD5 is a frequently used one-way hash algorithm, it is commonly used in following situations: Check data integrity. We take hash of the data stored in two different places and compare them. If the hash results are the same, then there is no need to check the actual data. This utilizes the collision-resistant feature. Two different data block will have little chance that their hash values will be the same. Many data service providers use such technique to check repeated data to avoild repeating...

   MD5,Vulnerability,attack     2012-09-29 04:47:49

RECENT