SEARCH KEYWORD -- Web security
8 very useful and free web security testing tools
With more pervasive of web applications, web security threats are becoming increasingly prominent. Hackers gain web server control by exploiting web server vulnerabilities and SQL injection vulnerabilities, then they may tamper with web content, or steal important internal data, the more serious is to inject malicious code into web pages to affect visitors of websites. Attention is gradually warming up to Web Application Security. Here we recommend eight very useful and free web security testing...
Website, security,Web security,Attack 2012-07-22 10:59:09
How does CSDN dare to use plain text as password?
Recently, the China's largest Chinese IT community website named CSDN leaked its user's account information. Later today CSDN made an announcements to its users on their website. The announcement said that some user account information was leaked and the passwords of the accounts were stored as plain text in their database before 2009, and after 2009, they adopted an encryption algorithm to encrypt user password. They urged all users who registered the account before 2009 to change their passwor...
Security,Information leak,CSDN,Plain text 2011-12-22 09:10:01
How to check whether a web page can be loaded in iframe
Sometimes you may want to load other website's page in your own website's iframe, but due to some security concerns, other website may have security configurations which prevent you from loading their pages into your iframe. In this case, if you try to load them, you would see a blank page or a text message telling that it's prohibited. Fortunately, you can detect this before you actually decide to load it. To prevent a page from being loaded by an iframe from other site, the response ...
HTTP,HTML,IFRAME,SECURITY,X-FRAME-OPTIONS,CONTENT-SECURITY-POLICY 2018-07-27 22:36:02
Oracle released an urgent Java patch
On March 23, Oracle just released an urgent Java patch which is out of its normal update schedule. The security vulnerability is related to the Java SE running in web browsers on desktops. The CVE ID for this issue is CVE-2016-0636. With the unpatched Java, attackers can remotely exploit the target system without username and credentials. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. When the user access pages containing malicious code...
Severe SSL 3.0 vulnerability to be released
According to The Register, another severe security vulnerability has been found in the widely used SSL v3 protocol. Until now, it's still in patch phase and the details of this vulnerability is expected to be released today. There are a few widely impacted security vulnerabilities revealed this year and they bring people's attention to the long existing security concerns. Previously, we have seen the HeartBleed issue and also the recently ShellShock issue. Both of them occur in popular libraries...
SSL,Security vulnerability, The Register 2014-10-14 22:22:39
Building Security onto Your Mobile Application
Analysts state that more than 75% of the mobile applications will fail the basic security tests in 2015 – Gartner Research. Enterprises that follow the Bring Your Own Device (BYOD) approach and facilitate mobile computing to their employees are susceptible to security threats and other vulnerabilities, unless they implement stringent security measures. In the development or deployment of mobile applications, a business can be severely impacted both financially and otherwise, if they are to...
Web Application Development Company, iPhone App Development Company 2015-08-21 07:22:32
Turn on SecurityManager in Java
SecurityManager in Java is to check whether the application codes can access some restricted resource such as file, socket etc. This can be used in applications which have high security requirements. With this feature turned on, our system resources can be secured with only permitted operations. When JVM starts, it will first check whether the SecurityManager is on by checking the system property java.security.manager, if it's on, then an instance of SecurityManager will be created and it can be...
SecurityManager,enable,program 2013-12-16 05:03:53
25 worst passwords in 2012
Weak password is a serious security vulnerability, but the majority of network users still use some universal simple character sequences as the password. SplashData recently announced the world's worst password list in 2012. "password","123456" and "12345678" are still at top places, while others have varying, some new passwords like "welcome" "Jesus" "ninja","mustang"and "password1 "are in the list. With the risk of password loss, SplashData CEO Morgan Slain said we hoped netw...
Web Security: In-Depth Explanation of X-XSS-Protection
What is X-XSS-Protection X-XSS-Protection is an HTTP response header designed to enable or configure built-in cross-site scripting (XSS) filters in certain versions of Internet Explorer, Chrome, and Safari. The purpose of these filters is to detect reflected XSS attacks in the response and prevent the loading of pages, thereby protecting users from such attacks. The X-XSS-Protection response header was initially introduced by Microsoft in Internet Explorer 8 to control the browser's XSS filter. ...
X-XSS-PROTECTION,WEB SECURITY,CONTENT SECURITY POLICY,XSS,CSP 2023-11-29 01:48:40
The Risks of Prioritizing Features Over Security in China's EV Industry
In recent years, China's electric vehicle (EV) industry has seen a surge in innovation and growth. Companies like BYD, NIO, XPeng, and Xiaomi have become household names, not just in China but globally. These companies have been at the forefront of integrating cutting-edge technology into their vehicles, often promoting new features such as autonomous driving, advanced infotainment systems, and seamless connectivity. However, this rapid pace of innovation has raised concerns about whether these...
RECENT
- How Artificial Intelligence Is Helping Fight Environmental Challenges
- How to Deal with Accusations of Negligence as a Business
- Google's Business Operations in China Amid Antitrust Scrutiny
- Deploying DeepSeek-R1 Locally with a Custom RAG Knowledge Data Base
- Balancing Convenience and Security in the Digital World
- My AI Learning Journey: Exploring the Future of Technology
- Power Grid Simulation System 02 : FDI Power Outage Attack Case Study
- Be Careful When Using Cursor to Help Build Application
- Calculating Token Count for Claude API Using Go: A Step-by-Step Guide
- Understanding Cursor and WindSurf's Code Indexing Logic
- more>>
