文章浏览阅读713次。描述:A Cross-Frame Scripting (XFS) vulnerability can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing_cross frame......
文章浏览阅读3.1w次,点赞21次,收藏126次。1、Introduce a new variable instead of reusing the parameter "prefixKey"不要用传递过来的参数去重新赋值做判断等可以新建一个参数 等于传递过来的参数 用新的参数去操作private String getBatchSav......
文章浏览阅读3.6k次。描述The web application does not utilize HTTP only cookies. This is a new security feature introduced by Microsoft in IE 6 SP1 to mitigate the possibility of a successful Cross-Site scripting attack by not allowing cookies with the HTTP only attribute to be_cookie secur......
文章浏览阅读7.8k次。描述The web server supports encryption through TLS 1.0. TLS 1.0 is not considered to be "strong cryptography" as defined and required by the PCI Data Security Standard 3.2(.1) when used to protect sensitive information transferred to or from web sites. Acco_tl......
文章浏览阅读2.3k次。描述This policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires that the certificate used by the server is the same host as the serv_unprotected ......
文章浏览阅读1.4k次。描述Http Strict Transport Security (HSTS) policy enables web applications to enforce web browsers to restrict communication with the server over an encrypted SSL/TLS connection for a set period. Policy is declared via special Strict Transport Security respo_insecure tra......