资料列表
Preview Name 作者 Date File info
  • WEB流量监控防御系统
  • 原文地址 http://www.owasp.org.cn/OWASP_Events/20130525

    工作原理

    部署方式

    • 桥模式、反向代理模式、单臂模式

    关键技术及实现原理

    • 数据捕获、IP碎片重组、TCP流重组、过滤、
    • 会话阻断、审计、报警

    下一步发展

    • Web 爬虫

    通过爬虫技术,分析被保护的站点是否存在安全漏洞。

    传统的爬虫引擎:

    通过socket建立连接,收集请求和返回内容;

    分析返回页面,收集新的连接,脚本,flash等数据;

    Ajax爬虫引擎:

    目标资源在javascript脚本中,或者嵌入到DOM中,需要爬虫理解并触发事件行为;

    DOM事件处理以及动态DOM内容的检索;

    与QT WebKit的DOM XSS检测思想大同小异。

丁冠宇@人人网 2016-03-01 14:51:06
  • 附件: 1 个
  • 大小: 0.65 M
  • New Browser Security Technologies
  • Protecting against Insufficient Transport Layer Protection: HSTS - HTTP Strict Transport Security, Cert Pinning, and New Protection against XSS and Clickjacking: X-Frame-Options and CSP

Tobias Gondrom 2016-02-21 13:20:47
  • 附件: 1 个
  • 大小: 3.15 M
  • Managing Web & Application Security with OWASP
  • Setting up, managing and improving your global information security organization using mature OWASP projects and tools. Achieving cost-effective application security and bringing it all together on the management level. A journey through different organizational stages and how OWASP tools help organizations moving forward improving their web and application security. This talk will discuss a number of quick wins and how to effectively manage global security initiatives and use OWASP tools inside your organization

Tobias Gondrom 2016-02-21 13:17:43
  • 附件: 1 个
  • 大小: 2.47 M