摘抄——OWASP_Code_Review_Guide-V1_1 (1)
来源:互联网 发布:如何秒杀淘宝优惠券 编辑:程序博客网 时间:2024/05/16 15:54
不信任的数据来源
HTTP REQUEST STRINGS
- request.accepttypes
- request.browser
- request.files
- request.headers
- request.httpmethod
- request.item
- request.querystring
- request.form
- request.cookies
- request.certificate
- request.rawurl
- request.servervariables
- request.url
- request.urlreferrer
- request.useragent
- request.userlanguages
- request.IsSecureConnection
- request.TotalBytes
- request.BinaryRead
- InputStream
- HiddenField.Value
- TextBox.Text
- recordSet
HTML OUTPUT
- response.write
- <% =
- HttpUtility
- HtmlEncode
- UrlEncode
- innerText
- innerHTML
INPUT AND OUTPUT STREAMS
- Java.io
- java.util.zip
- java.util.jar
- FileInputStream
- ObjectInputStream
- FilterInputStream
- PipedInputStream -
- SequenceInputStream
- StringBufferInputStream
- BufferedReader
- ByteArrayInputStream
- CharArrayReader
- File
- ObjectInputStream
- PipedInputStream
- StreamTokenizer
- getResourceAsStream
- java.io.FileReader
- java.io.FileWriter
- java.io.RandomAccessFile
- java.io.File
- java.io.FileOutputStream
- mkdir
- renameTo
SERVLETS
- javax.servlet.*
- getParameterNames
- getParameterValues
- getParameter
- getParameterMap
- getScheme
- getProtocol
- getContentType
- getServerName
- getRemoteAddr
- getRemoteHost
- getRealPath
- getLocalName
- getAttribute
- getAttributeNames
- getLocalAddr
- getAuthType
- getRemoteUser
- getCookies
- isSecure
- HttpServletRequest
- getQueryString
- getHeaderNames
- getHeaders
- getPrincipal
- getUserPrincipal
- isUserInRole
- getInputStream
- getOutputStream
- getWriter
- addCookie
- addHeader
- setHeader
- setAttribute
- putValue
- javax.servlet.http.Cookie
- getName
- getPath
- getDomain
- getComment
- getMethod
- getPath
- getReader
- getRealPath
- getRequestURI
- getRequestURL
- getServerName
- getValue
- getValueNames
- getRequestedSessionId
CROSS SITE SCRIPTING
- javax.servlet.ServletOutputStream.print
- javax.servlet.jsp.JspWriter.print
- java.io.PrintWriter.print
RESPONSE SPLITTING
- javax.servlet.http.HttpServletResponse.sendRedirect
- addHeader, setHeader
REDIRECTION
- sendRedirect
- setStatus
- addHeader, setHeader
SQL & DATABASE
- 0dbc
- executeQuery
- select
- insert
- update
- delete
- execute
- executestatement
- createStatement
- java.sql.ResultSet.getString
- java.sql.ResultSet.getObject
- java.sql.Statement.executeUpdate
- java.sql.Statement.executeQuery
- java.sql.Statement.execute
- java.sql.Statement.addBatch
- java.sql.Connection.prepareStatement
- java.sql.Connection.prepareCall
SESSION MANAGEMENT
- getSession
- invalidate
- getId
Ajax and JavaScript
- document.write
- eval
- document.cookie
- window.location
- document.URL
0 0
- 摘抄——OWASP_Code_Review_Guide-V1_1 (1)
- 人工神经网络——笔记摘抄1
- 【无用】随笔—-摘抄170828
- 关于设计模式——摘抄
- 管理方面——摘抄一些标题
- 人工神经网络——笔记摘抄2
- 《谁是谷歌想要的人才?》读书摘抄(1)——面试问题
- 摘抄---2005-1-1
- 网路摘抄【1】
- 幸福摘抄1
- 读书摘抄系列 1
- 【学习摘抄】1---ActivityThread
- 摘抄
- 摘抄
- 摘抄
- 摘抄
- 摘抄
- 摘抄
- 初步探究ES6之let,const和块级作用域
- Cloud Design Pattern - Pipes and Filters Pattern(管道及过滤器模式)
- 第九周--数据结构--猴子选大王【数组】之二
- 修改Tomcat Connector运行模式,优化Tomcat运行性能
- 微信扫码支付,扫商户二维码后,输入金额支付 php源代码下载 类似闪惠、到店付功能实现教程和源代码
- 摘抄——OWASP_Code_Review_Guide-V1_1 (1)
- 如何编译maven工程得到jar、sources、javadoc并上传至Sonatype Nexus OSS
- Android webview开发中 js与android相互调用
- Tomcat源码解读系列——Tomcat的核心组成和启动过程
- Linux下jetty报java.lang.OutOfMemoryError: PermGen space及Jetty内存配置调优解决方案
- 第九周--数据结构--猴子选大王【数组】之三
- Android 中实现在界面上右划返回上一个界面
- ASP.NET 抓取网页
- hive启动时报错Invalid maximum heap size: -Xmx4096m