Description: Pro PHP Security is arguably the most comprehensive PHP security book available, and is highly recommended to any developer or administrator of a PHP-based Web site. — Michael J. Ross, Web developer/Slashdot contributor Pro PHP Security is one of the first books devoted solely to PHP security. It will serve as your complete guide for taking defensive and proactive security measures within your PHP applications. (And the methods discussed are compatible with PHP versions 3, 4, and 5.) The knowledge you’ll gain from this comprehensive guide will help you prevent attackers from potentially disrupting site operation or destroying data. And you’ll learn about various security measures, for example, creating and deploying “captchas,” validating e-mail, fending off SQL injection attacks, and preventing cross-site scripting attempts. About the Author Chris Snyder is a software engineer at Fund for the City of New York, where he helps develop next-generation websites and services for nonprofit organizations. He is a member of the Executive Board of New York PHP, and has been looking for new ways to build scriptable, linked, multimedia content since he saw his first Hypercard stack in 1988. Michael Southwell is a retired English professor who has been developing websites for more than 10 years in the small business, nonprofit, and educational areas, with special interest in problems of accessibility. He has authored and co-authored 8 books and numerous articles about writing, writing and computers, and writing education. He is a member of the Executive Board of New York PHP, and a Zend Certified Engineer. Platform: |
Size: 3714563 |
Author:sunshine1988 |
Hits:
Description: 基础原形来自 Ourplus,修补跨站脚本攻击漏洞
采用PHP+Mysql+Xml开发的网站流量统计分析系统 ,不影响页面下载速度。
本流量统计系统采用了高效的程序算法和精心优化的数据库结构,对网站进行全方位的统计,功能强大,统计直观。-The basis of the prototype from Ourplus, fix cross-site scripting attack using loopholes PHP+ Mysql+ Xml development site traffic statistics analysis system, does not affect the page download speed. Statistical system of the flow of a highly efficient procedure for the use of algorithms and well-optimized database structure, the site a full range of statistics, powerful, intuitive statistics. Platform: |
Size: 1982464 |
Author:tom |
Hits:
Description: Google 推出一套免費的 Web 安全評估工具,叫做 ratproxy,這套工具可以檢測、分析您的網站是否有安全性漏洞或網頁是否有被入侵,目前可支援 Linux, FreeBSD, MacOS X, 與 Windows (Cygwin) 等執行環境(反正就是 Unix-like 的環境啦)。
RatProxy 可偵測到的漏洞包括 Cross-site Scripting (XSS, 跨網站指令碼)、指令碼惡意置入(script inclusion issues), 惡意網頁內容(content serving problems), insufficient XSRF 以及 XSS 防護(XSS defenses) 等。-Google introduced a free Web security assessment tool, called ratproxy, this tool can detect, analyze whether your site has security vulnerabilities or whether the page has been compromised, currently supports Linux, FreeBSD, MacOS X, and Windows (Cygwin ), such as the implementation of the environment (in any case is the Unix-like environment for you). RatProxy can be detected vulnerabilities including Cross-site Scripting (XSS, cross-site scripting), placed malicious script (script inclusion issues), malicious Web content (content serving problems), insufficient XSRF and XSS protection (XSS defenses) and so on. Platform: |
Size: 167936 |
Author:张先国 |
Hits:
Description: 扫描并检测网站中存在的漏洞,该程序能检测SQL注入漏洞,跨网站脚本攻击漏洞等一系列网站漏洞-Scanning and detection loopholes website, the program can detect SQL injection flaws, cross-site scripting attacks on a series of Web site vulnerabilities vulnerability Platform: |
Size: 59392 |
Author:厚墨 |
Hits:
Description: 这是国内首本在网站系统安全开发规范方面的应用手册,由动易软件安全工程师们耗时近6个月精心编制而成。手册基于.NET 2.0 的网站系统开发环境进行编写,共分为十三大项,30个小项,介绍了输入验证、输出编码、SQL注入、跨站脚本攻击、跨站请求伪造、越权操作、IO操作安全、缓存泄漏、系统加密、信息批漏、日志和监测、Web.config安全配置等方面的内容,并列明具体的防御手段和方法,从而为网站开发人员提供了一本深具实操性的工具书。
-This is the first site of the system security aspects of the development of standardized manuals and by PowerEasy time-consuming software security engineers are nearly 6 months meticulously prepared. Manual-based. NET 2.0 web site development environment for the preparation of the system is divided into 13 major and 30 small items, introduced input validation, output encoding, SQL injection, cross-site scripting attacks, cross-site request forgery, unauthorized operations, IO safe operation, cache leakage, the system encryption, information leakage approved, log and monitoring, Web.config security configuration and so the content and set out the specific means and methods of defense, so as to Web site developers is a great parade of the tool. Platform: |
Size: 444416 |
Author:老青 |
Hits:
Description: 笑话网页小偷程序特点:
·无需购买服务器即可让你瞬间拥有数千部免费在线观看的卡通动漫资源;
·实现网站内容免更新免维护,全站后台管理,操作简单,管理方便;
·实现前台与后台完全分离,可自定义后台管理路径!支持在任意目录下使用;
·提供防SQL注入及跨站脚本攻击功能,确保程序更加安全;
·提供多个站点广告位并可在后台直接管理,轻松赚钱原来如此简单;
·提供站长工具包,轻松获取常用工具,助你一臂之力;
-Joke thief program website features:
* No need to purchase a server can let you instantly have thousands of free online viewing of the cartoon animation resources
* Free update website content to achieve maintenance-free, full-stop admin, simple operation, easy management
* To achieve complete separation of foreground and background can be customized Admin Path! To support the use of any directory
Provide Anti-SQL injection and cross-site scripting attack function, ensure that procedures are more secure
Provide multiple sites advertising and can be directly managed in the background, the original so simple to make easy money
Provide owners kit, easy access to frequently used tools to help you a helping hand Platform: |
Size: 17408 |
Author:方小杰 |
Hits:
Description: 介绍了跨站脚本的基本知识,会对你产生很好的帮助作用。-Describes the basic knowledge of cross-site scripting, will help you produce a good effect. Platform: |
Size: 567296 |
Author:赵强 |
Hits:
Description: WEB开发跨站脚本教程WEB development of cross-site scripting tutorial-WEB development of cross-site scripting tutorial WEB development of cross-site scripting tutorial Platform: |
Size: 102400 |
Author:njj |
Hits:
Description: Web Application Security Scanners are automated tools to test web applications for common security problems such as Cross-Site Scripting, SQL Injection, Directory Traversal, insecure configurations, and remote command execution vulnerabilities. These tools crawl a web application and locate application layer vulnerabilities and weaknesses, either by manipulating HTTP messages or by inspecting them for suspicious attributes.-Web Application Security Scanners are automated tools to test web applications for common security problems such as Cross-Site Scripting, SQL Injection, Directory Traversal, insecure configurations, and remote command execution vulnerabilities. These tools crawl a web application and locate application layer vulnerabilities and weaknesses, either by manipulating HTTP messages or by inspecting them for suspicious attributes. Platform: |
Size: 44032 |
Author:sumit |
Hits:
Description: 电影频道联盟多风格伪静态后台版程序特点:
·占用空间小,建站成本低,无需等待,马上就可以拥有海量网站数据;
·免更新免维护,管理方便,操作简单,实现全站后台管理的全自动采集;
·实现前台与后台完全分离,可自定义后台管理路径!支持在任意目录下使用;
·实现全站URL路径伪静态功能,让各大搜索引擎收录更加友好;
·提供防SQL注入及跨站脚本攻击功能,确保程序更加安全;
·提供多个站点广告位并可在后台直接管理,轻松赚钱原来如此简单;
·提供天气预报、日期提醒、简繁转换、URL自助推广、站长工具包等实用小插件;
·提供多套站点风格并实现后台一键切换管理功能,更换主题随心所欲;
电影频道联盟多风格伪静态后台版 v4.8.3 (发布日期:2011-04-01)
更新日志:
·解决新增的奇艺、百度音影线路不能观看的问题;
·修复站点首页友情链接在IE8浏览器错位的问题;-Small space, establishment of low cost, without waiting, we can immediately have a massive site data
Maintenance-free updates, easy management, simple operation, back office management to achieve full automatic collection stations
To achieve complete separation of foreground and background can be customized admin path! Support for use in any directory
URL path to achieve the station s pseudo-static function, so the major search engines more friendly
Provide anti-SQL injection and cross site scripting attack capabilities, to ensure the program more secure
Advertising can provide multiple sites directly managed in the background, the original is so simple to make easy money
Provide weather forecasts, date reminders, yet so converted, URL self-promotion, webmaster tools and other useful small plug-in package
Provide multiple sets of site style and realize the background of a key switch management capabilities, arbitrary replacement of the theme
Multi-line theater Platform: |
Size: 338944 |
Author:dddd |
Hits:
Description: WordPress 3.1.1 中文版本现已发布。此版本是修订版本,修复了 3.1 中包含安全问题在内的近 30 个问题。几个重要更新内容:
加强媒体文件上传的安全性
性能改进
增加对 IIS6 的支持
修正分类和 PATHINFO(/index.php/)的固定链接问题
修正了在某些极端情况下,数据库查询和分类法相关内容可能导致插件不兼容的问题
3.1.1 版本包含了我们的安全团队成员、WordPress 核心开发者 Jon Cave 和 Peter Westwood 发现的 3 个安全问题。修复的内容分别是:修正媒体文件上传器包含的“跨站请求伪造”(CSRF)问题、修正在处理评论内容中极复杂链接时可能导致 PHP 崩溃的问题,以及修补“跨网站指令码”(XSS)漏洞。-Chinese version of WordPress 3.1.1 has been released. This version is the revised version, fixes security issues is included in 3.1, including nearly 30 issues. Several important updates:
Enhance the security of the media file upload
Performance Improvement
Increase support for IIS6
Revised classification and PATHINFO (/ index.php /) of the fixed link issue
Fixed in some extreme cases, the database query and classification-related content may lead to plug-in incompatibility
3.1.1 version includes the security of our team members, WordPress core developer Jon Cave and Peter Westwood found three security issues. Contents of repair are: amendments to the media file upload control that contains the "cross-site request forgery" (CSRF) issue, amend comments in the context of dealing with the link could lead to a very complex PHP crash and repair "cross-site scripting" (XSS) vulnerabilities. Platform: |
Size: 3453952 |
Author:李墨龙 |
Hits:
Search - cross site scripting