Today's Question:  What does your personal desk look like?        GIVE A SHOUT

SEARCH KEYWORD -- DATA SECURITY

  SQL Injection through HTTP Headers

During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing, verification routines related to SQL injection flaws discovery are restricted to the GET and POST variables as the unique inputs vectors ever. What about other HTTP header parameters? Aren’t they potential input vectors for SQL injection attacks? How can one test all these HTTP parameters and whic...

   Code security,SQL injection,HTTP header     2012-04-05 11:42:04

  PHP 7 is coming soon

After a few RCs, PHP 7 will be officially released on November 12, 2015. This is a major release of PHP since PHP 5.6. @Laruence, one of the core contributors of PHP, has posted this news on Weibo(China's Twitter).  This is a one month later than the expected time as recorded in PHP 7 timeline. But it's not that late. The new release will come with a few features including: Scalar type declaration, you can define variable like int now Return type support. Besides declare scalar type ...

   RELEASE DATE,PHP7     2015-11-08 09:13:37

  Should All Web Traffic Be Encrypted?

The prevalence of free, open WiFi has made it rather easy for a WiFi eavesdropper to steal your identity cookie for the websites you visit while you're connected to that WiFi access point. This is something I talked about in Breaking the Web's Cookie Jar. It's difficult to fix without making major changes to the web's infrastructure. In the year since I wrote that, a number of major websites have "solved" the WiFi eavesdropping problem by either making encrypted HTTPS web traffic an accou...

   Web traffic,Security,HTTPS.Encryption,Wifi     2012-02-24 05:02:58

  The hidden risk of passing slice as function parameter

In Go's source code or other open source libraries, there are lots of cases where a slice pointer is passed to function instead of slice itself. This brings up a doubt why not passing slice directly as its internal is backed by an array pointer to point to underlying data? For example, in log package, the formatHeader function takes a parameter buf as type *[]byte instead of []byte. func (l *Logger) formatHeader(buf *[]byte, t time.Time, file string, line int) {} Let's understand the r...

   GOLANG,SLICE,SLICE POINTER     2020-12-13 06:11:14

  XMLHttpRequest Level 2 user guide

XMLHttpRequest is a web browser interface, it makes it possible for JavaScript doing HTTP(s) communication. Microsoft's IE5 first introduced XMLHttpRequest, because it's so useful that many other browsers also adopted this. AJAX came to the front since. However, this interface is not standardized, implementation among different browsers is different, with the emerging of HTML5, W3C is considering to standardize this interface. In February 2008, they proposed a XMLHttpRequest Level 2 draft. This ...

   XMLHttpRequest, progress, upload, binary data     2012-09-19 11:51:50

  A New Billionaire’s 10 Rules for Success

Bob Parsons (below) may be best known as the man standing next to the “GoDaddy Girls,” the busty spokesmodels for his online registration company, GoDaddy.Com. Gerry Images Today, he has a new catchphrase: billionaireSource : http://blogs.wsj.com/wealth/2011/06/24/a-new-billionaires-10-rules-for-success/ The possible purchase of his company by private-equity firms Kohlberg Kravis Roberts and SilverLake Partners for more than $2 billion would make him the latest dot-com billionair...

   Programming,Billionare,Work,Hard,Dream     2011-06-27 07:40:00

  Java Interview Questions

Currently there are many articles online which summarize the list of Java interview questions. Some cover lots of basic questions and some cover some specific questions in specific area such as multithreading. In this post, we will not cover the really basic questions, we will cover something different. For basic question, you can read Java Interview Questions。 Basic What is primitive data type? How many primitive data types in Java? What are they? -- A primitive type is prede...

   JAVA,SECURITY,INTERVIEW,CAREER,MULTITHREADING,QUESTION,JAVA INTERVIEW,JAVA CORE     2019-01-21 07:07:08

  Format JSON data on Ubuntu

JSON now becomes a very popular data format because of its simplicity and light-weight. Nowadays many RESTful APIs will offer a choice of exchanging JSON data between the server and client. Sometimes the data may not be formatted and it cannot be easily read by human beings. It's frequently desired that the unformatted JSON data should be formatted before read. Today we will show a few ways to format JSON data on Ubuntu. Assume we have a json file test.json with below content. { "title": "Test"...

   RUBY,PYTHON,NODEJS,JSON,JQ,PERL,LINUX,UBUNTU,YAJL     2016-08-17 11:05:09

  JavaScript Attack/Defend

As developers and designers we work hard to build visually attractive, fast and easy to maintain applications. Our goals are to make sure the applications we build stick to users and keep them coming back for more. Security is not always at the forefront of our minds. No one intentionally builds insecure software but often a lack of security knowledge leads developers to build vulnerabilities into their applications. In this article we are going to examine two web security attacks, how they are ...

   JavaScript,Attack,Defend,Security,Cross site     2011-10-13 13:09:11

  JSON in JavaScript

When sending an AJAX request to the server, the response can have two formats : XMLHttpRequest.responseXML to access data with XML format and XMLHttpRequest.responseText to access data with string format. XML is the standard data transfer format, but one weakness is it's troublesome to parse and retrieve the data. JSON(JavaScript Object Notation) is a light weight data interchange format, we call it the JavaScript object representation. The advantage of using JSON as the data format is itself is...

   JSON,JavaScript     2013-05-04 23:25:57

RECENT