Today's Question:  What are you most afraid of as a programmer?        GIVE A SHOUT

SEARCH KEYWORD -- Attack



  Useful functions to provide secure PHP application


Security is a very important aspect of programming. There are many functions or modules in any kind of real programming language providing security functionalities  In modern websites, we may often get inputs form users all around the world.There is a famous saying which says that never trust user input. So in web programming languages, we will often see functions which will guarantee the security of the data input from users. Today we will cover some of these functions in the most famous o...

   PHP,security,SQL Injection,XSS,AJAX     2014-10-30 04:21:59


  Arrays.equals() vs MessageDigest.isEqual()


Both Arrays.equals() and MessageDigest.isEqual() are used to compare the equality of two arrays. They can be interchangeably in many cases. However, they do have some differences which lead to different use cases in real applications. One difference is that the arrays passed to MessageDigest.isEqual() cannot be null while it's ok for Arrays.equals(). The one major difference between these two methods is that Arrays.equals() is not time-constant while MessageDigest.isEqual() is time-constant. Thi...

   Arrays.equal(),MessageDigest.isEqual(),Java,Security     2015-05-14 22:03:29


  The Death of File Sharing


Last week’s violent government attack on the hugely popular site Megaupload — the U.S. government arresting Belgian citizens in New Zealand, of all places, and stealing at gunpoint servers bank accounts and property — has sent shock waves through the entire digital world. The first shock was the realization that the gigantic protest against legislative moves (SOPA and PIPA) that would smash the Internet turned out to be superfluous. The thing everyone wanted to prevent is already here. SOP...

   File sharing,Death,Trend,Cloud     2012-02-01 04:44:06


  Twitter service down incidents summary


This Thursday, Twitter encountered a global service down incident. This is the second service down incident since last month. Later Twitter updated its website and stated that users might not be able to access Twitter temporarily.Twitter admitted the service down incident and explained that this time's service down was caused by problems of their both data centers.Ok, now lets summarize the service down incidents encountered by Twitter in past few years.in May 2008, Twitter's new engineer team w...

   Twitter,Service down,History     2012-07-28 12:36:39


  8 very useful and free web security testing tools


With more pervasive of web applications, web security threats are becoming increasingly prominent. Hackers gain web server control by exploiting web server vulnerabilities and SQL injection vulnerabilities, then they may tamper with web content, or steal important internal data, the more serious is to inject malicious code into web pages to affect visitors of websites. Attention is gradually warming up to Web Application Security. Here we recommend eight very useful and free web security testing...

   Website, security,Web security,Attack     2012-07-22 10:59:09


  Supercolliding a PHP array


Did you know that inserting 2^16 = 65536 specially crafted values into a normal PHP array can take 30 seconds? Normally this would take only 0.01 seconds. This is the code to reproduce it: <?php echo '<pre>'; $size = pow(2, 16); // 16 is just an example, could also be 15 or 17 $startTime = microtime(true); $array = array(); for ($key = 0, $maxKey = ($size - 1) * $size; $key <= $maxKey; $key += $size) { $array[$key] = 0; } $endTime = microtime(true); echo 'Inserting...

   PHP,Array,hashtable,Slow,Colliding     2011-12-29 09:02:01


  Oracle released an urgent Java patch


On March 23, Oracle just released an urgent Java patch which is out of its normal update schedule. The security vulnerability is related to the Java SE running in web browsers on desktops. The CVE ID for this issue is CVE-2016-0636. With the unpatched Java, attackers can remotely exploit the target system without username and credentials. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. When the user access pages containing malicious code...

   JAVA,SECURITY,ORACLE,NEWS     2016-03-25 08:39:59


  Programming: the benefits of taking a break


This post lists several benefits of taking a break during programming. You work smarter, not harder. Once, I worked really hard on a feature. For two weeks, 12 hours a day, I put in a lot of effort. After those two weeks, I took a break and came up with several ideas that made much of the work unnecessary.You think more clearly. Being tired has a similar effect as being drunk. At the end of a day, I often kid myself that I’ll just get this one thing finished quickly to have a fresh start...

   Programming,Tips,Break,Tired     2011-07-28 09:04:29


  10 notorious computer virus


The history of computer virus is the same as computer history. With more and more powerful computers, virus also are smarter and harder to be detected and killed. They have big impact on data security and system usability. We introduce 10 notorious computer virus in the history. 1. Creeper In 1971, the Creeper virus, an experimental self-replicating program, is written by Bob Thomas at BBN Technologies. Creeper infected DEC PDP-10 computers running the TENEX operating sy...

   Computer virus,History,Security     2013-07-16 21:09:22


  Some hidden XSS injection vulnerabilities


XSS injection refers to a Web page generates some unexpected executable js codes based on user input  and these executable codes are executed by web browser,i.e, the source code sent to web browser by the server contains some illegal js codes, and these illegal js codes are related to user's input. Common XSS injection vulnerabilities can be fixed with some functions such as htmlspecialchars(escaping HTML special characters) and strip_tags() or similar, but there are some hidden XSS injecti...

   XSS,PHP,Security,Code,JavaScript     2012-08-27 20:32:08