SEARCH KEYWORD -- attack
Useful functions to provide secure PHP application
Security is a very important aspect of programming. There are many functions or modules in any kind of real programming language providing security functionalities In modern websites, we may often get inputs form users all around the world.There is a famous saying which says that never trust user input. So in web programming languages, we will often see functions which will guarantee the security of the data input from users. Today we will cover some of these functions in the most famous o...
PHP,security,SQL Injection,XSS,AJAX 2014-10-30 04:21:59
Web Security: In-Depth Explanation of X-XSS-Protection
What is X-XSS-Protection X-XSS-Protection is an HTTP response header designed to enable or configure built-in cross-site scripting (XSS) filters in certain versions of Internet Explorer, Chrome, and Safari. The purpose of these filters is to detect reflected XSS attacks in the response and prevent the loading of pages, thereby protecting users from such attacks. The X-XSS-Protection response header was initially introduced by Microsoft in Internet Explorer 8 to control the browser's XSS filter. ...
X-XSS-PROTECTION,WEB SECURITY,CONTENT SECURITY POLICY,XSS,CSP 2023-11-29 01:48:40
Techies: Let's Not Forget Brain Hacking
Credit: SergeyNivens via Canva The world of cyber security never fails to surprise us with bolder and more sophisticated cyber-attacks and...
HACKING 2022-02-03 21:43:11
Arrays.equals() vs MessageDigest.isEqual()
Both Arrays.equals() and MessageDigest.isEqual() are used to compare the equality of two arrays. They can be interchangeably in many cases. However, they do have some differences which lead to different use cases in real applications. One difference is that the arrays passed to MessageDigest.isEqual() cannot be null while it's ok for Arrays.equals(). The one major difference between these two methods is that Arrays.equals() is not time-constant while MessageDigest.isEqual() is time-constant. Thi...
Arrays.equal(),MessageDigest.isEqual(),Java,Security 2015-05-14 22:03:29
The Death of File Sharing
Last week’s violent government attack on the hugely popular site Megaupload — the U.S. government arresting Belgian citizens in New Zealand, of all places, and stealing at gunpoint servers bank accounts and property — has sent shock waves through the entire digital world. The first shock was the realization that the gigantic protest against legislative moves (SOPA and PIPA) that would smash the Internet turned out to be superfluous. The thing everyone wanted to prevent is al...
File sharing,Death,Trend,Cloud 2012-02-01 04:44:06
Twitter service down incidents summary
This Thursday, Twitter encountered a global service down incident. This is the second service down incident since last month. Later Twitter updated its website and stated that users might not be able to access Twitter temporarily.Twitter admitted the service down incident and explained that this time's service down was caused by problems of their both data centers.Ok, now lets summarize the service down incidents encountered by Twitter in past few years.in May 2008, Twitter's new engineer team w...
Twitter,Service down,History 2012-07-28 12:36:39
Linux Kernel is replacing HTTP link with HTTPS
Linux kernel is in the process of replacing the HTTP links in its source code with HTTPS links. HTTPS is considered more secure than HTTP and can prevent lots of attacks like Man-In-The-Middle attack. Currently there are more than 150 patches submitted by Linux Kernel developers to replace these HTTP links. One thing to be noted is this replacement process is not a manual search and replace process. Indeed, some scripts are created to find out these links and try to find whethe...
LINUX KERNEL,HTTP,HTTPS 2020-08-08 01:35:20
SameSite attribute in cookie
Starting from Chrome 51, a new attribute SameSite has been introduced for browser cookie. This attribute is to prevent CSRF attack. Cookie is normally used to store data exchanged between client and server. It frequently stores user login information. If a malicious website can forge a HTTP request with the valid third party website cookie, it may be called a CSRF attack. For example, if a user logins to a bank website your-bank.com, the bank server responds a cookie: Set-Cookie:id=a3fWa; L...
JAVASCRIPT,COOKIE,SAMESITE,CHROME,CSRF 2019-09-14 04:57:51
8 very useful and free web security testing tools
With more pervasive of web applications, web security threats are becoming increasingly prominent. Hackers gain web server control by exploiting web server vulnerabilities and SQL injection vulnerabilities, then they may tamper with web content, or steal important internal data, the more serious is to inject malicious code into web pages to affect visitors of websites. Attention is gradually warming up to Web Application Security. Here we recommend eight very useful and free web security testing...
Website, security,Web security,Attack 2012-07-22 10:59:09
Supercolliding a PHP array
Did you know that inserting 2^16 = 65536 specially crafted values into a normal PHP array can take 30 seconds? Normally this would take only 0.01 seconds. This is the code to reproduce it: <?php echo '<pre>'; $size = pow(2, 16); // 16 is just an example, could also be 15 or 17 $startTime = microtime(true); $array = array(); for ($key = 0, $maxKey = ($size - 1) * $size; $key <= $maxKey; $key += $size) { $array[$key] = 0; } $endTime = microtime(true); echo 'Inserting...
RECENT
- Tips for Socializing With Friends During College
- Proximity Cards Do More Than Just Open Doors
- How to choose quality painted auto parts
- Oval engagement rings from MoonOcean: Elegance of form and individual approach
- Hologres vs AWS Redshift
- GoLand connect to Hologres
- A journey to investigate a goroutine leakage case
- Understanding Slice Behavior in Go
- Breaking Barriers: How 3D Printing is Democratizing Product Development
- The Power of Efficiency: 10 Practical Energy-Saving Tips for Tech Startups
- more>>