精华内容
下载资源
问答
  • top10-源码

    2021-03-13 17:04:38
    top10
  • Top10algorithmsindatamining

    2014-09-04 11:35:49
    Top10algorithmsindatamining
  • OWASP top10

    2021-03-20 10:23:02
    OWASP top10 因为网上top10众说纷纭,于是我去owasp官网找到了最新的top10,官网连接,有任何问题,请参考官网。 Injection. 注入 Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when ...

    OWASP top10

    因为网上top10众说纷纭(可能是版本问题),于是我去owasp官网找到了最新的top10,官网链接,有任何问题,请参考官网。

    注入 Injection.

    Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.

    失效的身份验证 Broken Authentication.

    Application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities temporarily or permanently.

    敏感信息泄露 Sensitive Data Exposure.

    Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser.

    XML外部实体漏洞 XML External Entities (XXE).

    Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.

    失效的访问控制 Broken Access Control.

    Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users’ accounts, view sensitive files, modify other users’ data, change access rights, etc.

    安全配置错误 Security Misconfiguration.

    Security misconfiguration is the most commonly seen issue. This is commonly a result of insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information. Not only must all operating systems, frameworks, libraries, and applications be securely configured, but they must be patched/upgraded in a timely fashion.

    跨站脚本攻击 Cross-Site Scripting (XSS).

    XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.

    不安全的反序列化 Insecure Deserialization.

    Insecure deserialization often leads to remote code execution. Even if deserialization flaws do not result in remote code execution, they can be used to perform attacks, including replay attacks, injection attacks, and privilege escalation attacks.

    使用含有已知漏洞的组件 Using Components with Known Vulnerabilities.

    Components, such as libraries, frameworks, and other software modules, run with the same privileges as the application. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications and APIs using components with known vulnerabilities may undermine application defenses and enable various attacks and impacts.

    不足的日志记录和监控 Insufficient Logging & Monitoring.

    Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data. Most breach studies show time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring.

    展开全文
  • OWASP top10 详解

    万次阅读 多人点赞 2019-11-24 11:09:56
    目录什么是owasp top10?排行榜(1)SQL 注入(2)失效的身份认证和会话管理(3)跨站脚本攻击 XSS(4)直接引用不安全的对象(5)安全配置错误(6)敏感信息泄露(7)缺少功能级的访问控制(8)跨站请求伪造 CSRF(9)使用含有已知...

    什么是owasp top10?

    OWASP(开放式Web应用程序安全项目)的工具、文档、论坛和全球各地分会都是开放的,对所有致力于改进应用程序安全的人士开放,其最具权威的就是“10项最严重的Web 应用程序安全风险列表” ,总结了Web应用程序最可能、最常见、最危险的十大漏洞,是开发、测试、服务、咨询人员应知应会的知识。(笔者这里记录2019版本的)

    排行榜

    (1)SQL 注入

    点击传送门进入详解——>传送门

    (2)失效的身份认证和会话管理

    点击传送门进入详解——>传送门

    (3)跨站脚本攻击 XSS

    点击传送门进入详解——>传送门

    (4)直接引用不安全的对象

    点击传送门进入详解——>传送门

    (5)安全配置错误

    点击传送门进入详解——>传送门

    (6)敏感信息泄露

    点击传送门进入详解——>传送门

    (7)缺少功能级的访问控制

    点击传送门进入详解——>传送门

    (8)跨站请求伪造 CSRF

    点击传送门进入详解——>传送门

    (9)使用含有已知漏洞的组件

    点击传送门进入详解——>传送门

    (10)未验证的重定向和转发

    点击传送门进入详解——>传送门

    展开全文
  • windows top10

    2010-03-25 07:53:40
    windows 使用十大技巧top10,windows 使用十大技巧top10
  • Top10Servlet

    2015-06-30 23:09:17
    Top10Servlet
    <span style="font-size:18px;">/**
     * Top10
     * author:杨鑫
     */
    package servlet;
    
    import java.io.IOException;
    import java.io.PrintWriter;
    import java.util.ArrayList;
    import java.util.List;
    
    import javax.servlet.ServletConfig;
    import javax.servlet.ServletException;
    import javax.servlet.annotation.WebServlet;
    import javax.servlet.http.HttpServlet;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    
    /**
     * Servlet implementation class Top10Servlet
     */
    @WebServlet("/top10")
    public class Top10Servlet extends HttpServlet {
    	private List<String> londonAttractions;
    	private List<String> parisAttractions;
    	
    	/**
    	 * 默认的无参数构造方法
    	 */
        public Top10Servlet() {
            super();
            // TODO Auto-generated constructor stub
        }
    
    	public void init() throws ServletException {
    		// TODO Auto-generated method stub
    		londonAttractions = new ArrayList<String>(10);
    		londonAttractions.add("Buckingham Palace");
    		londonAttractions.add("London Eye");
    		londonAttractions.add("British Museum");
    		londonAttractions.add("National Gallery");
    		londonAttractions.add("BigBen");
    		londonAttractions.add("Tower of London");
    		londonAttractions.add("Natural History Museum");
    		londonAttractions.add("Canary Wharf");
    		londonAttractions.add("2012 Olympic Park");
    		londonAttractions.add("St Paul's Cathedral");
    		
    		parisAttractions = new ArrayList<String>(10);
    		parisAttractions.add("Eiffel Tower");
    		parisAttractions.add("Notre Dame");	
    		parisAttractions.add("The Louvre");
    		parisAttractions.add("Champs Elysees");
    		parisAttractions.add("Arc de Triomphe");
    		parisAttractions.add("Sainte Chapelle Church");
    		parisAttractions.add("Les Invalides");
    		parisAttractions.add("Musee d'Orsay");
    		parisAttractions.add("Montmarte");
    		parisAttractions.add("Sacre Couer Basilica");	
    	}
    
    	
    	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    		// TODO Auto-generated method stub
    		String city = request.getParameter("city");
    		if(city != null && (city.equals("london") || city.equals("paris"))){
    			showAttractions(request, response, city);
    		}else{
    			showMainPage(request, response);
    		}
    	}
    	
    	private void showMainPage(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException{
    		response.setContentType("text/html; charset=utf-8");
    		PrintWriter out = response.getWriter();
    		out.print("<html><head>" + "<title>Top 10 Tourist Attractions</title>" + "</head><body>" + "please select a city:" + "<br/><a href='?city=london'>London</a>" + "<br/><a href='?city=paris'>Paris</a>" + "</body></html>");
    	}
    	
    	private void showAttractions(HttpServletRequest request, HttpServletResponse response, String city) throws ServletException, IOException{
    		int page = 1;
    		String pageParameter = request.getParameter("page");
    		if(pageParameter != null){
    			try{
    				page = Integer.parseInt(pageParameter);
    			}catch(NumberFormatException e){
    				e.printStackTrace();
    			}
    			if(page > 2){
    				page = 1;
    			}
    		}
    		
    		List<String> attractions = null;
    		if(city.equals("london")){
    			attractions = londonAttractions;
    		}else if(city.equals("paris")){
    			attractions = parisAttractions;
    		}
    		
    		response.setContentType("text/html");
    		PrintWriter out = response.getWriter();
    		out.println("<html><head>" + "<title>Top 10 Tourist Attraction</title>" + "</head><body>");
    		out.println("<a href ='top10'>Select City</a>");
    		out.println("<hr/>Page " + page + "<hr/>");
    		
    		int start = page * 5 - 5;
    		for(int i = start; i < start + 5; i++)
    		{
    			out.println(attractions.get(i) + "<br/>");
    			out.print("<hr style ='color:blue'/>" + "<a href='?city=" + city + "&page=1'>Page 1</a>");
    			out.println("  <a href='?city=" + city + "&page=2'>Page 2</a>");
    			out.println("</body></html>");
    		}
    	}
    	
    }
    </span>



    这里的配置文件我就不贴出来了。

    请自行配置:

    如图效果


    细节:



    展开全文
  • GitHub Android开源Top10

    千次阅读 多人点赞 2020-09-25 17:55:09
    GitHub Android开源Top10

    Blog如有不对,敬请斧正
    喜欢Android的可以关注我,日常更新Android干货
    

    TOP 1 Flutter

    在这里插入图片描述star:102k

    语言: Dart

    flutter是Google 开源的 UI 工具包,帮助开发者通过一套代码库高效构建多平台精美应用,支持移动、Web、桌面和嵌入式平台。Flutter 开源、免费,拥有宽松的开源协议,适合商业项目

    GitHub地址:https://github.com/flutter/flutter

    TOP 2 free-programming-books-zh_CN

    在这里插入图片描述
    star:70k

    语言: All

    免费的计算机编程类中文书籍! Java、Android、操作系统、WEB服务器、大数据,你能想到的他都有,好比程序员图书馆。

    GitHub地址:https://github.com/justjavac/free-programming-books-zh_CN

    TOP 3 material-design-icons

    在这里插入图片描述star:41k

    Google 开源了 Material Design 系统图标,该系统图标包含常用的图标,如用于媒体播放、通讯、内容编辑、连接等等。在 Web 应用,安卓和 iOS 设计均适用。

    GitHub:https://github.com/google/material-design-icons

    TOP 4 Awesome-Hacking

    在这里插入图片描述star:40.7k

    为黑客、Penters和安全研究人员收集的各种资源,下面列举一些:

    Android安全:Android安全相关资源,包括各种工具、学术/研究/出版物/书籍等资源

    AppSec :学习应用程序安全性的资源

    Hacking:黑客教程,工具和资源列表

    WiFi Arsenal:黑客攻击的各种工具包

    Static Analysis:各种编程语言的静态分析工具、linter和代码质量检查程序的列表

    TOP 5 awesome-android-ui

    在这里插入图片描述
    satr:38.9k

    这是别人整理的Android UI/UX库列表,上面的图片是目录,组件超多,Layout、SeekBar、Menu

    GitHub:https://github.com/wasabeef/awesome-android-ui

    TOP 6 Okhttp

    在这里插入图片描述
    star:38.3k

    一个处理网络请求的开源项目,是安卓端最火热的轻量级框架,用于替代HttpUrlConnection和Apache HttpClient

    主要功能:联网请求文本数据、大文件上传、大文件下载、请求图片等

    TOP 7 scrcpy

    在这里插入图片描述
    star:37.7k

    简单地来说,scrcpy就是通过adb调试的方式来将手机屏幕投到电脑上,并可以通过电脑控制您的Android设备。它可以通过USB连接,也可以通过Wifi连接(类似于隔空投屏),而且不需要任何root权限,不需要在手机里安装任何程序。

    GitHub:https://github.com/Genymobile/scrcpy

    TOP 8 architecture-samples

    在这里插入图片描述
    star:37.4k

    讨论和展示Android应用程序的不同架构工具和模式的示例。

    GitHub:https://github.com/android/architecture-samples

    TOP 9 Retrofit

    在这里插入图片描述
    star:36.6k

    Retrofit是一款适用于Android网络请求的框架。Retrofit底层是基于OkHttp实现的,与其他网络框架不同的是,它更多使用运行时注解的方式提供功能。
    可以配置不同HTTP client来实现网络请求,如okhttp、httpclient等;

    优点:
    请求的方法参数注解都可以定制
    支持同步、异步和RxJava
    超级解耦
    可以配置不同的反序列化工具来解析数据,如json、xml等
    使用非常方便灵活

    GitHub:https://github.com/square/retrofit

    TOP 10 MPAndroidChar

    在这里插入图片描述
    star:31.8k

    MPAndroidChart是GitHub中大名鼎鼎的一个开源框架,可以快速制作开发中需要的图表,如:折线图、柱形图、饼图、雷达图。

    Github项目地址:https://github.com/PhilJay/MPAndroidChart

    展开全文
  • owasp top10 2017 最新版

    2018-01-23 20:02:11
    owasp top10 2017 最新版,包含与owasp top10 2013的对比,
  • OWASP TOP10 2017

    2021-01-08 12:46:57
    文章目录前言OWASP TOP10 2017A1 注入injectionA2 失效的身份认证A3 敏感数据泄露A4外部实体(XXE)A5失效的访问控制A6 安全配置错误A7 跨站脚本(xss)A8不安全的反序列化A9使用含有已知漏洞的组件A10 不足的日志记录...
  • OWASP Top10详解

    千次阅读 2020-06-05 10:52:11
    目录什么是owasp top10?排行榜(1)SQL 注入(2)失效的身份认证和会话管理(3)跨站脚本攻击 XSS(4)直接引用不安全的对象(5)安全配置错误(6...
  • 数字货币交易风险Top10.pdf
  • MapReduce之Top10

    千次阅读 2019-04-20 09:27:48
    MapReduce之Top10 模式描述 Top10顾名思义不管输入数据的大小是多少,都以精准的输出按照规则的前10个结果,在普通的过滤模式中,输出数据的数量有输入数据决定 目的 无论数据集的大小如何,根据数据集的排序...
  • 各个数据库中TOP10记录的查询方法Oracle数据库:select * from (select * from tab order by id desc) where rownum lt; 11;MyS各个数据库中TOP10记录的查询方法Oracle数据库:select * from (select * from tab ...
  • Top10 ProxyClient.rar

    2020-03-22 17:39:14
    Top10 ProxyClient 使您可以: 1、通过代理服务器运行任何网络应用程序。对于软件不需要有什么特殊配置;整个过程是完全透明的。 2、可选择指定的进程进行上网,不影响未选择的进程,也可以强制所有网络连接,都通过...
  •   大家好,我是不温卜火,是一名计算机学院大数据专业大二的学生,昵称来源于成语—不温不火,本意是希望自己性情温和。作为一名互联网行业的小白,博...  此篇为大家带来的是Top10热门品类中每个品类的 Top10 活.
  • 电影评分次数Top10问题-附件资源
  • Owasp Web Top10

    2020-12-27 21:47:46
    Owasp Web Top10 SQL注入 漏洞定义 SQL注入是一种将SQL代码注入或者添加到应用(用户)的输入参数中的攻击,之后再将这些参数传递给后台的SQL服务器加以解析并执行。由于SQL语句本身多样性,以及用于构造的SQL语句...
  • <div><p>This directory is for the project of Korean Translation for TOP10 2017</p><p>该提问来源于开源项目:OWASP/Top10</p></div>
  • <div><p>Tracking ticket for the Italian translation - Top10 2017. Are there volunteers? Did anybody start working on it already?</p><p>该提问来源于开源项目:OWASP/Top10</p></div>
  • 系统性能监控 及 top10问题
  • 打开TOP10非访问链接,指向ProductHunt,HackerNews,Reddit,Google,Amazon,Ebay的标签的选项卡 只需单击一下即可打开未访问的TOP10链接,该链接指向以下选项卡的选项卡-ProductHunt-HackerNews-Reddit,-Google-...
  • Top10SQLPerf.pdf

    2010-11-08 16:25:40
    Top10SQLPerf.pdf Top10SQLPerf.pdf Top10SQLPerf.pdf
  • 2019年淘宝汉服商家TOP10产值.xls
  • 2018年中国茶叶产量TOP10省市.xls
  • 2018年全球电影票房TOP10国家.xls
  • 2013中国光学期刊网论文下载量TOP10
  • 1.需求 Top10热门品类中每个品类的Top10活跃Session统计(用户) 2.只看点击 3.品类要在top10 package com.rdd.topn import org.apache.spark.rdd.RDD import org.apache.spark.{SparkConf, SparkContext} object ...

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 5,060
精华内容 2,024
关键字:

top10