-
Sql Injection, Ddos 말고도 우리가 배운거 다 한 번 씩 사용해야 할 것
XSS, CSRF, SSRF 등
Arp Spoofing 대응 방법이 마땅치 않음, 금융권은 보안 장비를 쓸 것이라고 생각함
스니핑, 스누핑
TCP/SYN Flooding
apt 공격
http post attack
slowloris attack
이벤트…
-
Hi, thanks for sharing your code, could you update README on how to run, train and test your method. Thanks
-
If a scanned page has outbound Tor Onion Hidden Service (.onion) links on it, these will be marked in orange as 'Plaintext' in the report.
While these are technically HTTP, the encryption and integ…
-
## CVE-2018-25031 - Medium Severity Vulnerability
Vulnerable Library - springfox-swagger-ui-3.0.0.jar
JSON API documentation for spring based applications
Library home page: https://github.com/sprin…
-
## CVE-2014-3623 - Medium Severity Vulnerability
Vulnerable Library - wss4j-1.5.11.jar
Apache WSS4J is an implementation of the Web Services Security
(WS-Security) being developed at OASIS W…
-
Someone suggested the possibilitiy of using a SSH Socks proxy instead of openvpn for creating a VPN. I am not sure what the pros and cons of this would be. I am also not sure if this would satisfy a…
-
-
https://github.com/MikeBishop/dns-alt-svc/blob/1dac79072773c0ad071429655d50eac48f41096b/draft-ietf-dnsop-svcb-https.md?plain=1#L480-L483
I don't see why this is a MAY: such a record constitutes an …
-
The draft says,
> It is not expected to have security/privacy implication of adding the base direction to literals. Maybe it is worth removing the previous paragraph?
But an attacker could set a…
-
Authentication fails on TLS or SSL when using smtp.gmail.com:587 (TLS) or smtp.gmail.com:465 (SSL).
To by-pass the failure, I have to enable less secure apps on the corresponding gmail account for…
iAmcR updated
3 years ago