Description: 这是国内首本在网站系统安全开发规范方面的应用手册,由动易软件安全工程师们耗时近6个月精心编制而成。手册基于.NET 2.0 的网站系统开发环境进行编写,共分为十三大项,30个小项,介绍了输入验证、输出编码、SQL注入、跨站脚本攻击、跨站请求伪造、越权操作、IO操作安全、缓存泄漏、系统加密、信息批漏、日志和监测、Web.config安全配置等方面的内容,并列明具体的防御手段和方法,从而为网站开发人员提供了一本深具实操性的工具书。
-This is the first site of the system security aspects of the development of standardized manuals and by PowerEasy time-consuming software security engineers are nearly 6 months meticulously prepared. Manual-based. NET 2.0 web site development environment for the preparation of the system is divided into 13 major and 30 small items, introduced input validation, output encoding, SQL injection, cross-site scripting attacks, cross-site request forgery, unauthorized operations, IO safe operation, cache leakage, the system encryption, information leakage approved, log and monitoring, Web.config security configuration and so the content and set out the specific means and methods of defense, so as to Web site developers is a great parade of the tool. Platform: |
Size: 444416 |
Author:老青 |
Hits:
Description: Mausezahn 是一个采用C开发的快速的网络包生成工具。让您发送几乎一切可能的和不可能的数据包。它主要用于测试VoIP或组播的网络,但也为安全审计,以检查是否你的系统是强化具体的攻击不够。-Mausezahn is a free fast traffic generator written in C which allows you to send nearly every possible and impossible packet. It is mainly used to test VoIP or multicast networks but also for security audits to check whether your systems are hardened enough for specific attacks.
Mausezahn can be used for example:
As traffic generator (e. g. to stress multicast networks)
To precisely measure jitter (delay variations) between two hosts (e. g. for VoIP-SLA verification)
As didactical tool during a datacom lecture or for lab exercises
For penetration testing of firewalls and IDS
For DoS attacks on networks (for audit purposes of course)
To find bugs in network software or appliances
For reconnaissance attacks using ping sweeps and port scans
To test network behaviour under strange circumstances (stress test, malformed packets, ...) Platform: |
Size: 913408 |
Author:susu |
Hits:
Description: 本书分为4篇17章节,系统全面介绍了windows平台缓冲区溢出漏洞的分析,检测与防护,第一篇为常用工具盒基础知识的介绍,第二篇从攻击者的视角出发,揭秘了攻击者利用漏洞的常用伎俩,第三篇从安全专家的角度介绍了漏洞分析和计算机应急响应方面的知识,第四篇则站在软件工程师讲述如何在开发,测试等环节中加入安全因素-The 17 chapter book is divided into four, the system has a comprehensive introduction to the windows platform buffer overflow vulnerability analysis, detection and prevention, first introduce the basic knowledge of commonly used tool box, the second from the perspective of an attacker, unveils thethe attacker exploits the vulnerabilities of commonly used trick, third from the perspective of security experts, vulnerability analysis and computer emergency response knowledge, fourth, standing on the software engineers on how to join in the development, testing and other aspects of safety factors Platform: |
Size: 50835456 |
Author:李瑶 |
Hits:
Description: Fortify Program Trace Analyzer(PTA)是Fortify 360中的一个安全测试分析器,这个工具可以使QA测试人员在实施QA测试的过程中能够对软件安全脆弱性和安全漏洞进行识别,这个过程不需要专门的专业安 全知识也不需要安全专家,Fortify PTA在不改变QA工作组任何工作过程的前提下使QA测试组具备了发现软件安全漏洞的能力。Fortify PTA可以伴随任何安全测试工作来进行,不管这项测试工作是自动化测试(比如说来自Mercury公司或者Borland公司的自动化测试工具)还是手工测试。-Fortify Program Trace Analyzer (PTA) is the Fortify 360 in a safety test analyzer, this tool allows QA testers in the implementation of QA testing process capable of software security vulnerabilities and identify security vulnerabilities, this process does not require specialized Professional safety knowledge does not need security experts, Fortify PTA without changing any of the work process QA Working Group under the premise of the QA test group has the ability to find software vulnerabilities. Fortify PTA can be accompanied by any safety testing work carried out, whether this test is automated testing (for example, from the Mercury company or Borland' s automated testing tools) or manual testing. Platform: |
Size: 6144 |
Author:dafeng |
Hits:
Description: 一款Android远程控制软件(AndroRat)源码,由于本身是Adroid和RAT(Remote Access Tool)的合体,所以系统可能会报木马,但是没毒。注:安全测试工具,禁止非法用途。-An Android remote control software (AndroRat) source, because itself is Adroid and RAT (Remote Access Tool) is fit, so the system may report Trojans, but not poisonous. Note: The security testing tools, prohibit illegal purposes. Platform: |
Size: 3607552 |
Author:Choyes |
Hits: