Web
-
Cross-site tracing(XST)Web/Security 2019. 9. 7. 11:43
1. Overview In web security, cross-site tracing (abbreviated "XST") is a network security vulnerability exploiting the HTTP TRACE method. XST scripts exploit ActiveX, Flash, or any other controls that allow executing an HTTP TRACE request. The HTTP TRACE response includes all the HTTP headers including authentication data and HTTP cookie contents, which are then available to the script. In combi..
-
Cross-site request forgery(CSRF)Web/Security 2019. 9. 7. 11:42
1. Overview Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. There are many ways in which a malicious website can transmit such commands; specially-crafted image tags, hidd..
-
SQL InjectionWeb/Security 2019. 9. 7. 10:13
1. Overview SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. 2. Example Injection Type Description Retrieving hidden data where you can modify an SQL query to return additional results. Subverting application logic where you can change a query to interfere with the application's logic. UNION attacks whe..
-
Secure codingWeb/Security 2019. 9. 6. 08:16
1. Overview The practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. 2. Description Guide Description Validate Input Validate input from all untrusted data sources Be suspicious of most external data sources, including command-line arguments, network interfaces, environmental variables, and user-controlled files Heed compi..
-
Redundant Array of Independent Disks (RAID)Web/Network 2019. 9. 5. 22:51
1. Overview RAID(Redundant Array of Inexpensive Disks, or Drives, or Redundant Array of Independent Disks) is a data storage virtualization technology that combines multiple physical disk drive components into one or more logical units for the purposes of data redundancy, performance improvement, or both. This was in contrast to the previous concept of highly reliable mainframe disk drives refer..
-
Directly Attached Storage (DAS), Network Attached Storage (NAS), and Storage Area Networks(SAN)Web/Network 2019. 9. 5. 08:31
1. Overview 2. Description Storage Feature DAS NAS SAN Full Name Directly Attached Storage Network Attached Storage Storage Area Networks Terminology A traditional way of storage system Physically connected to a single host machine Shares network bandwidth User can access at file level over a LAN, a WAN, or over the Internet Shares data at block level Commonly associated with Fibre Channel netwo..
-
Web Service and Web ApplicationWeb 2019. 8. 31. 12:25
1. Overview Web Service A Web service is a server running a computer device, listening for requests at a particular port over a network, it servers web documents(HTML, JSON, XML, Images, etc.), using web service web applications services are created, which serve in solving specific domain problem over the web(www, internet, HTTP) In practice, a Web service commonly provides an object-oriented we..
-
Hypertext Transfer Protocol (HTTP)Web/Protocol 2019. 8. 31. 12:22
1. Overview The Hypertext Transfer Protocol(HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access. 1.1 Versions HTTP/1.0 The connection is closed after a single request/response pair A separ..