분류 전체보기
-
OLTP, OLAP, and ETLDB/RDB 2019. 9. 11. 14:28
1. Overview 1.1 On-line Transaction Processing (OLTP) OLTP stands for On-line Transaction Processing. OLTP based systems (account, ticket booking, banking systems, money transfer system) are used to perform a large number of short transactions. Almost all of the database queries in OLTP system consist of commands insert, update, delete. Select queries are mainly designed to enable users to selec..
-
Resilient Distributed Dataset(RDD)DistributedSystem/Spark 2019. 9. 8. 22:32
1. Overview Resilient Distributed Datasets (RDD) is a fundamental data structure of Spark. It is an immutable distributed collection of objects. Each dataset in RDD is divided into logical partitions, which may be computed on different nodes of the cluster. RDDs can contain any type of Python, Java, or Scala objects, including user-defined classes. There are two ways to create RDDs − parallelizi..
-
Hadoop Distributed File System(HDFS)DistributedSystem/HadoopEcyosystem 2019. 9. 8. 21:28
1. Overview Apache HDFS or Hadoop Distributed File System is a block-structured file system where each file is divided into blocks of a pre-determined size. These blocks are stored across a cluster of one or several machines. HDFS follows a Master/Slave Architecture, where a cluster comprises a single Name node(Master node) and all the other nodes are Data nodes(slave nodes). HDFS can be deploye..
-
Server-side request forgeryWeb/Security 2019. 9. 7. 11:45
1. Overview Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services within the organization's infrastructure..
-
Cross-site tracing(XST)Web/Security 2019. 9. 7. 11:43
1. Overview In web security, cross-site tracing (abbreviated "XST") is a network security vulnerability exploiting the HTTP TRACE method. XST scripts exploit ActiveX, Flash, or any other controls that allow executing an HTTP TRACE request. The HTTP TRACE response includes all the HTTP headers including authentication data and HTTP cookie contents, which are then available to the script. In combi..
-
Cross-site request forgery(CSRF)Web/Security 2019. 9. 7. 11:42
1. Overview Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. There are many ways in which a malicious website can transmit such commands; specially-crafted image tags, hidd..
-
SQL InjectionWeb/Security 2019. 9. 7. 10:13
1. Overview SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. 2. Example Injection Type Description Retrieving hidden data where you can modify an SQL query to return additional results. Subverting application logic where you can change a query to interfere with the application's logic. UNION attacks whe..
-
Secure codingWeb/Security 2019. 9. 6. 08:16
1. Overview The practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. 2. Description Guide Description Validate Input Validate input from all untrusted data sources Be suspicious of most external data sources, including command-line arguments, network interfaces, environmental variables, and user-controlled files Heed compi..