SlideShare une entreprise Scribd logo

20190514 websecurity

City University of Macau
City University of Macau

it is a note about security and vulnerability on web development. includes topic of Cross Document Messaging, CORS , HTML5 Sinks. HTML Injection, XSS, SQL Injection, Brute Force Password

Technologie
1  sur  23
Télécharger pour lire hors ligne
Web Security 2019/05/14
Ageda - 1) Cross Document Messaging - 2) CORS - Websockets - 3) HTML5 Sinks
Practice - HTML Injection - XSS - SQL Injection - Brute Force Password
1) iFrame
iFrame Parent Website Source: https://html.spec.whatwg.org/multipage/web-messaging.html#web-messaging
1) iFrame
2) CORS
Allow-Origin
Access-Control-Allow-Origin: * echo back the Origin header Allow only selected, trusted domains Origin header may be spoofed outside the browser
3) HTML5 Sinks
3) Local Storage
WARNING Please do not attempt to hack any computer system without legal permission to do so.
Reference - Html security - React

Recommandé

The Most Used Methods To Penetrate A Web Server
The Most Used Methods To Penetrate A Web ServerThe Most Used Methods To Penetrate A Web Server
The Most Used Methods To Penetrate A Web Serverguestd6761a
 
Mutillidae and the OWASP Top 10 by Adrian Crenshaw aka Irongeek
Mutillidae and the OWASP Top 10 by Adrian Crenshaw aka IrongeekMutillidae and the OWASP Top 10 by Adrian Crenshaw aka Irongeek
Mutillidae and the OWASP Top 10 by Adrian Crenshaw aka IrongeekMagno Logan
 
Website security systems
Website security systemsWebsite security systems
Website security systemsMobile88
 
夜宴36期
夜宴36期夜宴36期
夜宴36期liuzhitao2000
 
How Firefox Work
How Firefox WorkHow Firefox Work
How Firefox Workaizu_u-11911
 
Firefox
FirefoxFirefox
Firefoxs1200019
 
澳門製造在 SEO 的品牌和身份探索 Exploration of SEO on Made in Macau Brand and Identity | T...
澳門製造在 SEO 的品牌和身份探索 Exploration of SEO on Made in Macau Brand and Identity | T...澳門製造在 SEO 的品牌和身份探索 Exploration of SEO on Made in Macau Brand and Identity | T...
澳門製造在 SEO 的品牌和身份探索 Exploration of SEO on Made in Macau Brand and Identity | T...City University of Macau
 
20220908_元宇宙 - 新世界的新機遇.pdf
20220908_元宇宙 - 新世界的新機遇.pdf20220908_元宇宙 - 新世界的新機遇.pdf
20220908_元宇宙 - 新世界的新機遇.pdfCity University of Macau
 

Recommandé

The Most Used Methods To Penetrate A Web Server
The Most Used Methods To Penetrate A Web ServerThe Most Used Methods To Penetrate A Web Server
The Most Used Methods To Penetrate A Web Serverguestd6761a
 
Mutillidae and the OWASP Top 10 by Adrian Crenshaw aka Irongeek
Mutillidae and the OWASP Top 10 by Adrian Crenshaw aka IrongeekMutillidae and the OWASP Top 10 by Adrian Crenshaw aka Irongeek
Mutillidae and the OWASP Top 10 by Adrian Crenshaw aka IrongeekMagno Logan
 
Website security systems
Website security systemsWebsite security systems
Website security systemsMobile88
 
夜宴36期
夜宴36期夜宴36期
夜宴36期liuzhitao2000
 
How Firefox Work
How Firefox WorkHow Firefox Work
How Firefox Workaizu_u-11911
 
Firefox
FirefoxFirefox
Firefoxs1200019
 
澳門製造在 SEO 的品牌和身份探索 Exploration of SEO on Made in Macau Brand and Identity | T...
澳門製造在 SEO 的品牌和身份探索 Exploration of SEO on Made in Macau Brand and Identity | T...澳門製造在 SEO 的品牌和身份探索 Exploration of SEO on Made in Macau Brand and Identity | T...
澳門製造在 SEO 的品牌和身份探索 Exploration of SEO on Made in Macau Brand and Identity | T...City University of Macau
 
20220908_元宇宙 - 新世界的新機遇.pdf
20220908_元宇宙 - 新世界的新機遇.pdf20220908_元宇宙 - 新世界的新機遇.pdf
20220908_元宇宙 - 新世界的新機遇.pdfCity University of Macau
 
Metaverse - the attraction of new identty
Metaverse - the attraction of new identtyMetaverse - the attraction of new identty
Metaverse - the attraction of new identtyCity University of Macau
 
ch2-顧客心理與行為
ch2-顧客心理與行為ch2-顧客心理與行為
ch2-顧客心理與行為City University of Macau
 
ch6-顧客忠誠的形成與培養
ch6-顧客忠誠的形成與培養ch6-顧客忠誠的形成與培養
ch6-顧客忠誠的形成與培養City University of Macau
 
ch1-顧客與顧客關系管理
ch1-顧客與顧客關系管理ch1-顧客與顧客關系管理
ch1-顧客與顧客關系管理City University of Macau
 
創新管理-第十二章-新產品開發過程管理
創新管理-第十二章-新產品開發過程管理創新管理-第十二章-新產品開發過程管理
創新管理-第十二章-新產品開發過程管理City University of Macau
 
創新管理-第十二章-新產品開發團隊的管理
創新管理-第十二章-新產品開發團隊的管理 創新管理-第十二章-新產品開發團隊的管理
創新管理-第十二章-新產品開發團隊的管理City University of Macau
 
創新管理-第十二章-形成部署戰略
創新管理-第十二章-形成部署戰略創新管理-第十二章-形成部署戰略
創新管理-第十二章-形成部署戰略City University of Macau
 
Dropbox startup lessons learned
Dropbox startup lessons learned Dropbox startup lessons learned
Dropbox startup lessons learned City University of Macau
 
創新管理-第十章-組織創新
創新管理-第十章-組織創新創新管理-第十章-組織創新
創新管理-第十章-組織創新City University of Macau
 
創新管理-第九章-保護創新
創新管理-第九章-保護創新創新管理-第九章-保護創新
創新管理-第九章-保護創新City University of Macau
 
創新管理-第八章-合作戰略
創新管理-第八章-合作戰略創新管理-第八章-合作戰略
創新管理-第八章-合作戰略City University of Macau
 
Introduction of SEO,Search Engine Optimization
Introduction of SEO,Search Engine OptimizationIntroduction of SEO,Search Engine Optimization
Introduction of SEO,Search Engine OptimizationCity University of Macau
 
W6-創新管理-第四章-確定組織的戰略方向
W6-創新管理-第四章-確定組織的戰略方向W6-創新管理-第四章-確定組織的戰略方向
W6-創新管理-第四章-確定組織的戰略方向City University of Macau
 
W5-創新管理-第五章-進入時機
W5-創新管理-第五章-進入時機 W5-創新管理-第五章-進入時機
W5-創新管理-第五章-進入時機City University of Macau
 
w7-Digital Marketing-Advertising
w7-Digital Marketing-Advertisingw7-Digital Marketing-Advertising
w7-Digital Marketing-AdvertisingCity University of Macau
 
w5-Digital Marketing
w5-Digital Marketingw5-Digital Marketing
w5-Digital MarketingCity University of Macau
 
W4-創新管理-第四章-標準之爭與主導設計
W4-創新管理-第四章-標準之爭與主導設計 W4-創新管理-第四章-標準之爭與主導設計
W4-創新管理-第四章-標準之爭與主導設計City University of Macau
 
W3-創新管理-第三章-創新的類型和方式
W3-創新管理-第三章-創新的類型和方式W3-創新管理-第三章-創新的類型和方式
W3-創新管理-第三章-創新的類型和方式City University of Macau
 
W2-創新管理-第二章-創新的來源
W2-創新管理-第二章-創新的來源W2-創新管理-第二章-創新的來源
W2-創新管理-第二章-創新的來源City University of Macau
 
W1-創新管理-第一章-技術創新的重要性
W1-創新管理-第一章-技術創新的重要性W1-創新管理-第一章-技術創新的重要性
W1-創新管理-第一章-技術創新的重要性City University of Macau
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Contenu connexe

Plus de City University of Macau

創新管理-第十二章-新產品開發過程管理
創新管理-第十二章-新產品開發過程管理創新管理-第十二章-新產品開發過程管理
創新管理-第十二章-新產品開發過程管理City University of Macau
 
創新管理-第十二章-新產品開發團隊的管理
創新管理-第十二章-新產品開發團隊的管理 創新管理-第十二章-新產品開發團隊的管理
創新管理-第十二章-新產品開發團隊的管理City University of Macau
 
創新管理-第十二章-形成部署戰略
創新管理-第十二章-形成部署戰略創新管理-第十二章-形成部署戰略
創新管理-第十二章-形成部署戰略City University of Macau
 
Introduction of SEO,Search Engine Optimization
Introduction of SEO,Search Engine OptimizationIntroduction of SEO,Search Engine Optimization
Introduction of SEO,Search Engine OptimizationCity University of Macau
 
W6-創新管理-第四章-確定組織的戰略方向
W6-創新管理-第四章-確定組織的戰略方向W6-創新管理-第四章-確定組織的戰略方向
W6-創新管理-第四章-確定組織的戰略方向City University of Macau
 
W4-創新管理-第四章-標準之爭與主導設計
W4-創新管理-第四章-標準之爭與主導設計 W4-創新管理-第四章-標準之爭與主導設計
W4-創新管理-第四章-標準之爭與主導設計City University of Macau
 
W3-創新管理-第三章-創新的類型和方式
W3-創新管理-第三章-創新的類型和方式W3-創新管理-第三章-創新的類型和方式
W3-創新管理-第三章-創新的類型和方式City University of Macau
 
W1-創新管理-第一章-技術創新的重要性
W1-創新管理-第一章-技術創新的重要性W1-創新管理-第一章-技術創新的重要性
W1-創新管理-第一章-技術創新的重要性City University of Macau
 

Plus de City University of Macau (20)

Metaverse - the attraction of new identty
Metaverse - the attraction of new identtyMetaverse - the attraction of new identty
Metaverse - the attraction of new identty
 
ch2-顧客心理與行為
ch2-顧客心理與行為ch2-顧客心理與行為
ch2-顧客心理與行為
 
ch6-顧客忠誠的形成與培養
ch6-顧客忠誠的形成與培養ch6-顧客忠誠的形成與培養
ch6-顧客忠誠的形成與培養
 
ch1-顧客與顧客關系管理
ch1-顧客與顧客關系管理ch1-顧客與顧客關系管理
ch1-顧客與顧客關系管理
 
創新管理-第十二章-新產品開發過程管理
創新管理-第十二章-新產品開發過程管理創新管理-第十二章-新產品開發過程管理
創新管理-第十二章-新產品開發過程管理
 
創新管理-第十二章-新產品開發團隊的管理
創新管理-第十二章-新產品開發團隊的管理 創新管理-第十二章-新產品開發團隊的管理
創新管理-第十二章-新產品開發團隊的管理
 
創新管理-第十二章-形成部署戰略
創新管理-第十二章-形成部署戰略創新管理-第十二章-形成部署戰略
創新管理-第十二章-形成部署戰略
 
Dropbox startup lessons learned
Dropbox startup lessons learned Dropbox startup lessons learned
Dropbox startup lessons learned
 
創新管理-第十章-組織創新
創新管理-第十章-組織創新創新管理-第十章-組織創新
創新管理-第十章-組織創新
 
創新管理-第九章-保護創新
創新管理-第九章-保護創新創新管理-第九章-保護創新
創新管理-第九章-保護創新
 
創新管理-第八章-合作戰略
創新管理-第八章-合作戰略創新管理-第八章-合作戰略
創新管理-第八章-合作戰略
 
Introduction of SEO,Search Engine Optimization
Introduction of SEO,Search Engine OptimizationIntroduction of SEO,Search Engine Optimization
Introduction of SEO,Search Engine Optimization
 
W6-創新管理-第四章-確定組織的戰略方向
W6-創新管理-第四章-確定組織的戰略方向W6-創新管理-第四章-確定組織的戰略方向
W6-創新管理-第四章-確定組織的戰略方向
 
W5-創新管理-第五章-進入時機
W5-創新管理-第五章-進入時機 W5-創新管理-第五章-進入時機
W5-創新管理-第五章-進入時機
 
w7-Digital Marketing-Advertising
w7-Digital Marketing-Advertisingw7-Digital Marketing-Advertising
w7-Digital Marketing-Advertising
 
w5-Digital Marketing
w5-Digital Marketingw5-Digital Marketing
w5-Digital Marketing
 
W4-創新管理-第四章-標準之爭與主導設計
W4-創新管理-第四章-標準之爭與主導設計 W4-創新管理-第四章-標準之爭與主導設計
W4-創新管理-第四章-標準之爭與主導設計
 
W3-創新管理-第三章-創新的類型和方式
W3-創新管理-第三章-創新的類型和方式W3-創新管理-第三章-創新的類型和方式
W3-創新管理-第三章-創新的類型和方式
 
W2-創新管理-第二章-創新的來源
W2-創新管理-第二章-創新的來源W2-創新管理-第二章-創新的來源
W2-創新管理-第二章-創新的來源
 
W1-創新管理-第一章-技術創新的重要性
W1-創新管理-第一章-技術創新的重要性W1-創新管理-第一章-技術創新的重要性
W1-創新管理-第一章-技術創新的重要性
 

Dernier

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 

Dernier (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 

20190514 websecurity