雲端資訊安全

4個Fuzz Testing Python範例程式

4個Fuzz Testing Python範例程式 [pastacode lang=”python” manual=”from%20scapy.all%20import%20*%0AIP_ADDRESS%3D%22127.0.0.1%22%0APORT%3D6653%0A%0Adef%20sendPacket()%3A%0A%09sock%3Dsocket.socket()%0A%09sock.connect((IP_ADDRESS%2CPORT))%0A%09stream%3DStreamSocket(sock)%0A%09stream.send(%22%5Cx04%5Cx00%5Cx00%5Cx08%5Cx00%5Cx00%5Cx00%5Cx01%22)%0A%09stream.close()%0A%0Aif%20__name__%3D%3D%E2%80%99__main__%E2%80%99%3A%0A%09for%20i%20in%20range(0%2C100000)%3A%0A%09%09sendPacket()%0A” message=”” highlight=”” provider=”manual”/]   [pastacode lang=”python” manual=”%0Afrom%20scapy.all%20import%20*%0AIP_ADDRESS%3D%22127.0.0.1%22%0APORT%3D40004%0A%0Aif%20__name__%3D%3D%E2%80%99__main__%E2%80%99%3A%0A%0A%09for%20i%20in%20range(0%2C1000)%3A%0A%09%09sock%3Dsocket.socket()%0A%09%09sock.connect((IP_ADDRESS%2CPORT))%0A%09%09stream%3DStreamSocket(sock)%0A%09%09payload%3D%22!%23%25%26%22%0A%09%09stream.send(payload)%0A%09%09stream.close()%0A” message=”” highlight=”” provider=”manual”/]   [pastacode lang=”python” manual=”from%20scapy.all%20import%20*%0A%0AIP_ADDRESS%3D%22127.0.0.1%22%0APORT%3D34343%0A%0Aif%20__name__%3D%3D%E2%80%99__main__%E2%80%99%3A%0A%0Afor%20i%20in%20range(0%2C1000)%3A%0A%09sock%3Dsocket.socket()%0A%09sock.connect((IP_ADDRESS%2CPORT))%0A%09stream%3DStreamSocket(sock)%0A%09payload%3D%22%5Cx30%5Cx0a%5Cx33%5Cx32%5Cx37%5Cx36%5Cx39%5Cx0a%22%0A%09stream.send(payload)%0A%09stream.close()%0A”…

Read More

安全的編譯你的程式

    https://www.rsaconference.com/writable/presentations/file_upload/asec-f02-writing-secure-software-is-hard-but-at-least-add-mitigations_final.pdf   https://www.owasp.org/images/5/54/OWASPSpain8_VULNEX_BinSecSweeper.pdf   Microsoft Security Development Lifecycle (SDL) Process Guidance – Version 5.2  http://www.microsoft.com/en-us/download/confirmation.aspx?id=29884 Exploitation相關技巧與防護 http://hick.org/~mmiller/presentations/misc/exploitation_techniques_and_mitigations_on_windows.pdf  …

Read More

12個PHP安全開發技巧

12個PHP安全開發技巧 1. 設定環境變數php.ini 設定 register_globals = off : 主要是避免 PHP 的變數內容被任意修改或是藉由其他輸入被修改, 產生不預期的結果 設定 session.use_only_cookies= 1: 這樣設定的目的主要避免  session ID可以任意從 $_GET取得 設定 session.cookie_httponly…

Read More