摘抄——OWASP_Code_Review_Guide-V1_1 (1)
2015-11-13 09:28
666 查看
不信任的数据来源
HTTP REQUEST STRINGS
request.accepttypesrequest.browser
request.files
request.headers
request.httpmethod
request.item
request.querystring
request.form
request.cookies
request.certificate
request.rawurl
request.servervariables
request.url
request.urlreferrer
request.useragent
request.userlanguages
request.IsSecureConnection
request.TotalBytes
request.BinaryRead
InputStream
HiddenField.Value
TextBox.Text
recordSet
HTML OUTPUT
response.write<% =
HttpUtility
HtmlEncode
UrlEncode
innerText
innerHTML
INPUT AND OUTPUT STREAMS
Java.iojava.util.zip
java.util.jar
FileInputStream
ObjectInputStream
FilterInputStream
PipedInputStream -
SequenceInputStream
StringBufferInputStream
BufferedReader
ByteArrayInputStream
CharArrayReader
File
ObjectInputStream
PipedInputStream
StreamTokenizer
getResourceAsStream
java.io.FileReader
java.io.FileWriter
java.io.RandomAccessFile
java.io.File
java.io.FileOutputStream
mkdir
renameTo
SERVLETS
javax.servlet.*getParameterNames
getParameterValues
getParameter
getParameterMap
getScheme
getProtocol
getContentType
getServerName
getRemoteAddr
getRemoteHost
getRealPath
getLocalName
getAttribute
getAttributeNames
getLocalAddr
getAuthType
getRemoteUser
getCookies
isSecure
HttpServletRequest
getQueryString
getHeaderNames
getHeaders
getPrincipal
getUserPrincipal
isUserInRole
getInputStream
getOutputStream
getWriter
addCookie
addHeader
setHeader
setAttribute
putValue
javax.servlet.http.Cookie
getName
getPath
getDomain
getComment
getMethod
getPath
getReader
getRealPath
getRequestURI
getRequestURL
getServerName
getValue
getValueNames
getRequestedSessionId
CROSS SITE SCRIPTING
javax.servlet.ServletOutputStream.printjavax.servlet.jsp.JspWriter.print
java.io.PrintWriter.print
RESPONSE SPLITTING
javax.servlet.http.HttpServletResponse.sendRedirectaddHeader, setHeader
REDIRECTION
sendRedirectsetStatus
addHeader, setHeader
SQL & DATABASE
0dbcexecuteQuery
select
insert
update
delete
execute
executestatement
createStatement
java.sql.ResultSet.getString
java.sql.ResultSet.getObject
java.sql.Statement.executeUpdate
java.sql.Statement.executeQuery
java.sql.Statement.execute
java.sql.Statement.addBatch
java.sql.Connection.prepareStatement
java.sql.Connection.prepareCall
SESSION MANAGEMENT
getSessioninvalidate
getId
Ajax and JavaScript
document.writeeval
document.cookie
window.location
document.URL
相关文章推荐
- asp.net 子页面关闭刷新父页面
- asp.net 子页面关闭刷新父页面
- asp.net夜话之五:Page类和回调技术
- (easyui datagrid+mvc+json)之asp.net分页查询
- Asp.net页面间传值方式汇总
- ASP.NET页面通过URL传递参数(一)(转载)
- Request 分别获取具有相同 name 属性表单元素值—— 怀念 Classic ASP (转自博客园)
- ASP.NET 5 开发者的五个阶段
- Struts2整合jasperreport缓存处理方法
- asp.net下载文件几种方式
- Asp.net获取程序路径
- IIS对ASP的解析问题
- ASP.NET 页生命周期概述
- ASP.NET 简单鼠标右键效果contextmenutrip
- .Net动态代理Castle系列
- ASP.NET两个常见的异常 如未能创建 Mutex
- asp.net 后台按钮事件弹出新页而不被阻止
- asp.net 后台按钮事件弹出新页而不被阻止
- Asp.Net Form验证
- asp.net中操作Word问题记录