您的位置:首页 > 编程语言 > ASP

摘抄——OWASP_Code_Review_Guide-V1_1 (1)

2015-11-13 09:28 666 查看

不信任的数据来源

HTTP REQUEST STRINGS

request.accepttypes

request.browser

request.files

request.headers

request.httpmethod

request.item

request.querystring

request.form

request.cookies

request.certificate

request.rawurl

request.servervariables

request.url

request.urlreferrer

request.useragent

request.userlanguages

request.IsSecureConnection

request.TotalBytes

request.BinaryRead

InputStream

HiddenField.Value

TextBox.Text

recordSet

HTML OUTPUT

response.write

<% =

HttpUtility

HtmlEncode

UrlEncode

innerText

innerHTML

INPUT AND OUTPUT STREAMS

Java.io

java.util.zip

java.util.jar

FileInputStream

ObjectInputStream

FilterInputStream

PipedInputStream -

SequenceInputStream

StringBufferInputStream

BufferedReader

ByteArrayInputStream

CharArrayReader

File

ObjectInputStream

PipedInputStream

StreamTokenizer

getResourceAsStream

java.io.FileReader

java.io.FileWriter

java.io.RandomAccessFile

java.io.File

java.io.FileOutputStream

mkdir

renameTo

SERVLETS

javax.servlet.*

getParameterNames

getParameterValues

getParameter

getParameterMap

getScheme

getProtocol

getContentType

getServerName

getRemoteAddr

getRemoteHost

getRealPath

getLocalName

getAttribute

getAttributeNames

getLocalAddr

getAuthType

getRemoteUser

getCookies

isSecure

HttpServletRequest

getQueryString

getHeaderNames

getHeaders

getPrincipal

getUserPrincipal

isUserInRole

getInputStream

getOutputStream

getWriter

addCookie

addHeader

setHeader

setAttribute

putValue

javax.servlet.http.Cookie

getName

getPath

getDomain

getComment

getMethod

getPath

getReader

getRealPath

getRequestURI

getRequestURL

getServerName

getValue

getValueNames

getRequestedSessionId

CROSS SITE SCRIPTING

javax.servlet.ServletOutputStream.print

javax.servlet.jsp.JspWriter.print

java.io.PrintWriter.print

RESPONSE SPLITTING

javax.servlet.http.HttpServletResponse.sendRedirect

addHeader, setHeader

REDIRECTION

sendRedirect

setStatus

addHeader, setHeader

SQL & DATABASE

0dbc

executeQuery

select

insert

update

delete

execute

executestatement

createStatement

java.sql.ResultSet.getString

java.sql.ResultSet.getObject

java.sql.Statement.executeUpdate

java.sql.Statement.executeQuery

java.sql.Statement.execute

java.sql.Statement.addBatch

java.sql.Connection.prepareStatement

java.sql.Connection.prepareCall

SESSION MANAGEMENT

getSession

invalidate

getId

Ajax and JavaScript

document.write

eval

document.cookie

window.location

document.URL
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: