POWDER

Are there any alternatives to ICRA for self-regulated content labeling of websites?

早过忘川 提交于 2019-12-23 15:07:48
问题 I'm working with a gambling website that historically has labeled itself using the ICRA Vocabulary expressed with RDF and PICS labeling. Its my understanding that these labels were interpreted by systems such as Internet Explorer 6 Content Advisor to block website access. Unfortunately, the ICRA labeling scheme seems to be defunct as evidenced by the ICRA Homepage. the ICRA labeling engine has been discontinued. While all current labels will continue to work with Internet content filters, the

Parsing HTML: Adult Classification Systems

大城市里の小女人 提交于 2019-12-08 02:01:40
问题 I'm research the different and (sometimes obsolete) Ratings/Classification standards used on the web. i.e. PICS, POWDER, ICRA Which standard is the most popular (number of sites using it)? Is there a C# library which will handle any (or all) of these? 回答1: You shouldn’t use PICS anymore. From http://www.w3.org/2007/powder/: POWDER has superseded PICS as the recommended method for describing Web sites and building applications that act on such descriptions. A comparison of PICS and POWDER is

2019测试指南-web应用程序安全测试(二)查看信息泄漏的网页注释和元数据

冷暖自知 提交于 2019-11-30 13:03:37
程序员在源代码中包含详细的注释和元数据是非常常见的,甚至是推荐的。但是,HTML代码中包含的注释和元数据可能会泄露潜在攻击者无法获得的内部信息。应该进行评论和元数据审查,以确定是否泄露了任何信息。 测试目标 查看网页评论和元数据,以便更好地了解应用程序并查找任何信息泄漏。 如何测试 开发人员经常使用HTML注释来包含有关应用程序的调试信息。有时他们会忘记评论,并将其留在生产中。测试人员应该查找以“”开头的HTML注释。 黑盒测试 检查HTML源代码以获取包含敏感信息的注释,这些注释可以帮助攻击者更深入地了解应用程序。它可能是SQL代码,用户名和密码,内部IP地址或调试信息。 ... <div class =“table2”> <div class =“col1”> 1 </ div> <div class =“col2”> Mary </ div> <div class =“col1”> 2 </ div> <div class =“col2”> Peter </ div> <div class =“col1”> 3 </ div> <div class =“col2”> Joe </ div> <! - 查询:SELECT id,name FROM app.users WHERE active ='1' - > </ DIV> ... 测试人员甚至可能会发现这样的事情: <! -
订阅 POWDER