security

问题 I am working on doing a check for Firewalls. The following code quite easily checks the status of the default Windows Firewall: INetFwMgr manager = GetFireWallManager(); bool isFirewallEnabled = manager.LocalPolicy.CurrentProfile.FirewallEnabled; if (isFirewallEnabled == false) { Console.WriteLine("Firewall is not enabled."); } else { Consoe.WriteLine("Firewall is enabled."); } Console.ReadLine(); private static INetFwMgr GetFireWallManager() { Type objectType = Type.GetTypeFromCLSID(new Guid

问题 I'm not sure if this is on-topic or not here, but it's so specific to .NET WinForms that I believe it makes more sense here than at the Security stackexchange site. (Also, it's related strictly to secure coding , and I think it's as on-topic as any question asking about common website vulnerabilities that I see all over the site.) For years, our team has been doing threat modeling on Website projects. Part of our template includes the OWASP Top 10 plus other well-known vulnerabilities, so

问题 We are doing a security evaluation. There is a chance that a malicious user can inject arbitrary CSS into another user's web pages, although we are not sure it can actually be exploited. I understand he could totally change the page look, even causing nothing to be displayed at all. Is that all? What is the worst that could happen? Can JavaScript be embedded in CSS? Can he "steal" the other user's cookies? And initiate another session? 回答1: Take a look here: Ultimate XSS CSS injection HTML

问题 We are doing a security evaluation. There is a chance that a malicious user can inject arbitrary CSS into another user's web pages, although we are not sure it can actually be exploited. I understand he could totally change the page look, even causing nothing to be displayed at all. Is that all? What is the worst that could happen? Can JavaScript be embedded in CSS? Can he "steal" the other user's cookies? And initiate another session? 回答1: Take a look here: Ultimate XSS CSS injection HTML

问题 I am trying to call a HTTPS REST API through Jersey Client . And on the course of development i stumble upon following error : Exception in thread "main" com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching mvn.signify.abc.com found at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149) at com.sun.jersey.api.client.Client.handle(Client.java:648) at

问题 Closed . This question is opinion-based. It is not currently accepting answers. Want to improve this question? Update the question so it can be answered with facts and citations by editing this post. Closed 8 months ago . I'm in the process of opening up a company that will eventually hire 2-5 developers to work on a large web app. My main concern is that one or more developers could steal the code. I could make them sign contracts against this type of thing, but I live in a country where the

问题 We have our site integrated as an iframe into another site that runs on a different domain. It seems that we cannot set cookies. Has anybody encountered this issue before? Any ideas? 回答1: Since your content is being loaded into an iframe from a remote domain, it is classed as a third-party cookie . The vast majority of third-party cookies are provided by advertisers (these are usually marked as tracking cookies by anti-malware software) and many people consider them to be an invasion of

问题 We have our site integrated as an iframe into another site that runs on a different domain. It seems that we cannot set cookies. Has anybody encountered this issue before? Any ideas? 回答1: Since your content is being loaded into an iframe from a remote domain, it is classed as a third-party cookie . The vast majority of third-party cookies are provided by advertisers (these are usually marked as tracking cookies by anti-malware software) and many people consider them to be an invasion of

问题 Using AntiForgeryToken requires each request to pass a valid token, so malicious web pages with simple script posting data to my web application won't succeed. But what if a malicious script will first make some simple GET request (by Ajax) in order to download the page containing the antiforgery token in a hidden input field, extracts it, and use it to make a valid POST? Is it possible, or am I missing something? 回答1: Yes, this is all you need to do. As long as you generate a new token on

问题 Using AntiForgeryToken requires each request to pass a valid token, so malicious web pages with simple script posting data to my web application won't succeed. But what if a malicious script will first make some simple GET request (by Ajax) in order to download the page containing the antiforgery token in a hidden input field, extracts it, and use it to make a valid POST? Is it possible, or am I missing something? 回答1: Yes, this is all you need to do. As long as you generate a new token on