作者:/ 文档制作:代码审计目录 1. 概述......................................................................2 2. 输入验证和输出显示.........................................................2 1. 命令注入............................................................3 2. 跨站脚本............................................................3 3. 文件包含............................................................4 4. 代码注入............................................................4 5. SQL注入.............................................................4 6. XPath注入...........................................................4 7. HTTP响应拆分........................................................5 8. 文件管理............................................................5 9. 文件上传............................................................5 10. 变量覆盖............................................................5 11. 动态函数............................................................6 3. 会话安全..................................................................6 1. HTTPOnly设置........................................................6 2. domain设置..........................................................6 3. path设置............................................................6 4. cookies持续时间......................................................6 5. secure设置..........................................................6 6. session固定.........................................................7 7. CSRF................................................................7 4. 加密......................................................................7 1. 明文存储密码.........................................................7 2. 密码弱加密...........................................................7 3. 密码存储在攻击者能访问到的文件.........................................7 5. 认证和授权.................................................................7 1. 用户认证............................................................7 1. 函数或文件的未认证调用................................................7 3. 密码硬编码......
PHP代码审计.pdf 来自淘豆网m.daumloan.com转载请标明出处.
