軟體安全開源開發框架介紹 1. Java Encoder 解決安全問題: XSS注入攻擊 官網參考 https://www.owasp.org/index.php/OWASP_Java_Encoder_Project https://github.com/OWASP/owasp-java-encoder https://owasp.github.io/owasp-java-encoder/ https://owasp.github.io/owasp-java-encoder/encoder/apidocs/index.html?index-all.html 2. OWASP Java HTML Sanitizer 解決安全問題: XSS注入攻擊 https://github.com/owasp/java-html-sanitizer…
Web Security
威脅分析的開源工具分享
Microsoft Threat Modeling Tool 2016 https://www.microsoft.com/en-us/download/details.aspx?id=49168 Elevation of Privilege (EoP) Threat Modeling Card Game https://www.microsoft.com/en-us/download/confirmation.aspx?id=20303 OWASP Cornucopia https://www.owasp.org/index.php/OWASP_Cornucopia
WAF 偵測流程設計圖
WAF 偵測流程設計圖 參考: IronBee 設計 測試用例資料參考: https://github.com/ironbee/ironbee/tree/master/libs/libhtp/test/files https://github.com/ironbee/ironbee/tree/master/docs