v3n0m-Scanner/Linux-v3n0m ยท GitHub - Vimperator Same-origin policy Security measure for client-side scripting This mechanism bears a particular significance for modern web applications that extensively depend on HTTP cookies[1] to maintain authenticated user sessions, as servers act based on the HTTP cookie information to reveal sensitive information or take state-changing actions. A strict separation between content provided by unrelated sites must be maintained on the client-side to prevent the loss of data confidentiality or integrity. It is very important to remember that the same-origin policy applies only to scripts. This means that resources such as images, CSS, and dynamically-loaded scripts, can be accessed across origins via the corresponding HTML tags[2] (with fonts being a notable exception[3]). Cross site request forgery attacks take advantage of the fact that the same origin policy does not apply to HTML tags. History[edit] The concept of same-origin policy dates back to Netscape Navigator 2 in 1995. Implementation[edit] JSONP[edit]
Damn Vulnerable Web App Cross-origin resource sharing Mechanism to request restricted resources from another domain CORS defines a way in which a browser and server can interact to determine whether or not it is safe to allow the cross-origin request.[3] It allows for more freedom and functionality than purely same-origin requests, but is more secure than simply allowing all cross-origin requests. The specification for CORS was originally published as a W3C Recommendation[4] but that document is obsolete.[5] The current actively-maintained specification that defines CORS is WHATWG's Fetch Living Standard.[6] How CORS works[edit] The CORS standard describes new HTTP headers which provide browsers a way to request remote URLs only when they have permission. Simple example[edit] Suppose a user visits and the page attempts a cross-origin request to fetch the user's data from Preflight example[edit] OPTIONS / Host: service.example.com Origin: [edit] [edit] [edit] History[edit]
BlackArch - ArchWiki - Vimperator Specialty Distributions alphaOS alphaOS is a simple and minimalistic Linux distribution for the x86-64 architecture, built using Linux Live Kit set of scripts developed by Tomas M. It is based on Arch Linux and uses pacman as the default package manager. Antergos Antergos is an elegant and very customizable system for desktop. ArchAssault ArchAssault, everything you love about Arch Linux but with the security professional and hackers in mind. The ARM line is to help you build the security devices of your dreams with many Open Source devices on the market. ArchBang ArchBang LIVE CD = Arch Linux w/ Openbox (the name is inspired by CrunchBang Linux, which is Debian Linux w/ Openbox) ArchEX ArchEX, based on Arch Linux, is one of the Linux Live DVDs created by C.A. Homepage: Screenshot: DistroWatch Entry: Arch Linux ARM Arch Linux ARM is the new unified effort from PlugApps & ArchMobile. archboot BBQLinux
OPTIONS - HTTP The HTTP OPTIONS method is used to describe the communication options for the target resource. The client can specify a URL for the OPTIONS method, or an asterisk (*) to refer to the entire server. Syntax OPTIONS /index.html HTTP/1.1 OPTIONS * HTTP/1.1 Examples Identifying allowed request methods To find out which request methods a server supports, one can use curl and issue an OPTIONS request: curl -X OPTIONS -i The response then contains an Allow header with the allowed methods: HTTP/1.1 204 No Content Allow: OPTIONS, GET, HEAD, POST Cache-Control: max-age=604800 Date: Thu, 13 Oct 2016 11:45:00 GMT Expires: Thu, 20 Oct 2016 11:45:00 GMT Server: EOS (lax004/2813) x-ec-custom-error: 1 Preflighted requests in CORS In CORS, a preflight request with the OPTIONS method is sent, so that the server can respond whether it is acceptable to send the request with these parameters. Specifications Browser compatibility The compatibility table in this page is generated from structured data.
The TCP/IP Guide The TCP/IP Guide Welcome to the free online version of The TCP/IP Guide! My name is Charles and I am the author and publisher. I hope you will find the material here useful to you in your studies of computing, networking, and programming. Here are a few tips, links and reminders to help you out: Introduction: Newcomers to The TCP/IP Guide may wish to read the Introduction and Guide to the Guide, which will explain what the Guide is about and provide you with useful information about how to use it. Last but definitely not least: this site is provided as an online reference resource for casual use. If you like The TCP/IP Guide enough to want your own copy in convenient PDF format, please license the full Guide. Thanks again and enjoy the site! Charles Home - Table Of Contents - Contact Us
Anti CSRF Tokens ASP.NET In short, CSRF abuses the trust relationship between browser and server. This means that anything that a server uses in order to establish trust with a browser (e.g., cookies, but also HTTP/Windows Authentication) is exactly what allows CSRF to take place - but this only the first piece for a successful CSRF attack. The second piece is a web form or request which contains parameters predictable enough that an attacker could craft his own malicious form/request which, in turn, would be successfully accepted by the target service. Then, usually through social engineering or XSS, the victim would trigger that malicious form/request submission while authenticated to the legitimate service. This is where the browser/server trust is exploited. In order to prevent CSRF in ASP.NET, anti-forgery tokens (also known as request verification tokens) must be utilized. These tokens are simply randomly-generated values included in any form/request that warrants protection. Solutions NOT considered secure
Offensive Computer Security Home Page (CIS 4930 / CIS 5930) Spring 2014 - Vimperator Instructors Prof. Xiuwen Liu (homepage: W. Owen Redwood (homepage: Course Time and Location Mondays and Wednesdays (Not Fridays) at 3:35PM-4:50PM, HCB 0216. This web site contains the up-to-date information related to this class such as news, announcements, assignments, lecture notes, and useful links to resources that are helpful to this class. Office Hours Prof Liu - Tuesdays and Thursdays from 11AM - 12noon LOV 166(Love building). Also available is Joshua Lawrence - Tuesday and Thursdays from 2PM-3PM in LOV 167. Rationale: The primary incentive for an attacker to exploit a vulnerability, or series of vulnerabilities is to achieve a return on an investment (his/her time usually). License This work is licensed under a Creative Commons license.
Cipherli.st - Strong Ciphers for Apache, nginx and Lighttpd