BestHub
Sign in
Tagged articles
341 articles
Page 4 of 4
Tongcheng Travel Technology Center
Tongcheng Travel Technology Center
Mar 27, 2017 · Backend Development

Course Schedule for March 27–31: SOA Architecture, Distributed Systems, MVC Project Practice, and Security Programming

The schedule outlines a five‑day series of backend‑focused sessions covering SOA architecture, DSF database integration, distributed system fundamentals, web security programming, and hands‑on MVC project development for a tourism hotel order system, culminating in assessment review and graduation preparation.

MVCSOAWeb Security
0 likes · 2 min read
Course Schedule for March 27–31: SOA Architecture, Distributed Systems, MVC Project Practice, and Security Programming
ITPUB
ITPUB
Mar 20, 2017 · Information Security

Essential Web Penetration Testing Q&A: From Recon to Exploit Techniques

This article compiles 42 practical questions and answers covering information gathering, vulnerability identification, exploitation tactics, and remediation advice for web applications, databases, servers, and common security mechanisms, providing a concise reference for penetration testers and security engineers.

CMS EnumerationSQL injectionServer Exploitation
0 likes · 17 min read
Essential Web Penetration Testing Q&A: From Recon to Exploit Techniques
MaGe Linux Operations
MaGe Linux Operations
Mar 17, 2017 · Information Security

How to Prevent SQL Injection in Python Web Applications

This article explains why SQL injection occurs in Python web development, demonstrates vulnerable code using string concatenation, shows the resulting errors, and provides two effective solutions—input escaping and MySQLdb's parameterized queries—to secure your applications.

Parameterized QueriesPythonSQL injection
0 likes · 5 min read
How to Prevent SQL Injection in Python Web Applications
Efficient Ops
Efficient Ops
Mar 12, 2017 · Information Security

Understanding the CVE-2017-5638 Struts2 RCE: Impact, Stats, and Fixes

The article examines the high‑risk CVE‑2017‑5638 vulnerability in Apache Struts2, detailing its remote code execution mechanism, global impact statistics across industries and regions, and provides comprehensive detection methods and three tiers of remediation solutions.

Apache StrutsCVE-2017-5638Patch management
0 likes · 6 min read
Understanding the CVE-2017-5638 Struts2 RCE: Impact, Stats, and Fixes
21CTO
21CTO
Mar 3, 2017 · Fundamentals

Why HTTP Is Insecure and How HTTPS Secures Your Web Traffic

This article explains the concept of communication protocols, defines HTTP and its security shortcomings, introduces HTTPS with its encryption mechanisms, compares their performance and cost implications, and clarifies common misconceptions, helping developers understand why HTTPS is essential for modern web applications.

HTTPHTTPSProtocols
0 likes · 7 min read
Why HTTP Is Insecure and How HTTPS Secures Your Web Traffic
ITPUB
ITPUB
Mar 3, 2017 · Information Security

How Attackers Exploit SQL Injection and XSS – Techniques and Defenses

This article explains the mechanics of SQL injection and XSS attacks, demonstrates common exploitation methods such as table‑name guessing, error‑based and union queries, shows a vulnerable authentication script, and provides practical defensive coding techniques to mitigate these threats.

Authentication BypassSQL injectionWeb Security
0 likes · 10 min read
How Attackers Exploit SQL Injection and XSS – Techniques and Defenses
ITPUB
ITPUB
Feb 6, 2017 · Information Security

Mastering SQL Injection: Types, Techniques, and Real‑World Examples

This article provides a practical introduction to SQL injection, covering its fundamentals, common attack vectors such as Boolean‑based, error‑based, and UNION‑based injections, step‑by‑step exploitation examples with PHP code, and tips for constructing payloads and understanding their impact on vulnerable web applications.

Boolean-basedDatabase ExploitationError-based
0 likes · 13 min read
Mastering SQL Injection: Types, Techniques, and Real‑World Examples
360 Quality & Efficiency
360 Quality & Efficiency
Nov 1, 2016 · Information Security

Understanding SQL Injection Attacks and Defensive Techniques

The article reviews the author’s experience with security testing, explains the severe risks of SQL injection, demonstrates vulnerable server‑side code, and provides practical remediation methods such as input sanitization, type casting, and using prepared statements with PDO.

Database SecurityPDOSQL injection
0 likes · 5 min read
Understanding SQL Injection Attacks and Defensive Techniques
Qunar Tech Salon
Qunar Tech Salon
Oct 17, 2016 · Information Security

Design and Implementation of a Cloud‑Based Web Application Firewall at Ctrip

This article describes Ctrip's challenges with web security, evaluates hardware and commercial cloud WAF shortcomings, and presents a low‑cost, low‑risk cloud‑based WAF solution that leverages DNS redirection, closed‑loop rule management, Lua/Tengine deployment, supervised machine‑learning log analysis, and big‑data streaming for real‑time threat detection and mitigation.

Big DataWAFWeb Security
0 likes · 9 min read
Design and Implementation of a Cloud‑Based Web Application Firewall at Ctrip
MaGe Linux Operations
MaGe Linux Operations
Sep 28, 2016 · Information Security

Essential HTTP Security Headers Every Web Developer Should Use

This guide explains the most important HTTP response security headers—such as X‑Frame‑Options, X‑Content‑Type‑Options, X‑XSS‑Protection, Content‑Security‑Policy, Strict‑Transport‑Security, and CORS headers—detailing their purpose, possible values, and how to configure them in Apache to harden web applications.

ApacheCORSContent Security Policy
0 likes · 6 min read
Essential HTTP Security Headers Every Web Developer Should Use
Efficient Ops
Efficient Ops
Aug 15, 2016 · Information Security

Why Upgrading to HTTPS Is Essential and How Baidu Did It

This article explains why migrating to HTTPS is critical for modern web applications, outlines the technical challenges such as compatibility, latency, and attacks, and details Baidu's practical solutions and free options for small sites to adopt full‑site HTTPS securely and efficiently.

BaiduHTTPSPerformance Optimization
0 likes · 13 min read
Why Upgrading to HTTPS Is Essential and How Baidu Did It
Ctrip Technology
Ctrip Technology
Jun 30, 2016 · Information Security

Anti‑Crawling Strategies and System Design: Insights from Ctrip Hotel R&D

This article shares practical anti‑crawling concepts, classifications of crawlers, design principles, traditional and JavaScript‑based countermeasures, and operational trade‑offs, illustrating how Ctrip's hotel R&D team balances commercial protection with technical feasibility.

BackendSystem DesignWeb Security
0 likes · 15 min read
Anti‑Crawling Strategies and System Design: Insights from Ctrip Hotel R&D
ITPUB
ITPUB
Jun 15, 2016 · Information Security

How to Exploit and Defend Against MongoDB Injection Attacks

This article explains why MongoDB is chosen, demonstrates practical PHP injection techniques against MongoDB queries, shows how to enumerate databases and collections, and provides concrete defensive measures such as using implode(), addslashes() and regex sanitization to prevent attacks.

Database SecurityDefensive CodingMongoDB
0 likes · 5 min read
How to Exploit and Defend Against MongoDB Injection Attacks
21CTO
21CTO
Jun 10, 2016 · Information Security

Secure Your Site with HTTPS in 30 Minutes Using Let’s Encrypt

This guide walks you through obtaining a free Let’s Encrypt certificate, installing it on typical hosting platforms, fixing common private‑key issues, verifying the setup, and enforcing HTTPS for all requests, all in under half an hour.

HTTPSLet’s EncryptSSL
0 likes · 5 min read
Secure Your Site with HTTPS in 30 Minutes Using Let’s Encrypt
ITPUB
ITPUB
May 25, 2016 · Information Security

Defending Nginx Against CC Attacks with Cookie Validation and Lua Rate Limiting

This guide explains how to use simple Nginx configurations, enhanced cookie checks, and Lua scripts to create unforgeable tokens, limit request rates, and protect web services from CC attacks, scanning tools, and other malicious traffic while maintaining normal user access.

LuaNGINXWeb Security
0 likes · 13 min read
Defending Nginx Against CC Attacks with Cookie Validation and Lua Rate Limiting
Art of Distributed System Architecture Design
Art of Distributed System Architecture Design
May 23, 2016 · Information Security

Testing HTTP Header Parameters for SQL Injection: Coverage, Tools, and Best Practices

The article examines how HTTP header and cookie parameters can serve as SQL injection vectors, evaluates the coverage of commercial and open‑source web vulnerability scanners, demonstrates manual testing techniques, and recommends tools such as sqlmap for comprehensive security assessments.

SQL injectionSQLMapWeb Security
0 likes · 13 min read
Testing HTTP Header Parameters for SQL Injection: Coverage, Tools, and Best Practices
ITPUB
ITPUB
May 5, 2016 · Information Security

Understanding SQL Injection Through a Simple Robot Analogy

The article uses a warehouse‑robot analogy to illustrate how mixing user‑supplied data with commands leads to SQL injection and explains that separating commands from data via parameterized queries prevents this security flaw.

Parameterized QuerySQL injectionSecurity
0 likes · 5 min read
Understanding SQL Injection Through a Simple Robot Analogy
21CTO
21CTO
Apr 1, 2016 · Information Security

Understanding HTTPS: How SSL/TLS Secures Web Communication

This article explains HTTPS fundamentals, its encryption mechanisms, differences from HTTP, the roles of symmetric and asymmetric cryptography, hash functions, digital signatures, certificate issuance and validation, as well as SSL/TLS protocols, handshake steps, and session resumption techniques that secure web communications.

HTTPSSSLTLS
0 likes · 18 min read
Understanding HTTPS: How SSL/TLS Secures Web Communication
21CTO
21CTO
Mar 20, 2016 · Information Security

7 Surprising Attack Techniques Hackers Use to Exploit Everyday Users

This article surveys seven modern hacking tricks—from fake Wi‑Fi hotspots and cookie theft to file‑name deception, path hijacking, hosts‑file redirection, watering‑hole attacks, and bait‑replacement—explaining how they work, why they succeed, and practical defenses for users and developers.

Web Securityinformation securitymalware
0 likes · 13 min read
7 Surprising Attack Techniques Hackers Use to Exploit Everyday Users
21CTO
21CTO
Feb 6, 2016 · Information Security

Essential Web Application Security Checklist: From Input Validation to Server Hardening

This guide outlines a comprehensive security checklist covering form input validation, safe system call handling, buffer overflow prevention, strong password policies, session protection, mitigation of XSS, SQL injection, CSRF, Apache and MySQL hardening, PHP configuration, and fuzz testing techniques.

Password policyWeb Securityapache hardening
0 likes · 6 min read
Essential Web Application Security Checklist: From Input Validation to Server Hardening
Java High-Performance Architecture
Java High-Performance Architecture
Jan 24, 2016 · Information Security

What Is a CC Attack and How to Defend Against It?

CC attacks, a variant of DDoS that exploits legitimate web requests via proxies, overwhelm servers by forcing intensive URL processing; this article explains their mechanics, differences from traditional DDoS, and outlines practical defenses such as cloud WAFs, IP analysis, static content, and connection‑rate limiting.

CC AttackCloud WAFDDoS
0 likes · 6 min read
What Is a CC Attack and How to Defend Against It?
Architect
Architect
Jan 19, 2016 · Information Security

100 Practical Web Application Defense Techniques from the Web Application Defender's Cookbook

The article presents a comprehensive list of one hundred concrete web‑application security techniques—ranging from HTTP request analysis and token validation to WAF rule conversion, honeypot deployment, IP reputation checks, and response‑time monitoring—derived from the book “Web Application Defender's Cookbook” and illustrated with real‑world examples and tool references.

ModSecuritySecurity OperationsThreat Detection
0 likes · 16 min read
100 Practical Web Application Defense Techniques from the Web Application Defender's Cookbook
Qunar Tech Salon
Qunar Tech Salon
Dec 17, 2015 · Information Security

100 Web Application Defense Techniques from the ‘Web Application Defender’s Cookbook’

The article presents a comprehensive list of one hundred practical web‑application defense techniques—ranging from HTTP request analysis and ModSecurity rule creation to honeypot deployment and automated threat intelligence—drawn from the under‑appreciated book “Web Application Defender’s Cookbook.”

Defensive TechniquesModSecurityWAF
0 likes · 17 min read
100 Web Application Defense Techniques from the ‘Web Application Defender’s Cookbook’
Architect
Architect
Dec 16, 2015 · Information Security

Understanding HTTPS Certificates, Trust Chains, and Security Practices

This article explains how HTTPS certificates are trusted, the role of Certificate Authorities, how browsers verify signatures, common pitfalls such as compromised root certificates, and practical measures like CSP and gradual rollout strategies to ensure secure web deployments across different regions and devices.

CSPHTTPSTLS
0 likes · 8 min read
Understanding HTTPS Certificates, Trust Chains, and Security Practices
Architects Research Society
Architects Research Society
Nov 24, 2015 · Information Security

Understanding Common Web Application Attacks and the OWASP Top 10

The article explains how modern web and cloud‑based applications are increasingly exposed to a range of application‑layer attacks—including injection, XSS, broken authentication, and insecure redirects—while highlighting OWASP’s Top 10 list, the importance of secure development practices, and IBM’s educational webinar series.

OWASPSecure CodingWeb Security
0 likes · 10 min read
Understanding Common Web Application Attacks and the OWASP Top 10
ITPUB
ITPUB
Nov 16, 2015 · Information Security

5 Hidden Signs Your Web Application Is Compromised and How to Respond

The article outlines five subtle indicators of a web application breach—abnormal behavior, irregular logs, unexpected processes or users, file modifications, and warning messages—while offering practical monitoring and remediation steps to help security teams detect and mitigate attacks early.

Web Securityapplication monitoringincident response
0 likes · 7 min read
5 Hidden Signs Your Web Application Is Compromised and How to Respond
Java High-Performance Architecture
Java High-Performance Architecture
Oct 6, 2015 · Information Security

Understanding CSRF Attacks and How to Prevent Them

This article explains how CSRF (Cross‑site request forgery) tricks authenticated users into performing attacker‑controlled actions, illustrates a typical admin‑addition scenario, and outlines two primary defenses—CAPTCHA verification and dynamic token validation—to effectively mitigate such attacks.

CSRFCaptchaCross-Site Request Forgery
0 likes · 3 min read
Understanding CSRF Attacks and How to Prevent Them
21CTO
21CTO
Sep 12, 2015 · Information Security

How Browser Fingerprinting Works and How to Defend Against It

This article explains the many data points browsers expose—such as IP, cookies, language, hardware, and HTML5 APIs—that enable device fingerprinting, describes how fingerprinting scripts operate, and outlines practical countermeasures like disabling JavaScript, using privacy extensions, and configuring browser settings.

Browser FingerprintingHTML5 APIsJavaScript
0 likes · 10 min read
How Browser Fingerprinting Works and How to Defend Against It
High Availability Architecture
High Availability Architecture
Jul 30, 2015 · Information Security

Web Application Security Threats and Mitigation Strategies

This article outlines the most common web application security threats—including XSS, SQL injection, CSRF, transmission hijacking, credential leaks, brute‑force attacks, and token theft—and provides practical mitigation techniques such as proper escaping, CSP, parameterized queries, CSRF tokens, HTTPS, HSTS, HPKP, encrypted password storage, two‑factor authentication, and robust token handling.

CSPCSRFHTTPS
0 likes · 26 min read
Web Application Security Threats and Mitigation Strategies
Architect
Architect
Jul 23, 2015 · Information Security

Web Security in Front‑End Development: XSS and CSRF Prevention with Midway

This article explains common web security threats such as XSS and CSRF in a front‑end/back‑end separated architecture and demonstrates how the Midway framework provides HTML escaping, rich‑text filtering, and token‑based CSRF protection to safeguard user data and application integrity.

CSRFHTML EscapeMidway
0 likes · 13 min read
Web Security in Front‑End Development: XSS and CSRF Prevention with Midway
Art of Distributed System Architecture Design
Art of Distributed System Architecture Design
Jul 16, 2015 · Information Security

Beyond GET/POST: Testing HTTP Headers and Cookies for SQL Injection

This article examines how web vulnerability scanners handle non‑traditional input vectors such as HTTP headers and cookies, demonstrates manual exploitation techniques for header‑based SQL injection, compares scanner coverage and accuracy, and offers practical guidance for developers and penetration testers.

SQL injectionSQLMapWeb Security
0 likes · 14 min read
Beyond GET/POST: Testing HTTP Headers and Cookies for SQL Injection
Art of Distributed System Architecture Design
Art of Distributed System Architecture Design
May 21, 2015 · Information Security

Understanding DDoS Attacks via Malicious JavaScript and Mitigation with HTTPS and Subresource Integrity

The article explains how malicious JavaScript can turn browsers into participants of DDoS attacks through techniques like server hijacking and man‑in‑the‑middle injection, and describes how HTTPS and the emerging Subresource Integrity feature can help protect websites from such threats.

DDoSHTTPSJavaScript
0 likes · 6 min read
Understanding DDoS Attacks via Malicious JavaScript and Mitigation with HTTPS and Subresource Integrity
Baidu Tech Salon
Baidu Tech Salon
Sep 26, 2014 · Information Security

Web Front‑End Security: External Link Restrictions, Rich‑Text XSS, Opener Phishing, and Clickjacking Mitigations

The article outlines front‑end web security tactics—blocking all user‑supplied external links, sanitizing rich‑text to prevent XSS and iframe abuse, nullifying window.opener to stop phishing redirects—while recommending CSP, whitelist CSS, sandboxed iframes, and click‑through confirmations as mitigations.

CSRFFront-endWeb Security
0 likes · 13 min read
Web Front‑End Security: External Link Restrictions, Rich‑Text XSS, Opener Phishing, and Clickjacking Mitigations
Baidu Tech Salon
Baidu Tech Salon
Apr 15, 2014 · Information Security

Web Traffic Hijacking: Risks, Techniques, and Defenses

Web traffic hijacking exploits the plaintext nature of HTTP to inject malicious scripts, steal cookies and saved passwords, poison caches or offline storage, bypass HTTPS redirects, and even compromise downloads, making unauthenticated browsing, auto‑fill features, and public Wi‑Fi especially dangerous without proper defenses.

HTTPSTraffic HijackingWeb Security
0 likes · 27 min read
Web Traffic Hijacking: Risks, Techniques, and Defenses