02
Jul
lftp登陆时不会泄漏密码
tcpdump分析了FTP和LFTP方式登录服务器数据包,发现使用lftp登陆时的request是AUTH/TLS,对这个协议不是太了解,反正传输过程中看不到明文的用户名和密码。
用FTP直接连接的时候用户名和密码能够直接被捕获到,服务器那边直接就request USER和PASSWORD。
10
Nov
安全检测工具
Web Application Vulnerability Scanners are tools designed to automatically scan web applications for potential vulnerabilities. These tools differ from general vulnerability assessment tools in that they do not perform a broad range of checks on a myriad of software and hardware. Instead, they perform other checks, such as potential field manipulation and cookie poisoning, which allows a more focused assessment of web applications by exposing vulnerabilities of which standard VA tools are unaware.
