Where can I find a description of web vulnerabilities in Russian?

O

One Miay2014-06-21 18:53:28

Computer networks

One Miay, 2014-06-21 18:53:28

All the best!
Guys, I am writing a web-vulnerability scanner, in the report I want to display not only information on the vulnerable script, but also a general description of the type of vulnerability, and general recommendations for their elimination.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Appp Zooo, 2014-06-21
@ikeagold

I found a short list here:

Here are some of the most common problems:
Cross Site Scripting
SQL injection
PHP injection
HTTP Response Splitting
HTML code injection
File Inclusion
Directory traversal and some others.

well, this resource www.securitylab.ru
may be useful. Here is another and another google :

A1 Injection (Injections, for example SQL - injection)
A2 Cross Site Scripting (XSS - cross site scripting)
A3 Broken Authentication and Session Management (authentication errors)
A4 Insecure Direct Object References (unprotected resources and objects)
A5 Cross Site Request Forgery (CSRF -
A6 Security Misconfiguration A7
Failure to Restrict URL Access
A8 Unvalidated Redirects and Forwards
A9 Insecure Cryptographic Storage
A10 Insufficient Transport Layer Protection transmission)

Most likely, recommendations can be peeped in existing vulnerability analyzers. Maybe someone will tell you some good ones :) habrahabr.ru/post/141803
Often they write about protection methods (well, there are descriptions of functions, etc.) in the documentation of those programming languages that you want to analyze.

A

Andrey K, 2014-06-22
@mututunus

habrahabr.ru/post/226321