-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
网络攻击篇 #6
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
XSS 攻击
实现 XSS 攻击的三种方式
存储型
反射型
文档型攻击
防止 XSS 攻击
CSRF 攻击
CSRF 攻击的三种方式
GET 请求
POST 类型的 CSRF
链接类型的CSRF
CSRF攻击使用了服务器的检验漏洞和用户的登陆状态模拟用户的操作达到攻击的目的
CSRF 防止措施
SameSite 的三个值
strict
禁止第三方请求携带 cookie,Lax 模式允许 get 请求携带 cookie,None 模式表示请求会携带 cookie。Origin 和 Referer
。Origin
包含域名信息,Referer
包含了具体请求的URL路径。The text was updated successfully, but these errors were encountered: