#Webセキュリティ
6 posts-
explanationSQL Injection Explained — How It Works, Common Attack Techniques, and Defenses
SQL injection (SQLi) is a long-standing vulnerability where user input is concatenated directly into SQL statements, let...
-
explanationCSRF Explained — How Cross-Site Request Forgery Works and How to Defend Against It
CSRF (Cross-Site Request Forgery) is a vulnerability where the victim, while logged in to a target site, is tricked by a...
-
explanationLFI/RFI Explained — How Local/Remote File Inclusion Works, Attack Techniques, and Defenses
LFI (Local File Inclusion) and RFI (Remote File Inclusion) occur when a web application takes a filename or URL from use...
-
explanationHTTP Security Headers — A Second Line of Defense That Tells the Browser How to Defend Itself
HTTP security headers are response headers the server uses to control browser behavior, blocking browser-side attacks li...
-
explanationSSRF Explained — How Server-Side Request Forgery Works, Attack Techniques, and Defenses
SSRF (Server-Side Request Forgery) is a vulnerability where the web application's server fetches an attacker-supplied UR...
-
explanationXSS Explained — How Cross-Site Scripting Works and How to Defend Against It
Cross-site scripting (XSS) injects malicious script into a web application so that it runs inside another user's browser...