这篇博客主要介绍了Web安全的基础知识,包括HTTP GET与POST请求的区别,静态与动态内容的生成,以及SQL注入、XSS攻击的概念和防范措施。通过举例说明了SQL注入如何利用服务器到数据库的交互漏洞,以及如何防止通过数据混淆为代码的错误。同时,讨论了XSS攻击破坏同源政策的原理,强调了正确处理用户输入和会话管理的重要性。
1.Question 1
What is one difference between an HTTP GET and an HTTP POST request?
Only GET requests are subject to the same-origin policy
*Only POST requests may include parameter data in the request body
Only POST requests can encode parameters in the URL
Only GET requests use the REFERER header
2.Question 2
Which of the following is true about static and dynamic web content?
*The server often produces dynamic content based on the contents of the database
Static pages may include PHP programs, which execute at the browser
Static content may be re-generated with each request
Javascript programs embedded in HTML pages are run server-side to produce dynamic content(-)
3.Question 3
SQL injection exploits a bug in what interaction of a web application?
*Server to database
Client to server(-)
Server to client
Network to server
4.Question 4
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
