VIPKID SRC助力华山论剑•2020网络安全大会发出网络安全“西安”声音
华山论剑·2020网络安全大会(第三届全国信息安全企业家高峰论坛暨第五届SSC安全峰会)将于10月14至15
Aggregator
Web Application and API Protection: From SQL Injection to Magecart
5 years 4 months ago
SQL injections were first discovered in 1998, and over 20 years later, they remain an unsolved challenge and an ongoing threat for every web application and API. The Open Web Application Security Project (OWASP) highlighted injection flaws in its Top 10 lists for both web application security risks and API security threats.
Renny Shen
聊聊Google的工程实践(二)
5 years 4 months ago
推荐基本和谷歌有关的书籍,以及几个前谷歌技术人的公众号。
聊聊Google的工程实践(二)
5 years 4 months ago
推荐基本和谷歌有关的书籍,以及几个前谷歌技术人的公众号。
聊聊Google的工程实践(二)
5 years 4 months ago
推荐基本和谷歌有关的书籍,以及几个前谷歌技术人的公众号。
开源信息收集周报#56
5 years 4 months ago
本报告部分引自Week in OSINT栏目,每周推荐好玩实用的工具,站点,技巧,文章等,适用于任何领域的研究人员,分析测试人员。
开源信息收集周报#56
5 years 4 months ago
本报告部分引自Week in OSINT栏目,每周推荐好玩实用的工具,站点,技巧,文章等,适用于任何领域的研究人员,分析测试人员。
Every Application Should Be Behind a WAF
5 years 4 months ago
It's no secret that security threats continue to expand in volume and variety, making headlines on virtually a daily basis. From nation-state attacks, corporate espionage, and data exfiltration campaigns to all-in-one and sneaker bot campaigns, businesses across the globe find themselves dealing with a deluge of inbound threats. The increased amount and variation of threats, and the proliferation of apps being deployed and managed by teams and individuals across the enterprise, can make securing apps and data feel like trying to keep water out of a submerged sieve.
Ari Weil
DDCTF 2020 Writeup
5 years 4 months ago
今年改了赛制, 可以两人组队, 我觉得改的还是不错的, 终于不用现场表演学习逆向和 pwn 了, 成功和 Ary 师傅打到了第三 233
对数据安全的一些思考
5 years 4 months ago
近几年,系统安全方面的体系建设日渐完善。但数据安全方面,并没有看到一个完善的体系出来,它就是阿喀琉斯的脚后跟,稍微干一下,就跪了。
对数据安全的一些思考
5 years 4 months ago
近几年,系统安全方面的体系建设日渐完善。但数据安全方面,并没有看到一个完善的体系出来,它就是阿喀琉斯的脚后跟,稍微干一下,就跪了。
WebLogic 反序列化CVE连环三连击
5 years 4 months ago
CVE-2020-2555、CVE-2020-2883、CVE-2020-14645,WebLogic 同一个反序列化利用链的补丁绕过攻防战。
WebLogic 反序列化CVE连环三连击
5 years 4 months ago
CVE-2020-2555、CVE-2020-2883、CVE-2020-14645,WebLogic 同一个反序列化利用链的补丁绕过攻防战。
WebLogic 反序列化CVE连环三连击
5 years 4 months ago
CVE-2020-2555、CVE-2020-2883、CVE-2020-14645,WebLogic 同一个反序列化利用链的补丁绕过攻防战。
WebLogic 反序列化CVE连环三连击
5 years 4 months ago
CVE-2020-2555、CVE-2020-2883、CVE-2020-14645,WebLogic 同一个反序列化利用链的补丁绕过攻防战。
WebLogic 反序列化CVE连环三连击
5 years 4 months ago
CVE-2020-2555、CVE-2020-2883、CVE-2020-14645,WebLogic 同一个反序列化利用链的补丁绕过攻防战。
WebLogic 反序列化CVE连环三连击
5 years 4 months ago
CVE-2020-2555、CVE-2020-2883、CVE-2020-14645,WebLogic 同一个反序列化利用链的补丁绕过攻防战。
WebLogic 反序列化CVE连环三连击
5 years 4 months ago
CVE-2020-2555、CVE-2020-2883、CVE-2020-14645,WebLogic 同一个反序列化利用链的补丁绕过攻防战。
Threat modeling a machine learning system
5 years 4 months ago
This post is part of a series about machine learning and artificial intelligence. Click on the blog tag “huskyai” to see all the posts, or visit the machine learning attack series overview section.
In the previous post we walked through the steps required to gather training data, build and test a model to build “Husky AI”.
This post is all about threat modeling the system to identify scenarios for attacks which we will perform in the upcoming posts.
MLOps - Operationalizing the machine learning model
5 years 4 months ago
This post is part of a series about machine learning and artificial intelligence.
In the previous post we walked through the steps required to gather training data, build and test a model.
In this post we dive into “Operationalizing” the model. The scenario is the creation of Husky AI and my experiences and learnings from that.
Part 3 - Operationalizing the Husky AI modelThis actually took much longer than planned.
Since I used TensorFlow, I naively thought it would be very straight forward to implement a Golang web server to host the model. Turns out that TensorFlow/Keras is not that as straightforward to integrate with Golang, it requires a lot of extra steps. So, I ended up picking Python for the web server.