From 623c013018380dd3849d73a71bc37bda25e3a678 Mon Sep 17 00:00:00 2001 From: Mari Wahl Date: Tue, 30 Dec 2014 18:56:44 -0500 Subject: [PATCH] readme --- Cryptography/PyCrypto/simple_example.py | 23 +++++++++++++++++++++++ Web_Security/README.md | 16 ++++++++-------- 2 files changed, 31 insertions(+), 8 deletions(-) create mode 100644 Cryptography/PyCrypto/simple_example.py diff --git a/Cryptography/PyCrypto/simple_example.py b/Cryptography/PyCrypto/simple_example.py new file mode 100644 index 0000000..12e0745 --- /dev/null +++ b/Cryptography/PyCrypto/simple_example.py @@ -0,0 +1,23 @@ +#!/usr/bin/env python + +def example_sha(): + from Crypto.Hash import SHA256 + hash = SHA256.new() + hash.update('message') + print hash.digest() + +def example_aes(): + from Crypto.Cipher import AES + IV = '1234567890123456' + KEY = 'Hello There!' + obj = AES.new(KEY, AES.MODE_CBC, IV) + message = "The answer is no" + ciphertext = obj.encrypt(message) + print ciphertext + obj2 = AES.new(KEY, AES.MODE_CBC, IV) + print obj2.decrypt(ciphertext) + + +if __name__ == '__main__': + example_sha() + #example_aes() \ No newline at end of file diff --git a/Web_Security/README.md b/Web_Security/README.md index c57fc15..edfb111 100644 --- a/Web_Security/README.md +++ b/Web_Security/README.md @@ -220,7 +220,7 @@ http://!$^&*()_+`-={}|[]:;@www.google.com * The first line of a request is modified to include protocol version information and it's followed by zero or more name:value pairs (headers): - User-Agent: browser version information - - Host: URL hostanme + - Host: URL hostname - Accept: supported MIME documents( such as text/plain or audio/MPEG) - Accept-Language: supported language codes - Referer: originating page for the request @@ -298,19 +298,19 @@ Set-Cookie: SID=472ndsw;expires=DATE;path=/;domain=SITE,HttpOnly * IE doesn't always observer port number. -* Wildcard * policies is ill-advised: explose content on your domain to script access from any/all origins. +* Wildcard * policies is ill-advised: explore content on your domain to script access from any/all origins. ### Cross-Domain Policies * Extend SOP beyond a document's origin. * Permit applets originating from another domain access to resources. -* Permit issuing arbritary HTTP requests with whitelisted headers. +* Permit issuing arbitrary HTTP requests with whitelisted headers. ### CORS - Cross Origin Resource Sharing -* Browser allows XMLHttpRequest's to acess response data return from cross-origin requests when: - - Response contains Acess-Control-Allow -Origin header - - Requst's Origin value is defined in set +* Browser allows XMLHttpRequest's to access response data return from cross-origin requests when: + - Response contains Access-Control-Allow -Origin header + - Request's Origin value is defined in set ---- @@ -623,7 +623,7 @@ Authorization: Basic YWRtaW46YWRtaW4= * Parameter manipulation: insecure direct object reference (DB record id's exposed to user). * Failure to restrict URL access: - - protect sensitive functionality by disabling the display of links, buttons, URL, and hiddel URL or parameters. + - protect sensitive functionality by disabling the display of links, buttons, URL, and hidden URL or parameters. - forceful browsing is a common attack technique: typically results in vertical escalation, administrative interfaces. @@ -673,7 +673,7 @@ Authorization: Basic YWRtaW46YWRtaW4= 1. Define an XML entity in the DTD 2. Reference defined entity in XML body. -3. Parser will read /etc/passwd contents into e1: +3. Parser will read /etc/passwd contents: ``` ]>