readme

Cryptography/PyCrypto/simple_example.py

@@ -0,0 +1,23 @@
+#!/usr/bin/env python
+
+def example_sha():
+    from Crypto.Hash import SHA256
+    hash = SHA256.new()
+    hash.update('message')
+    print hash.digest()
+
+def example_aes():
+    from Crypto.Cipher import AES
+    IV = '1234567890123456'
+    KEY = 'Hello There!'
+    obj = AES.new(KEY, AES.MODE_CBC, IV)
+    message = "The answer is no"
+    ciphertext = obj.encrypt(message)
+    print ciphertext
+    obj2 = AES.new(KEY, AES.MODE_CBC, IV)
+    print obj2.decrypt(ciphertext)
+
+
+if __name__ == '__main__':
+    example_sha()
+    #example_aes()

Web_Security/README.md

@@ -220,7 +220,7 @@ http://!$^&*()_+`-={}|[]:;@www.google.com
 
 * The first line of a request is modified to include protocol version information and it's followed by zero or more name:value pairs (headers):
 	- User-Agent: browser version information
-	- Host: URL hostanme
+	- Host: URL hostname
 	- Accept: supported MIME documents( such as text/plain or audio/MPEG)
 	- Accept-Language: supported language codes
 	- Referer: originating page for the request
@@ -298,19 +298,19 @@ Set-Cookie: SID=472ndsw;expires=DATE;path=/;domain=SITE,HttpOnly
 
 * IE doesn't always observer port number.
 
-* Wildcard * policies is ill-advised: explose content on your domain to script access from any/all origins.
+* Wildcard * policies is ill-advised: explore content on your domain to script access from any/all origins.
 
 ### Cross-Domain Policies
 
 * Extend SOP beyond a document's origin.
 * Permit applets originating from another domain access to resources.
-* Permit issuing arbritary HTTP requests with whitelisted headers.
+* Permit issuing arbitrary HTTP requests with whitelisted headers.
 
 ### CORS - Cross Origin Resource Sharing
 
-* Browser allows XMLHttpRequest's to acess response data return from cross-origin requests when:
+* Browser allows XMLHttpRequest's to access response data return from cross-origin requests when:
-	- Response contains Acess-Control-Allow -Origin header
+	- Response contains Access-Control-Allow -Origin header
-	- Requst's Origin value is defined in set
+	- Request's Origin value is defined in set
 
 
 ----
@@ -623,7 +623,7 @@ Authorization: Basic YWRtaW46YWRtaW4=
 * Parameter manipulation: insecure direct object reference (DB record id's exposed to user).
 
 *  Failure to restrict URL access:
-	- protect sensitive functionality by disabling the display of links, buttons, URL, and hiddel URL or parameters.
+	- protect sensitive functionality by disabling the display of links, buttons, URL, and hidden URL or parameters.
 	- forceful browsing is a common attack technique: typically results in vertical escalation, administrative interfaces.
 
 
@@ -673,7 +673,7 @@ Authorization: Basic YWRtaW46YWRtaW4=
 
 1. Define an XML entity in the DTD
 2. Reference defined entity in XML body.
-3. Parser will read /etc/passwd contents into e1:
+3. Parser will read /etc/passwd contents:
 
 ```
 <!DOCTYPE test [<!ENTITY x3 System "/etc/passwrd">]>