readme

2025-04-27 11:09:09 -04:00 · 2014-12-30 18:56:44 -05:00 · 2014-12-30 18:56:44 -05:00 · 623c013018
commit 623c013018
parent c5796321ce
2 changed files with 31 additions and 8 deletions
--- a/Cryptography/PyCrypto/simple_example.py
+++ b/Cryptography/PyCrypto/simple_example.py
@ -0,0 +1,23 @@
+#!/usr/bin/env python
+
+def example_sha():
+    from Crypto.Hash import SHA256
+    hash = SHA256.new()
+    hash.update('message')
+    print hash.digest()
+
+def example_aes():
+    from Crypto.Cipher import AES
+    IV = '1234567890123456'
+    KEY = 'Hello There!'
+    obj = AES.new(KEY, AES.MODE_CBC, IV)
+    message = "The answer is no"
+    ciphertext = obj.encrypt(message)
+    print ciphertext
+    obj2 = AES.new(KEY, AES.MODE_CBC, IV)
+    print obj2.decrypt(ciphertext)
+
+
+if __name__ == '__main__':
+    example_sha()
+    #example_aes()
--- a/Web_Security/README.md
+++ b/Web_Security/README.md
@ -220,7 +220,7 @@ http://!$^&*()_+`-={}|[]:;@www.google.com

 * The first line of a request is modified to include protocol version information and it's followed by zero or more name:value pairs (headers):
 	- User-Agent: browser version information
-	- Host: URL hostanme
+	- Host: URL hostname
 	- Accept: supported MIME documents( such as text/plain or audio/MPEG)
 	- Accept-Language: supported language codes
 	- Referer: originating page for the request
@ -298,19 +298,19 @@ Set-Cookie: SID=472ndsw;expires=DATE;path=/;domain=SITE,HttpOnly

 * IE doesn't always observer port number.

-* Wildcard * policies is ill-advised: explose content on your domain to script access from any/all origins.
+* Wildcard * policies is ill-advised: explore content on your domain to script access from any/all origins.

 ### Cross-Domain Policies

 * Extend SOP beyond a document's origin.
 * Permit applets originating from another domain access to resources.
-* Permit issuing arbritary HTTP requests with whitelisted headers.
+* Permit issuing arbitrary HTTP requests with whitelisted headers.

 ### CORS - Cross Origin Resource Sharing

-* Browser allows XMLHttpRequest's to acess response data return from cross-origin requests when:
-	- Response contains Acess-Control-Allow -Origin header
-	- Requst's Origin value is defined in set
+* Browser allows XMLHttpRequest's to access response data return from cross-origin requests when:
+	- Response contains Access-Control-Allow -Origin header
+	- Request's Origin value is defined in set


 ----
@ -623,7 +623,7 @@ Authorization: Basic YWRtaW46YWRtaW4=
 * Parameter manipulation: insecure direct object reference (DB record id's exposed to user).

 *  Failure to restrict URL access:
-	- protect sensitive functionality by disabling the display of links, buttons, URL, and hiddel URL or parameters.
+	- protect sensitive functionality by disabling the display of links, buttons, URL, and hidden URL or parameters.
 	- forceful browsing is a common attack technique: typically results in vertical escalation, administrative interfaces.


@ -673,7 +673,7 @@ Authorization: Basic YWRtaW46YWRtaW4=

 1. Define an XML entity in the DTD
 2. Reference defined entity in XML body.
-3. Parser will read /etc/passwd contents into e1:
+3. Parser will read /etc/passwd contents:

 ```
 <!DOCTYPE test [<!ENTITY x3 System "/etc/passwrd">]>