Download Latest Version java_sec_code_v20200407.zip (88.7 kB)
Email in envelope

Get an email when there's a new version of Java Sec Code

Home / v1.0.1
Name Modified Size InfoDownloads / Week
Parent folder
java_sec_code_v20190724.tar.gz 2019-07-24 65.1 kB
0
java_sec_code_v20190724.zip 2019-07-24 91.9 kB
0
README.md 2019-07-24 950 Bytes
0
Totals: 3 Items   157.9 kB 0
  • Add login authentication system using spring-security.
  • Add global CSRF and Referer check variables and switch in application.properties.
  • Add pathTravelsal vulnerability and security code.
  • Add Sql Injection using mybatis.
  • Add rememberMe deserialize vulnerability and override resolveClass method to prevent deserialize.
  • Add SSTI vulnerability of velocity.
  • Add json convert to jsonp function.
  • Add httpclient SSRF vulnerability code.
  • Add SSRF checker.
  • 新增登录系统通过spring-security
  • 添加全局的CSRF和Referer检测的开关和变量。
  • 新增路径遍历漏洞和安全代码;
  • 新增使用mybatis的SQL注入;
  • 新增rememberMe的反序列化漏洞和利用覆盖resolveClass方法来防御反序列化;
  • 新增velocity导致的SSTI漏洞;
  • 新增JSON自动转换为JSONP功能;
  • 新增老版本httpclient的SSRF漏洞;
  • 新增SSRF安全Checker类;
Source: README.md, updated 2019-07-24