[go: up one dir, main page]

Skip to content

Getting started with java code auditing 代码审计入门的小项目

License

Notifications You must be signed in to change notification settings

cn-panda/JavaCodeAudit

Repository files navigation

About

The articles in this series are aimed at people who have a basic knowledge of Java's basic syntax. The contents of this series of articles mainly include:

  • Introduction to audit environment
  • SQL vulnerability principle and actual case introduction
  • XSS vulnerability principle and actual case introduction
  • SSRF vulnerability principle and actual case introduction
  • RCE vulnerability principle and actual case introduction
  • Includes vulnerability principles and actual case introductions
  • Serialization vulnerability principle and actual case introduction
  • S2 series classic vulnerability analysis
  • WebLogic series of classic vulnerability analysis
  • fastjson series classic vulnerability analysis
  • Jackson series classic vulnerability analysis, etc.

The content order may be slightly adjusted, but the overall content will not change. Finally, I hope that this series of articles can bring you a little gain.

This project contains the source code needed based on the above article

Have fun

关于

本系列的文章面向人群主要是拥有 Java 基本语法基础的朋友,系列文章的内容主要包括:

  • 审计环境介绍
  • SQL 漏洞原理与实际案例介绍
  • XSS 漏洞原理与实际案例介绍
  • SSRF 漏洞原理与实际案例介绍
  • RCE 漏洞原理与实际案例介绍
  • 包含漏洞原理与实际案例介绍
  • 序列化漏洞原理与实际案例介绍
  • S2系列经典漏洞分析
  • WebLogic 系列经典漏洞分析
  • fastjson系列经典漏洞分析
  • jackson系列经典漏洞分析等

可能内容顺序会略有调整,但是总体内容不会改变,最后希望这系列的文章能够给你带来一点收获。

本项目包含了基于上述文章中需要的源码

玩的开心