WebIntroductionV2-Ch06B

About the T utorialThis tutorial provides a simple and practical way of understanding the essential areas of developing a website. It also provides elementary insights and an overview of the subject that is necessary to understand the world of web technologies.This tutorial covers all that is required to become a good Web Developer.AudienceThis tutorial is aimed at students who are interested in learning website development. It provides an in-depth coverage – starting from basics to Hosting concepts. In addition, it throws light on emerging concepts like E-commerce.PrerequisitesIt is an elementary tutorial and you can easily understand the concepts explained here with a basic knowledge of computers.Copyright & Disclaimer© Copyright 2015 by Tutorials Point (I) Pvt. Ltd.All the content and graphics published in this e-book are the property of Tutorials Point (I) Pvt. Ltd. The user of this e-book is prohibited to reuse, retain, copy, distribute or republish any contents or a part of contents of this e-book in any manner without written consent of the publisher.We strive to update the contents of our website and tutorials as timely and as precisely as possible, however, the contents may contain inaccuracies or errors. Tutorials Point (I) Pvt. Ltd. provides no guarantee regarding the accuracy, timeliness or completeness of our website or its contents including this tutorial. If you discover any errors on our website or inthistutorial,******************************************iT able of ContentsAbout the Tutorial (i)Audience (i)Prerequisites (i)Copyright & Disclaimer (i)Table of Contents .................................................................................................................................. i i 1.WEB - BASIC CONCEPTS .. (1)What is Internet? (1)Internet-Based Services (1)What is WWW? (1)What is HTTP? (2)What is URL? (2)What is Website? (2)What is Web Server? (2)What is Web Browser? (3)What is SMTP Server? (3)What is ISP? (3)What is HTML? (3)What is Hyperlink? (4)What is DNS? (4)What is W3C? (4)2.WEB – HOW IT WORKS? (5)How the Web Works (5)In Short (6)3.WEB - BROWSER TYPES (7)ii4.WEB – SERVER TYPES (10)5.WEB – SITE ADVANTAGES (12)Business is Open 24x7 (12)Increased Customer Base (12)Tremendous Cost Saving (12)Advertising Opportunities (12)Creates a Brand Image (12)Customer Satisfaction (13)Showcase Your Work (13)6.WEB – SKILLS REQUIRED (14)7.WEB – TOOLS REQUIRED (16)8.WEB – DOMAIN NAMES (18)How to Get a Domain Name? (18)Domain Extension Types (18)Choosing a Domain Name (19)What are Sub-Domains (19)9.WEB – SITE CONSTRUCTION (21)What to Put on Your Website? (21)How to Design Your Website? (21)How to Make a Website Interactive? (22)How to Code Your Website? (23)How to Create a Search Engine Friendly Website? (23)Securing Your Source Code Frequently (24)10.WEB – HOSTING CONCEPTS (25)iiiHosting Platforms (25)Hosting Types (25)Hosting Components (26)11.WEB – ECOMMERCE HOSTING (29)12.WEB – SITE BACKUP (30)How Frequently Backup Should be Taken? (30)Where the Backup Should be Preserved? (30)What Type of Backup Should be Taken? (31)Who Should Take These Backup? (31)Conclusion (31)13.WEB – SITE STATISTICS (32)Statistics Programs (32)Site Statistics Terminology (33)14.WEB – SITE POPULARITY (34)15.WEB – FREE GRAPHICS (35)16.WEB – SUMMARY (36)ivWeb Developers’ Guide 5What is Internet?The Internet is essentially a global network of computing resources. You can think of the Internet as a physical collection of routers and circuits as a set of shared resources. Some common definitions given in the past include:∙A network of networks based on the TCP/IP communications protocol. ∙A community of people who use and develop those networks. ∙ A community of people who use and develop those networks.Internet-Based ServicesSome of the basic services available to Internet users are:∙Email: A fast, easy, and inexpensive way to communicate with other Internet users around the world. ∙∙Telnet : Allows a user to log into a remote computer as though it were a local system. ∙∙FTP: Allows a user to transfer virtually every kind of file that can be stored on a computer from one Internet-connected computer to another. ∙∙UseNet news : A distributed bulletin board that offers a combination news and discussion service on thousands of topics. ∙∙ World Wide Web (WWW): A hypertext interface to Internet information resources. What is WWW?WWW stands for W orld W ide W eb. A technical definition of the World Wide Web is: All the resources and users on the Internet that are using the Hypertext Transfer Protocol (HTTP).A broader definition comes from the organization that Web inventor Tim Berners-Lee helped found, the World Wide Web Consortium (W3C): The World Wide Web is the universe of network-accessible information, an embodiment of human knowledge.In simple terms, The World Wide Web is a way of exchanging information between computers on the Internet, tying them together into a vast collection of interactive multimedia resources.1.6What is HTTP?HTTP stands for H yper t ext T ransfer P rotocol. This is the protocol being used to transfer hypertext documents that makes the World Wide Web possible.A standard web address such as /is called a URL and here the prefix http indicates its protocolWhat is URL?URL stands for U niform R esource L ocator, and is used to specify addresses on the World Wide Web. A URL is the fundamental network identification for any resource connected to the web (e.g., hypertext pages, images, and sound files).A URL will have the following format:The protocol specifies how information is transferred from a link. The protocol used for web resources is HyperText Transfer Protocol (HTTP). Other protocols compatible with most web browsers include FTP, telnet, newsgroups, and Gopher.The protocol is followed by a colon, two slashes, and then the domain name. The domain name is the computer on which the resource is located.Links to particular files or subdirectories may be further specified after the domain name. The directory names are separated by single forward slashes.What is Website?Currently you are on our website which is a collection of various pages written in HTML markup language. This is a location on the web where people can find tutorials on latest technologies. Similarly, there are millions of websites available on the web.Each page available on the website is called a web page and first page of any website is called home page for that site.What is Web Server?Every Website sits on a computer known as a Web server. This server is always connected to the internet. Every Web server that is connected to the Internet is given a unique address made up of a series of four numbers between 0 and 256 separated by periods. For example, 68.178.157.132 or 68.122.35.127.7When you register a Web address, also known as a domain name, such as you have to specify the IP address of the Web server that will host the site.We will see different type of Web servers in a separate chapter.What is Web Browser?Web Browsers are software installed on your PC. To access the Web you need a web browsers, such as Netscape Navigator, Microsoft Internet Explorer or Mozilla Firefox.Currently you must be using any sort of Web browser while you are navigating through my site . On the Web, when you navigate through pages of information this is commonly known as browsing or surfing.We will see different type of Web browsers in a separate chapter.What is SMTP Server?SMTP stands for S imple M ail T ransfer P rotocol Server. This server takes care of delivering emails from one server to another server. When you send an email to an email address, it is delivered to its recipient by a SMTP Server.What is ISP?ISP stands for I nternet S ervice P rovider. They are the companies who provide you service in terms of internet connection to connect to the internet.You will buy space on a Web Server from any Internet Service Provider. This space will be used to host your Website.What is HTML?HTML stands for H yper T ext M arkup L anguage. This is the language in which we write web pages for any Website. Even the page you are reading right now is written in HTML.This is a subset of Standard Generalized Mark-Up Language (SGML) for electronic publishing, the specific standard used for the World Wide Web.What is Hyperlink?A hyperlink or simply a link is a selectable element in an electronic document that serves as an access point to other electronic resources. Typically, you click the hyperlink to access the8linked resource. Familiar hyperlinks include buttons, icons, image maps, and clickable text links.What is DNS?DNS stands for D omain N ame S ystem. When someone types in your domain name, , your browser will ask the Domain Name System to find the IP that hosts your site. When you register your domain name, your IP address should be put in a DNS along with your domain name. Without doing it your domain name will not be functioning properly. What is W3C?W3C stands for W orld W ide W eb C onsortium which is an international consortium of companies involved with the Internet and the Web.The W3C was founded in 1994 by Tim Berners-Lee, the original architect of the World Wide Web. The organization's purpose is to develop open standards so that the Web evolves in a single direction rather than being splintered among competing factions. The W3C is the chief standards body for HTTP and HTML.Web Developers’ Guide 9On the simplest level, the Web physically consists of the following components:∙ Your personal computer - This is the PC at which you sit to see the web.∙ A Web browser - A software installed on your PC which helps you to browse the Web.∙ An internet connection - This is provided by an ISP and connects you to the internetto reach to any Website.∙ A Web server - This is the computer on which a website is hosted.∙ Routers & Switches - They are the combination of software and hardware who takeyour request and pass to appropriate Web server.The Web is known as a client-server system. Your computer is the client and the remote computers that store electronic files are the servers.How the Web WorksWhen you enter something like , the request goes to one of many special computers on the Internet known as Domain Name Servers (DNS ). All these requests are routed through various routers and switches. The domain name servers keep tables of machine names and their IP addresses, so when you type in , it gets translated into a number, which identifies the computers that serve the Google Website to you.When you want to view any page on the Web, you must initiate the activity by requesting a page using your browser. The browser asks a domain name server to translate the domain name you requested into an IP address. The browser then sends a request to that server for the page you want, using a standard called Hypertext Transfer Protocol or HTTP.The server should constantly be connected to the Internet, ready to serve pages to visitors. When it receives a request, it looks for the requested document and returns it to the Web browser. When a request is made, the server usually logs the client's IP address, the2.Web Developers’ Guide10document requested, and the date and time it was requested. This information varies server to server.An average Web page actually requires the Web browser to request more than one file from the Web server and not just the HTML / XHTML page, but also any images, style sheets, and other resources used in the web page. Each of these files including the main page needs a URL to identify each item. Then each item is sent by the Web server to the Web browser and Web browser collects all this information and displays them in the form of Web page.In ShortWe have seen how a Web client - server interaction happens. We can summarize these steps as follows:A user enters a URL into a browser (for example, ). This request is passed to a domain name server.The domain name server returns an IP address for the server that hosts the Website (for example, 68.178.157.132).The browser requests the page from the Web server using the IP address specified by the domain name server.The Web server returns the page to the IP address specified by the browser requesting the page. The page may also contain links to other files on the same server, such as images, which the browser will also request.The browser collects all the information and displays to your computer in the form of Web page.Web Developers’ Guide 11Web Browsers are software installed on your PC. To access the Web, you need a web browser, such as Netscape Navigator, Microsoft Internet Explorer or Mozilla Firefox.Currently you must be using any sort of Web browser while you are navigating through our site . On the Web, when you navigate through pages of information, this is commonly known as web browsing or web surfing.There are four leading web browsers: Explorer, Firefox, Netscape, and Safari, but there are many others browsers available. You might be interested in knowing Complete Browser Statistics . Now we will see these browsers in bit more detail.While developing a site, we should try to make it compatible to as many browsers as possible. Especially sites should be compatible to major browsers like Explorer, Firefox, Chrome, Netscape, Opera, and Safari.Internet ExplorerInternet Explorer (IE) is a product from software giant Microsoft. This is themost commonly used browser in the universe. This was introduced in 1995along 1998.You siteNetscapeNetscape is one of the original Web browsers. This is what Microsoftdesigned Internet Explorer to compete against. Netscape and IE comprisethe major portion of the browser market. Netscape was introduced in 1994.You can download latest copy of this browser from Download Netscape3.12MozillaMozilla is anopen-source Web browser, designed for standards compliance,performance and portability. The development and testing of the browser is coordinated by providing discussion forums, software engineering tools, releases and bug tracking. Browsers based on Mozilla code is the second largest browser family on the Internet today, representing about 30% of the Internet community.You can download latest copy of this browser from Download MozillaKonquerorKonqueror is an Open Source web browser with HTML 4.01 compliance, supporting Java applets, JavaScript, CSS 1, CSS 2.1, as well as Netscape plugins. This works as a file manager as well as it supports basic file management on local UNIX filesystems, from simple cut/copy and paste operations to advanced remote and local network file browsing.You can download latest copy of this browser from Download KonquerorFirefoxFirefox is a new browser derived from Mozilla. It was released in 2004 andhas grown to be the second most popular browser on the Internet.You can download a latest version of this browser from Download FirefoxSafariSafari is a web browser developed by Apple Inc. and included in Mac OS X.It was first released as a public beta in January 2003. Safari has very goodsupport for latest technologies like XHTML, CSS2 etc.You can download a latest version of this browser from Download SafariOperaOpera is smaller and faster than most other browsers, yet it is full- featured.Fast,functions, and more. Java and non Java-enabled versions available. Ideal for newcomers to the Internet, school children, handicap and as a front-end forCD-Rom and kiosks.13LynxLynx is a fully-featured World Wide Web browser for users on Unix, VMS, and other platforms running cursor-addressable, character-cell terminals or emulators.You can download a latest version of this browser from Download LynxWeb Developers’ Guide 14Every Website sits on a computer known as a Web server. This server is always connected to the internet. Every Web server that is connected to the Internet is given a unique address made up of a series of four numbers between 0 and 255 separated by periods. For example, 68.178.157.132 or 68.122.35.127.When you register a web address, also known as a domain name, such as you have to specify the IP address of the Web server that will host the site. You can load up with Dedicated Servers that can support your web-based operations.There are four leading web servers: Apache, IIS, lighttpd and Jagsaw. Now we will see these servers in bit more detail.Apart from these Web Servers, there are other Web Servers also available in the market but they are very expensive. Major ones are Netscape's iPlanet, Bea's Web Logic and IBM's WebSphere.Apache HTTP ServerThis is the most popular web server in the world developed by the ApacheSoftware Foundation. Apache web server is an open source software andcan be installed on almost all operating systems including Linux, Unix,Windows, FreeBSD, Mac OS X and more. About 60% of the web servermachines run the Apache Web Server.You can have Apache with tomcat module to have JSP and J2EE relatedsupport.You can have detailed information about this server at Apache HTTPServerInternet Information ServicesThe Internet Information Server (IIS) is a high performance Web Serverfrom Microsoft. This web server runs on Windows NT/2000 and 2003platforms ( and may be on upcoming new Windows version also). IIScomes bundled with Windows NT/2000 and 2003; Because IIS is tightlyintegrated with the operating system so it is relatively easy to administerit.4.Web Developers’ Guide15If you liked what you saw…Buy it from our store @ https://。

web项目实训手册在进行web项目实训时，手册是非常重要的参考资料。

以下是一个关于web项目实训手册的参考内容：1. 项目概述在手册的开头，应当包含对项目的简要概述。

这部分应该包括项目的背景、目的和范围等信息。

这个章节的目标是为读者提供项目的整体了解。

2. 项目需求这一章节应当详细列出项目的需求和功能。

这部分内容应该非常具体和清晰，包括用户需要的各种功能和操作。

可以按照模块来划分，每个模块列出对应的功能需求。

3. 技术要求在这个章节中，应当明确指出项目使用的技术要求。

这些技术要求包括开发语言、数据库、服务器等。

同时，还应指出项目的开发环境和运行环境的要求。

4. 项目架构这部分应该包含项目的整体架构设计。

可以使用流程图或者UML图来展示项目各个模块之间的关系和交互。

另外，还可以在这个章节中讨论项目的数据库设计、前端和后端的架构等。

5. 页面设计这个章节应当包含项目主要的页面设计。

可以使用截图或者手绘图来展示每个页面的设计。

应当注明每个页面的主要元素和功能。

6. 功能实现这个章节中应当详细说明每个功能的实现细节。

可以使用流程图或伪代码来展示功能的实现流程。

同时，也可以讨论一些关键的功能点和算法。

7. 测试计划在这个章节中，应当详细列出项目的测试计划。

包括测试的范围、测试的方法和工具等。

可以提供一些测试用例作为参考。

8. 项目管理在这个章节中，可以讨论项目的管理方法和工具。

可以包括任务分配、进度追踪和沟通工具等。

这部分可以帮助团队成员更好地协作和管理项目。

9. 问题解决这个章节应当列出一些常见问题和解决方法。

可以涉及到技术问题、开发工具问题以及团队合作问题等。

给出一些实用的解决方案可以帮助读者更好地应对问题。

10. 参考资料最后一个章节应当列出一些参考资料，包括书籍、论文、文档以及相关网站等。

这些资料可以帮助读者更深入地了解相关的技术和项目开发方法。

此外，手册的编写应当遵循清晰明了、准确简练的原则，使用简洁的语言和排版规范。

W E B软件配置使用说明书WEB软件配置使用说明书YH-8GE8GFWEB配置手册©copyright 20017-2027 by Shenzhen YHGT Technology Co.,Ltd. All rights reserved编写人/修订人审核人版本日期NA NA V1.0.1 2018/3/6注意事项：此软件版本在配置功能完成后,必须进入系统维护-配置保存-点击配置保存,否则重启设备后所有配置不保存.目录概述 (5)设备配置 (6)信息 (6)IP配置 (7)NTP配置 (7)Time (8)日志 (8)用户管理配置 (9)访问管理 (10)SNMP (10)端口配置 (11)端口安全 (12)端口隔离 (12)ACL (13)聚合 (21)环路保护 (23)生成树 (24)IP Source Guard (27)ARP检查 (28)DHCP探测配置 (31)IGMP监听 (32)MAC地址表 (35)VLANS配置 (36)镜像 (40)堆叠 (41)设备状态 (42)系统 (42)端口 (45)网络安全 (46)LACP (48)环路保护 (49)生成树 (49)ARP检测列表 (49)IP Source Guard列表 (50)DHCP监听表 (50)IGMP Snooping (51)MAC地址表 (51)VLANs (52)系统诊断 (53)PING (53)VeriPHY (53)系统维护 (54)重新启动设备 (54)出厂默认值 (55)软件上传 (55)配置保存 (55)配置下载 (56)配置上传 (57)配置激活 (57)配置删除 (58)硬恢复出厂设置 (59)概述为了便于客户更好的使用本公司的产品；该指导手册描述了在Web上配置YH-8GE8GF交换机功能的基本方法；如果想通过web访问交换机，需要确保您的计算机已经连接到交换机所在的网络；如果是第一次使用交换机，无需对交换机做额外配置，您就可以使用Web 访问；按如下操作即可：1、修改您计算机网络适配器的IP 地址为“192.168.10.12”，子网掩码为“255.255.255.0”2、打开Web 浏览器，在地址栏中输入“192.168.10.12”。

googlerich-snippets关于丰富网页摘要和结构化数据google rich-snippets 关于丰富网页摘要和结构化数据如果Google 了解您网页上的内容，就可以创建丰富网页摘要，也就是为用户的具体查询提供帮助的详细信息。

例如，针对餐馆的摘要可能会显示平均评分和价格范围；针对食谱网页的摘要可能会显示总的准备时间、照片以及对食谱的评分；而针对音乐专辑的摘要可能会列出各首歌曲以及播放链接。

这些丰富网页摘要可帮助用户了解您的网站与他们的搜索内容是否相关，并可能让您的网页获得更多点击次数。

提供丰富网页摘要的三个步骤：1. 选择标记格式。

Google 推荐使用微数据，不过也接受以下三种格式。

您无需事先了解这些格式，只要了解HTML 基础知识即可。

您可参考结构化数据标记帮助文档了解如何将微数据添加到自己的网站。

•微数据（推荐）•微格式•RDFa2. 标记您的内容。

对于以下内容类型，Google 支持丰富网页摘要：•评价•人物•商品•商家和组织•食谱•活动•音乐Google 还可识别视频内容的标记，并用它来改进搜索结果。

想要在搜索结果中显示作者信息吗？点击此处了解操作方法。

3. 测试您的标记。

请使用结构化数据测试工具确保Google 可以读取和提取您的标记数据。

大功告成！在您添加并测试了丰富网页摘要标记后，Google 在下次抓取您的网站时就会发现该标记。

需要注意的几点：•丰富网页摘要可能过一段时间才会显示在搜索结果或地方信息页中。

•如果无法找到您网站的丰富网页摘要，请查看可能导致该情况的原因。

•对您的数据标记丰富网页摘要并不会影响您的网页在搜索结果中的排名，而且 Google 也不保证一定会使用您的标记。

除了向您的所有网页添加HTML 标记外，您还可以使用数据标注工具帮助Google 了解您网页的内容。

数据标注工具是网站站长工具的一种，用于向Google 说明您网站上结构化数据的格式。

您只需借助鼠标即可使用数据标注工具标记您网站上的数据字段。

八、WebScarab入门指南WebScarab具有大量的功能，因而可能会让新用户有一种无从下手之感。

为求简单起见，拦截和修改浏览器和HTTP/S服务器的请求和响应可以作为初学者很好的入门课，因为这无需学习太多的内容就可以完成。

首先，我们假定您能够自由访问因特网，也就是说，您并非位于一个代理之后。

为简单起见，我们还假定您使用的浏览器是Internet Explorer。

上面是WebScarab启动后的截图，其中有几个主要的区域需要介绍一下。

首先要介绍的是工具栏，从这里可以访问各个插件，摘要窗口(主视图）和消息窗口。

摘要窗口分成两个部分，上面部分是一个树表，显示我们访问的站点的布局，以及各个URL的属性。

下面部分是一个表格，显示通过WebScarab可以看到的所有会话，正常情况下它们以ID逆序排列，所以靠近表顶部的是最近的会话。

当然，会话的排列次序是可以更改的，如果需要的话，只需通过单击列标头即可。

为了将WebScarab作为代理使用，需要配置浏览器，让浏览器将WebScarab作为其代理。

我们可以通过IE的工具菜单完成配置工作。

通过菜单栏，依次选择选择“工具”菜单、“Internet 选项”、“连接”、“局域网设置”来打开代理配置对话框。

WebScarab 默认时使用localhost的8008端口作为其代理。

需要对IE进行配置，让IE把各种请求转发给WebScarab，而不是让IE读取这些请求，如上图所示。

确保除“为LAN 使用代理服务器”之外的所有复选框都处于未选中状态。

为IE配置好这个代理后，在其它对话框中单击确定按钮，并重新回到浏览器。

浏览一个非SSL的网站，于是转向WebScarab。

这时，您应该看到如下图所示的画面；否则的话，或者是在浏览时遇到错误的话，您应当回到上面的步骤，检查你的Internet Explorer中的代理设置是否如上所述。

如果代理设置是正确的，还有一种可能原因是端口8008已经被其他程序占用，这样的话WebScarab就无法正常使用该端口了。

WebGoat中文手册版本:5.4webgoat团队2013年1月Revision record 修订记录 项目任务 参与人员 完成时间项目人员协调 Rip,袁明坤，Ivy 2012年7月翻译及整核以往版本袁明坤,傅奎,beer,南国利剑,lion 2012年8月 Webgoat5.4 版本测试袁明坤,傅奎,beer,南国利剑,lion 2012年8月 Webgoat5.4 中文手册傅奎 2012年9月 审核发布阿保，王颉, 王侯宝 2013年1月 前期参与人员 蒋根伟，宋飞，蒋增，贺新朋，吴明，akast ，杨天识，Snake ，孟祥坤，tony ，范俊，胡晓斌，袁明坤[感谢所有关注并参与过OWASP 项目的成员,感谢你们的分享和付出，webgoat 和大家一起成长！如有修改建议，请发送至webgoat@ 我们一起改进，谢谢！目录1 WebGoat简介 (6)1.1 什么是WebGoat (6)1.2 什么是OWASP (6)1.3 WebGoat部署 (6)1.4 用到的工具 (7)1.4.1 WebScarab (7)1.4.2 Firebug和IEwatch (8)1.5 其他说明 (8)2 WebGoat教程 (9)2.1 综合（General） (9)2.1.1 HTTP基础知识（Http Basics） (9)2.1.2 HTTP拆分（HTTP Splitting） (11)2.2 访问控制缺陷（Access Control Flaws） (19)2.2.1 使用访问控制模型（Using an Access Control Matrix） (19)2.2.2 绕过基于路径的访问控制方案（Bypass a Path Based Access Control Scheme） (22)2.2.3 基于角色的访问控制（LAB: Role Based Access Control） (25)2.2.4 远程管理访问（Remote Admin Access） (36)2.3 Ajax安全（Ajax Security） (38)2.3.1 同源策略保护（Same Origin Policy Protection） (38)2.3.2 基于DOM的跨站点访问（LAB: DOM‐Based cross‐site scripting） (39)2.3.3 小实验：客户端过滤（LAB: Client Side Filtering） (43)2.3.4 DOM注入（DOM Injection） (46)2.3.5 XML注入（XML Injection） (49)2.3.6 JSON注入（JSON Injection） (52)2.3.7 静默交易攻击（Silent Transactions Attacks） (54)2.3.8 危险指令使用（Dangerous Use of Eval） (57)2.3.9 不安全的客户端存储（Insecure Client Storage） (59)2.4 认证缺陷（Authentication Flaws） (62)2.4.1 密码强度（Password Strength） (62)2.4.2 忘记密码（Forgot Password） (64)2.4.3 基本认证（Basic Authentication） (66)2.4.4 多级登录1（Multi Level Login 1） (71)2.4.5 多级登录2（Multi Level Login 2） (73)2.5 缓冲区溢出（Buffer Overflows） (74)2.5.1 Off‐by‐One 缓冲区溢出（Off‐by‐One Overflows） (74)2.6 代码质量（Code Quality） (78)2.6.1 在HTML中找线索（Discover Clues in the HTML） (78)2.7 并发（Concurrency） (79)2.7.1 线程安全问题（Thread Safety Problems） (79)2.7.2 购物车并发缺陷（Shopping Cart Concurrency Flaw） (80)2.8 跨站脚本攻击（Cross‐Site Scripting (XSS)） (82)2.8.1 使用XSS钓鱼（Phishing with XSS） (82)2.8.2 小实验：跨站脚本攻击（LAB: Cross Site Scripting） (84)2.8.3 存储型XSS攻击（Stored XSS Attacks） (90)2.8.4 跨站请求伪造（Cross Site Request Forgery (CSRF)） (91)2.8.5 绕过CSRF确认（ CSRF Prompt By‐Pass） (93)2.8.6 绕过CSRF Token（CSRF Token By‐Pass） (98)2.8.7 HTTPOnly测试（HTTPOnly Test） (102)2.8.8 跨站跟踪攻击（Cross Site Tracing (XST) Attacks） (103)2.9 不当的错误处理（Improper Error Handling） (105)2.9.1 打开认证失败方案（Fail Open Authentication Scheme） (105)2.10 注入缺陷（Injection Flaws） (107)2.10.1 命令注入（Command Injection） (107)2.10.2 数字型SQL注入（Numeric SQL Injection） (109)2.10.3 日志欺骗（Log Spoofing） (110)2.10.4 XPATH型注入（XPATH Injection） (112)2.10.5 字符串型注入（String SQL Injection） (113)2.10.6 小实验：SQL注入（LAB: SQL Injection） (115)2.10.7 通过SQL注入修改数据（Modify Data with SQL Injection） (119)2.10.8 通过SQL注入添加数据（Add Data with SQL Injection） (120)2.10.9 数据库后门（Database Backdoors） (121)2.10.10 数字型盲注入（Blind Numeric SQL Injection） (123)2.10.11 字符串型盲注入（Blind String SQL Injection） (124)2.11 拒绝服务（Denial of Service） (126)2.11.1 多个登录引起的拒绝服务（Denial of Service from Multiple Logins） (126)2.12 不安全的通信（Insecure Communication） (127)2.12.1 不安全的登录（Insecure Login） (127)2.13 不安全的配置（Insecure Configuration） (130)2.13.1 强制浏览（How to Exploit Forced Browsing） (130)2.14 不安全的存储（Insecure Storage） (131)2.14.1 强制浏览（How to Exploit Forced Browsing） (131)2.15 恶意执行（Malicious Execution） (132)2.15.1 恶意文件执行（Malicious File Execution） (132)2.16 参数篡改（Parameter Tampering） (134)2.16.1 绕过HTML字段限制（Bypass HTML Field Restrictions） (134)2.16.2 利用隐藏字段（Exploit Hidden Fields） (136)2.16.3 利用未检查的E‐mail（Exploit Unchecked Email） (138)2.16.4 绕过客户端JavaScript校验（Bypass Client Side JavaScript Validation） (142)2.17 会话管理缺陷（Session Management Flaws） (148)2.17.1 会话劫持（Hijack a Session） (148)2.17.2 认证Cookie欺骗（Spoof an Authentication Cookie） (154)2.17.3 会话固定（Session Fixation） (158)2.18 Web服务（Web Services） (162)2.18.1 创建SOAP请求（Create a SOAP Request） (162)2.18.2 WSDL扫描（WSDL Scanning） (168)2.18.3 Web Service SAX注入（Web Service SAX Injection） (170)2.18.4 Web Service SQL注入（Web Service SQL Injection） (172)2.19 管理功能（Admin Functions） (175)2.19.1 报告卡（Report Card） (175)2.20 挑战（Challenge） (176)2.20.1 挑战（The CHALLENGE!） (176)1WebGoat简介1.1什么是WebGoatWebGoat是OWASP组织研制出的用于进行web漏洞实验的应用平台，用来说明web 应用中存在的安全漏洞。

基于ZTEBW浏览器的WEB页面开发指南V1.062007-5-18中兴通讯股份有限公司目录1 排版显示 (1)1.1ZTEBW对于分辨率的支持 (1)1.2ZTEBW对于规范的支持 (1)1.3ZTEBW对于图片的支持 (1)1.4ZTEBW对于DIV元素嵌套的使用说明 (1)1.5ZTEBW的字体设置说明 (1)1.5.1<font>元素支持情况 (2)1.5.2css中对字体属性的支持 (2)1.5.3font-size的绝对大小对照表 (2)1.5.4font-size相对大小对照表 (2)2 常用标签的使用 (2)2.1ZTEBW对于多FRAME的支持 (2)2.2ZTEBW对于TABLE标签的支持 (3)2.3ZTEBW对于MAP标签的支持 (3)2.4ZTEBW对标签的容错性及建议 (3)3 COOKIE的支持 (3)3.1支持的属性/值对 (3)3.2注意事项 (3)4 CACHE机制 (3)5 JA VASCRIPT (4)5.1注意事项 (4)5.2H ISTORY对象 (4)5.3ZTEBW浏览器的扩展对象 (4)5.3.1ztebw对象 (4)5.4区分ZTEBW浏览器和其他浏览器 (4)6 特性列表 (5)6.1J A VASCRIPT (5)6.1.1Kernal (5)6.1.2ECMA 绑定 (9)6.2HTML (20)6.2.1<A> tag (20)6.2.2<ABBR> tag (21)6.2.3<ACRONYM> tag (21)6.2.4<ADDRESS> tag (22)6.2.5<APPLET> tag (22)6.2.6<AREA> tag (22)6.2.7<B> tag (22)6.2.8<BASE> tag (23)6.2.9<BASEFONT> tag (23)6.2.10<BDO> tag (23)6.2.11<BIG> tag (23)6.2.12<BLOCKQUOTE> tag (23)6.2.13<BODY> tag (23)6.2.14<BR> tag (24)6.2.15<BUTTON> tag (24)6.2.16<CAPTION> tag (24)6.2.17<CENTER> tag (24)6.2.18<CITE> tag (24)6.2.19<CODE> tag (24)6.2.20<COL> tag (25)6.2.21<COLGROUP> tag (25)6.2.22<DD> tag (25)6.2.23<DEL> tag (25)6.2.24<DFN> tag (25)6.2.25<DIR> tag (25)6.2.26<DIV> tag (25)6.2.27<DL> tag (26)6.2.28<DT> tag (26)6.2.29<EM> tag (26)6.2.30<FIELDSET> tag (26)6.2.31<FONT> tag (26)6.2.32<FORM> tag (26)6.2.33<FRAME> tag (27)6.2.34<FRAMESET> tag (27)6.2.35<H1>, <H2>, <H3>, <H4>, <H5> and <H6> tags (27)6.2.36<HEAD> tag (28)6.2.37<HR> tag (28)6.2.38<HTML> tag (28)6.2.39<I> tag (28)6.2.40<IFRAME> tag (28)6.2.41<IMG> tag (28)6.2.42<INPUT> tag (29)6.2.43<INS> tag (30)6.2.44<ISINDEX> tag (30)6.2.45<KBD> tag (30)6.2.46<LABEL> tag (30)6.2.47<LEGEND> tag (31)6.2.48<LI> tag (31)6.2.49<LINK> tag (31)6.2.50<MAP> tag (32)6.2.51<MARQUEE> tag (32)6.2.52<MENU> tag (32)6.2.53<META> tag (33)6.2.54<NOFRAMES> tag (33)6.2.55<NOSCRIPT> tag (33)6.2.56<OBJECT> tag (33)6.2.57<OL> tag (34)6.2.58<OPTGROUP> tag (35)6.2.59<OPTION> tag (35)6.2.60<P> tag (35)6.2.61<PARAM> tag (36)6.2.62<PRE> tag (36)6.2.63<Q> tag (36)6.2.64<S> tag (37)6.2.65<SAMP> tag (37)6.2.66<SCRIPT> tag (37)6.2.67<SELECT> tag (38)6.2.68<SMALL> tag (38)6.2.69<SPAN> tag (38)6.2.70<STRIKE> tag (39)6.2.71<STRONG> tag (39)6.2.72<STYLE> tag (39)6.2.73<SUB> and <SUP> tag (39)6.2.74<TABLE> tag (40)6.2.75<TBODY> tag (40)6.2.76<TD> tag (41)6.2.77<TEXTAREA> tag (41)6.2.78<TFOOT> tag (42)6.2.79<TH> tag (42)6.2.80<THEAD> tag (42)6.2.81<TR> tag (42)6.2.82<TITLE> tag (42)6.2.83<TT> tag (43)6.2.84<U> tag (43)6.2.85<UL> tag (43)6.2.86<VAR> tag (44)6.3CSS (44)6.3.1Font (44)6.3.2Text (44)6.3.3Table (44)6.3.4Paddings (44)6.3.5Borders (45)6.3.6Margin (45)6.3.7Dimension (45)6.3.8Layout (46)6.3.9Background (46)6.3.10List (46)6.3.11Position (46)6.3.12Pseudo-Class (46)6.3.13Pseudo-Element (47)7 常见问题说明 (47)7.1页面显示中的白屏现象 (47)7.2用JS脚本动态生成DIV元素 (47)7.3支持字体特性的页面实例 (48)7.4JS性能优化 (49)7.4.1总的原则 (49)7.4.2语言方面 (50)7.5JS容错性问题和作用域问题 (50)7.5.1JS容错性问题 (50)7.5.2作用域问题 (51)。