yoorijoriinfo

  What is XXE  XXXE (XML External Entities) is a security vulnerability that occurs during XML parsing, and is an attack that can use external entities to perform malicious actions. primarily malicious XML documents can allow attacks such as access to the server's file system, remote code execution, and denial of service. - If DTD cannot be completely disabled or disabled, external entities and external document type declarations must be disabled in a unique way for each parser Solution plan 1. When use DocumentBuilderFactory .setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD,"");    .setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");   2.  When use  SAXParser  .setProperty(XMLConstants.ACCESS_EXTERNAL_DTD,"");  .setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");   3.  When use  SAXParserFactory  .setFeature("http://....", true);  4.  When use  TransformerFactory .setAttribut...

  Security weakness that allows access or identification of system resources such as files and servers through unverified external input values, allows arbitrary access to the resources protected by the system through input value manipulation. By utilizing path manipulation and resource insertion weaknesses, attackers can cause service failures due to modification and deletion of resources, leakage of system information, and conflicts between system resources. That is, through path manipulation and resource insertion, an attacker can acquire disallowed rights to change or execute files related to settings. Wring ex) How to solve? If an external input is used as an identifier for a resource (file, port of socket, etc.), ensure that it undergoes appropriate verification or is selected from a predefined appropriate list. In particular, if the external input is a file name, a character at risk of a directory traversal attack (" / ￦...").. Use a filter that can remove etc. Right e...

Why Software Web Vulnerabilities are Important is below, A software web vulnerability refers to a security flaw or vulnerability found in a web application or website.  These vulnerabilities are important and key reasons include: Data leakage and privacy -  Web vulnerabilities allow attackers to steal sensitive data or personal information. This results in sensitive information being leaked and a threat to the privacy of customers or users. Potential costs -  If web vulnerabilities cause hacking or data leakage, companies or organizations may have to pay for data recovery and security enhancements. Additional costs may also be incurred due to legal issues or claims for compensation to customers. Reputation damage -  Disclosure of security flaws can affect the reliability and reputation of your company or website. Users are sensitive to security and can lose credibility if vulnerabilities occur repeatedly. Out of Service -  Exploitation by exploiting a web vulner...

There are various reasons why coding is taught in Korean curriculum, and there are the following main reasons. Preparedness for the Digital Age: Modern society is changing rapidly due to the development and spread of digital technology. Coding is one of the key skills needed in this digital age, and is considered an essential skill for students to have digital literacy and problem-solving skills. Future job market preparation: coding and programming skills play a very important role in the future job market. Coding technology is essential in various fields such as software development, data science, artificial intelligence, and robotics, and these fields are expected to be in high demand in the future. Enhance creativity and problem-solving skills: Coding helps foster problem-solving skills and promote creativity. Students can develop logical and creative thinking by analyzing given problems and developing solutions through programming. Collaboration and communication skills improvemen...

The main advantages of using the Electronic Government Framework (eGovFrame, based on JAVA, JSP) in Korea are Accelerating Government Projects and System Development: eGovFrame is a standard framework used by various ministries and agencies of the Korean government to help public organizations quickly and efficiently start software development and system construction. This can shorten the development cycle of public projects and deliver results quickly. Standardized architectures and components: eGovFrame provides standardized architectures and components to help developers develop applications in a consistent manner. This keeps the code consistent and makes maintenance easier. Security and Reliability: Because government agencies deal with sensitive information, eGovFrame provides features and guidelines that focus on security and reliability. This allows the developed system to operate safely. Different modules and libraries: eGovFrame offers different modules and libraries to suppor...

I would like to briefly explain why JAVA is popular among many programming languages in Korea. 1. Wide use in industry and academia: JAVA is one of the languages widely used in various industrial fields and academia. Software developed by JAVA is used in a variety of fields, especially finance, gaming, mobile application development, large enterprise systems, and web applications. 2. Platform independence: JAVA is known for its slogan "Write Once, Run Anywhere," meaning that once a JAVA application is written, it can run on a variety of operating systems and hardware platforms. This platform independence provides significant benefits for developers, making it easy to deploy and maintain applications across a variety of devices and operating systems. 3. Strong community and support: JAVA has a large community and a diverse ecosystem of developer tools and libraries. These communities and resources help developers solve problems and share knowledge. In addition, major companies...

Log4j records logs divided into 7 levels of Event Level Depending on the config level setting, the log can be set as follows!!   FATAL > ERROR > WARN > INFO > DEBUG > TRACE TRACE ->  Specify more granular information than DEBUG DEBUG ->  Specify information for debugging programs INFO ->  Specifying informational messages such as status changes WARN ->  Specify a workable issue, warning message that may cause future system errors ERROR ->  If there is a problem processing your request FATAL ->  Serious error that may interrupt the program, if it is inoperable When carrying out the project, the development guide is generally required to print out four types of DEBUG, INFO, WARN, and ERROR separately!! Pattern Options %m : Output log content %p : debug, info, warn, error, fatal sort of priority print %r : Outputs in milliseconds after application starts until event occurs %c : package output %c{n} : Outputs n (numer...

Wring ex ) sql.append("SELECT \n"); sql.append("  COUNT(*) CNT \n"); sql.append("FROM TABLE WHERE 1=1 AND COL " + type + " AND COL2 = '1' \n"); pstmt = conn.prepareStatement(sql); Rigth ex ) sql.append("SELECT \n"); sql.append("  COUNT(*) CNT \n"); sql.append("FROM TABLE WHERE 1=1 AND COL ? AND COL2 = '1' \n"); pstmt = conn.prepareStatement(sql); pstmt.setString(1, type); You must not use variables in conditional clauses use like this -> pstmt.setString(1, type);  this is same condition like when we use jdbcTemplate 😀 Thank you !! 고마워 !!

request.getParameter("param") : get parameter ( type : String ) request.getParameterValues("param") : get parameter ( type : String[] ) request.getParameterMap() : getting all of parameter  ( type : Map ) - key : param ( type : String ) - value : param values ( type : String[] ) request.getParameterNames() : getting all of parameter's name ( type : Enumeration ) 😀 Thank you !! 감사합니다 !!

To quickly take System.out.print from Eclipse After entering it like this (Sys or sys, case-sensitive!!) Press Ctrl + space to display sysout on the right If you double-click this cool ~~ 😀 Thank you !! 고마워 !!