???????

????1?????????к????????????£????? ??OWASP???????? ????????????й???Web?????????????OWASP(????Web??e?????- Open Web Application Security Project)????????????????????????????130?????????????????????????????Э?????Web???尲???????????????????????? ??????Э???????????????????????ó?????????????????OWASP?????Web??e???????????ο???2009?????з???????????????????????????????????????????ο???????OWASP??????????ó??????(FTC)??????????????????OWASP???WEB???????????

????2????????? SQL ????? ????????????????????

????3?????????????????????????Cookies???????????????????

????4???????????????Hash???????salt??????Rainbow ???????????????Hash????????????? bcrypt (???????????) ???? scrypt (???????????????Щ) (1?? 2)????????????? How To Safely Store A Password??The NIST??????? PBKDF2 to hash passwords?? ????FIPS approved in .NET(????????????????????????????????????here)????????????MD5 ?? SHA??

????5????????????????????????????fancy????????????????????Щ?????????????????????????????hack??????????????????????????????????????????????????仰——“????????????Э????????????????????????????????????????????????”???????????????????е?????????????£??????Щ?????

????6????? ????????????Щ????. (???????????????????????) ????????vendor?????????????? Authorize.Net ??????? PayFlow Pro??

????7????? SSL/HTTPS ??????????????????ο?????????????棬?????????????

????8???????ζ??session ????????ο?wikipedia????Session Hijacking????

????9?????? ??????????(XSS)??

????10?????? ???α???????? cross site request forgeries (XSRF).

????11????????????????????????μ??μ?patch??

????12????????????????????????

????13?????????????μ??????????????????????????

????14?????Google????????????????Browser Security Handbook????

????15???????????????????????The Web Application Hackers Handbook????