1. SQL injection:
Principle and solution: http://guwq2014.iteye.com/blog/2282190
2. XSS attack:
- Cross-site scripting attacks
Principle and solution: http://guwq2014.iteye.com/blog/2282134
3.CSRF attack:
- Cross-site request forgery
Principle and solution: http://guwq2014.iteye.com/blog/2323394
4. Unauthorized access
——There is no permission verification for the parameters requested by the user, resulting in access to data that other users can access without authorization.
Principle and solution: http://guwq2014.iteye.com/blog/2405054
5. Data desensitization
——For the user's private information, it is directly displayed in the returned result without processing (including even if it is not displayed on the page, but in the returned result message).
Principle and solution: http://guwq2014.iteye.com/blog/2360069