保护自己免于恶意代码攻击的一种方法是确保接收到预期的输入。
One way to protect yourself from malicious code is to make sure that what you expect as input is actually what you receive as input.
供电设施和私人供电公司并没有给防毒软件打补丁以应对恶意代码攻击。
Utilities and private power firms have failed to install patches in security software against malware threats.
OSX中的安全技术帮助你保护应用生成或管理的敏感数据,并将由恶意代码攻击造成的损害降到最低。
The security technologies in OS X help you safeguard sensitive data created or managed by your app, and help minimize damage caused by successful attacks from hostile code.
SQL盲注攻击是一种为人熟知的代码注入攻击形式,但是也有很多其他形式,有些尚未得到很好的记载和了解。
Blind SQL injection attacks are a well know and recognized form of code injection attack, but there are many other forms, some not so well documented or understood.
由于这个事实,将所有可执行代码转移到包含0的地址就会使得攻击该程序困难多了。
Since that's the case, moving all executable code to addresses with a 0 in it makes attacking the program far more difficult.
内存空间缺口——通过栈溢出、缓冲区溢出或堆错误来实现,以宿主进程的权限执行攻击者提供的任何代码。
Memory space breach — Accomplished via stack overflow, buffer overrun, or heap error, enables execution of arbitrary code supplied by the attacker with the permissions of the host process.
当研究人员寻找恶意软件和攻击的载体时,他们往往会寻找接口或代码中的漏洞。
When researchers look for malware and attack vectors, the tendency is to look for vulnerabilities in portals or code.
尽管限制浏览器只浏览信任站点可以减少受到攻击的风险,恶意代码可以被植入任何的网站。
While restricting web surfing to trusted sites should reduce the risk of infection, the malicious code can be injected into any website.
这些预防方法中,多数也可以类似地应用于预防其他类型的代码注入攻击。
Not surprisingly most of these preventative methods are the same methods you can and should use to prevent other typical code injection attacks.
这段代码很容易受xss攻击,因为没有进行任何的输入验证。
This piece of code is vulnerable to XSS attacks because no check is made to validate the input.
最恶劣的注入攻击形式也许是代码注入——将新代码置入正在运行的进程的内存空间,随后指示正在运行的进程执行这些代码。
Perhaps the most malicious form of injection attack is code injection—placing new code into the memory space of the running process and then directing the running process to execute it.
随着攻击的进化,将会有工具辅助代码分析,代码分析可提供信息以帮助您找到存在漏洞的代码行。
As these attacks evolve there will be tools to assist with code analysis that will give information to help you find the lines of code where the vulnerabilities exist.
通常攻击者会使用它想要运行的恶意代码来使缓冲区溢出,然后攻击者会更改返回值以指向它们已发送的恶意代码。
Often the attacker will overrun the buffer with the malicious code the attacker wants to run, and the attacker will then change the return value to point to the malicious code they've sent.
以一个攻击者的角度进行思考是防护代码的下一个步骤。
Thinking like a cracker is the next step in defending your code.
被转发的文件通常包含某些代码,其目的是在最终服务器上完成攻击者希望做的事情。
The file that is forwarded typically contains some sort of payload designed to make the final server do something that the attacker wants it to do.
微软警告公众,泄露版本可能带有恶意代码,可攻击电脑。
Microsoft has warned that the leaked software may get infected with malicious codes which could then attack computers.
于是浏览器会执行攻击者引入的恶意代码,数据将被传递到黑客的网站。
The malicious script introduced by the attacker is executed by the browser and the data is passed to the hacker's Web site.
进行系统加固应该采取的首要步骤之一是降低其受攻击面:机器上运行的代码越多,代码被利用的机会更越大。
One of the first steps you should take when hardening a machine is to reduce its attack surface. The more code that's running on a machine, the greater the chance that the code will be exploitable.
最后,确保PHP代码可以抵抗XSS攻击、表单欺骗和CSRF攻击。
Finally, make sure your PHP code is resilient to XSS attacks, form spoofs, and CSRF attacks.
一种更常见的对Web应用程序的攻击和威胁是某种形式的代码注入,Wikipedia将其定义为。
One of the more common attacks or threats to Web applications is some form of code injection, which Wikipedia defines as.
如果您担心这种类型的攻击(可以通过代码检查轻松地加以防止),则可以阻止任何不受信任的客户端连接到web容器。
If you are concerned about this type of attack, which is easily prevented through code inspections, you can prevent untrusted clients from connecting to the Web container.
本文主要介绍代码注入攻击的一种特殊类型:XPath盲注。
The focus of this article is a specific type of code injection attack: the Blind XPath injection.
图5中的代码使用参数化s QL阻止Injection攻击。
The code in Figure 5 employs parameterized SQL to stop injection attacks.
清单8中的代码尝试攻击invulnerable。
我并不会详细介绍每个攻击如何运行或者编写shell代码。
I don't get into the specifics of how to run each exploit or write shell code.
例如,攻击者可能会通过堆栈溢出(stackcorruption)将代码注入进程,从而执行攻击者选定的代码。
For example, attackers could be trying to inject code into the process via stack corruption, resulting in the ability to execute code of the attacker's choice.
从本质上说,如果您允许攻击者在这样的机器上以任何方式运行代码,则攻击者完全可以接管该机器。
Essentially, if you allow an attacker to run code on such a machine through any means, the attacker can completely take over the machine.
但是,一旦攻击者可以在这样的机器上运行代码,就可以立即获取完全控制。
But once an attacker can run code on such a machine, the attacker instantly attains complete control.
但是,一旦攻击者可以在这样的机器上运行代码,就可以立即获取完全控制。
But once an attacker can run code on such a machine, the attacker instantly attains complete control.
应用推荐