Couleur (chairman tree + heuristic splitting)

I learned dsu on tree a long time ago, but I didn’t expect heuristic splitting Couleur Question meaning: Given a sequence, one operation can invalidate one position. Given the sequence of operations (hidden through XOR, forced online), find the maximum number of reverse sequences in the continuous sub-interval without invalid positions after each operation. Each […]

JWT security and practical cases

Article directory JWT security 1. Cookies 2.Session 3.Token 4.JWT 4.1 JWT Overview 4.1.1 JWT header 4.1.2 Payload 4.1.3 Signature Hash 4.1.4 Communication process 4.2 JWT vulnerability description 4.3 JWT vulnerability principle 4.4 JWT security defense 5. WebGoat shooting range experiment 5.1 The fourth level 5.2 The fifth level 5.3 The seventh level 6. CTFHub real […]

JWT security and practical cases

Article directory 1. JWT (json web token) security 1. Cookie (placed in browser) 2. Session (put on the server) 3.Token 4. JWT (json web token) 4.1 Head 4.1.1 alg 4.1.2 type 4.2 payload 4.3 Signature 4.4 Communication process 5. Defense measures 2. Vulnerability example (webgoat) 1. Level 4 2. Level 5 3. Level 7 1. […]

Detailed ideas and process of configuring ModSecurity on Nginx under Ubuntu

Here is an introduction: Ubuntu is a linux operating system, Nginx is a web server software, and ModSecurity is an open source web application firewall (called “WAF” by people in the world). If you don’t have a certain understanding of the above concepts, you can actually read the following content. It’s just not easy to […]

Comparison of Java class file security encryption tools and practical use of ClassFinal

Article directory Preface Comparison of common encryption schemes XJar ProGuard ClassFinal ClassFinal actual combat Pure command mode maven plug-in method write at the end Foreword I believe that many students develop software for user commercialization. Many of these commercially operated projects will be deployed directly on the customer side, which may lead to the leakage […]


Introduction: The HTTP response header Content-Security-Policy allows site administrators to control which resources the user agent can load for a given page. It is mainly aimed at the execution of js code and defense against xss. There are many CSP setting parameters. Here we will explain the commonly used parameters and content to deepen the […]