绕CDN找出⽬标所有真实ip段 找⽬标的各种Web管理后台登录⼝ 批量抓取⽬标所有真实C段 Web banner 批量对⽬标所有真实C段 进⾏基础服务端⼝扫描探测识别 尝试⽬标DNS是否允许区域传送,如果不允许则继续尝试⼦域爆破 批量抓取⽬标所有⼦域 Web banner 批量对⽬标所有⼦域集中进⾏基础服务端⼝探测识别 批量识别⽬标 所有存活Web站点的Web程序指纹 及其详细版本 从 Git ⽬标邮箱 [ 并顺⼿到各个社⼯库中去批量查询这些邮箱曾经是否泄露过密码 ] ⽬标⾃⼰对外提供的各种 技术⽂档 / wiki ⾥泄露的各种账号密码及其它敏感信息 ⽬标微信⼩程序 分析⽬标app Web请求 借助js探针搜集⽬标内⽹信息 想办法混⼊⽬标的各种 内部QQ群 / 微信群 分析⽬标直接供应商 [尤其是技术外包] 根据前⾯已搜集到的各类信息制作有针对性的弱⼝令字典 ⽬标所⽤ Waf BypassWAF RCE BypassWAF 各类Java Web中间件已知Nday漏洞利⽤ BypassWAF Webshell 免杀 其它更多 待补充修 其它更多 , 待补充修正... 0x02 ⼊⼝权限获取 [外部防御重⼼ ( "重中之重") ] 此阶段,主要是针对各主流 "中间件 + 开源程序 + Web服务组件" ⾃身的各种已知Nday漏洞利⽤ 如下已按 "实际攻击利⽤的难易程度"

ormance-best-practices-together-for-a-spa  "We have created the web in our own image, and it is obese"  Modern web hourglass, web tier is now thin, smarts moved to browser Metrics, metrics everywhere than any other metric  Web Performance: 2 seconds is the magic number Whom did I meet?Attributions and References [1] Speaker Slides and Videos: http://velocityconf.com/devops-web-performance-2015/pub

book is meant to be, really. About the Author Mark Schwartz is an Enterprise Strategist at Amazon Web Services and the author of The Art of Business Value and A Seat at the Table: IT Leadership in the

ability to learn from mistakes and diminish integrating that learning into future work d. Google Web Server (GWS) team was struggling with changes – Hard line: no changes would be accepted into GWS without

book is meant to be, really. About the Author Mark Schwartz is an Enterprise Strategist at Amazon Web Services and the author of The Art of Business Value and A Seat at the Table: IT Leadership in the

requires some sort of management.About the Author Mark Schwartz is an Enterprise Strategist at Amazon Web Services and the author of The Art of Business Value and A Seat at the Table: IT Leadership in the

with enterprise platforms, IT programs will deliver capabilities via a series of applications or web services. IT systems must therefore be designed, developed, and maintained in concert with enterprise