Fortify扫描--软件安全错误的分类
软件安全错误分类
Input Validation and Reprentation: 输⼊验证和表⽰
API Abu: API滥⽤
Security Features: 安全功能
Time and State: 时间和国家
Errors: 错误
Code Quality: 代码质量
Encapsulation: 封装
1 Input Validation and Reprentation(输⼊验证和表⽰)
输⼊验证和表⽰问题是由元字符,备⽤编码和数字表⽰引起的。 信任输⼊导致安全问题。 问题包括:缓冲区溢出,跨站点脚本***,SQL注⼊以及许多其他问题
功能模块扫描项
Input Validation and Reprentation Buffer Overflow
Input Validation and Reprentation Command Injection藕粉有什么好处
Input Validation and Reprentation Cross-Site Scripting
Input Validation and Reprentation Format String
Input Validation and Reprentation HTTP Respon Splitting
Input Validation and Reprentation Illegal Pointer Value
Input Validation and Reprentation Integer Overflow
Input Validation and Reprentation Log Forging
Input Validation and Reprentation Path Manipulation
Input Validation and Reprentation Process Control
非凡反义词
Input Validation and Reprentation Resource Injection
Input Validation and Reprentation Setting Manipulation
素三鲜包子Input Validation and Reprentation SQL Injection
Input Validation and Reprentation String Termination Error
Input Validation and Reprentation Struts: Duplicate Validation Forms含有雨字的诗句
Input Validation and Reprentation Struts: Form Bean Does Not Extend Validation Class
Input Validation and Reprentation Struts: Form Field Without Validator
Input Validation and Reprentation Struts: Plug-in Framework Not In U
Input Validation and Reprentation Struts: Unud Validation Form
Input Validation and Reprentation Struts: Unvalidated Action Form
Input Validation and Reprentation Struts: Validator Turned Off
Input Validation and Reprentation Struts: Validator Without Form Field
Input Validation and Reprentation Unsafe JNI
功能模块扫描项
Input Validation and Reprentation Unsafe Reflection
Input Validation and Reprentation XML Validation
2 API Abu
功能模块扫描项
API Abu Dangerous Function五一劳动节作文
API Abu Directory Restriction
API Abu Heap Inspection
API Abu J2EE Bad Practices: getConnection()
API Abu J2EE Bad Practices: Sockets
API Abu Often Misud: Authentication
API Abu Often Misud: Exception Handling
API Abu Often Misud: File System
API Abu Often Misud: Privilege Management
API Abu Often Misud: Strings
API Abu Unchecked Return Value
3 Security Features
功能模块扫描项
Security Features Incure Randomness
Security Features Least Privilege Violation
Security Features Missing Access Control
Security Features Password Management
Security Features Password Management: Empty Password in Config File Security Features Password Management: Hard-Coded Password Security Features Password Management: Password in Config File Security Features Password Management: Weak Cryptography
Security Features Privacy Violation
4 Time and State
功能模块扫描项
Time and State Deadlock
Time and State Failure to Begin a New Session upon Authentication Time and State File Access Race Condition: TOCTOU椅子的尺寸
Time and State Incure Temporary File
Time and State J2EE Bad Practices: it()
Time and State J2EE Bad Practices: Threads
功能模块扫描项
Time and State Signal Handling Race Conditions
5 Errors
功能模块扫描项
Errors Catch NullPointerException后殿
智能产品设计Errors Empty Catch Block
Errors Overly-Broad Catch Block
Errors Overly-Broad Throws Declaration
6 Code Quality
功能模块扫描项
Code Quality Double Free
Code Quality Inconsistent Implementations
Code Quality Memory Leak
Code Quality Null Dereference
Code Quality Obsolete
Code Quality Undefined Behavior
Code Quality Uninitialized Variable
Code Quality Unrelead Resource
Code Quality U After Free
7 Encapsulation
功能模块扫描项
Encapsulation Comparing Class by Name
Encapsulation Data Leaking Between Urs
Encapsulation Leftover Debug Code
Encapsulation Mobile Code: Object Hijack
Encapsulation Mobile Code: U of Inner Class
Encapsulation Mobile Code: Non-Final Public Field
Encapsulation Private Array-Typed Field Returned From a Public Method Encapsulation Public Data Assigned to Private Array-Typed Field Encapsulation System Information Leak
Encapsulation Trust Boundary Violation
