软件安全错误分类
- Input Validation and Representation: 输入验证和表示
- API Abuse: API滥用
- Security Features: 安全功能
- Time and State: 时间和国家
- Errors: 错误
- Code Quality: 代码质量
- Encapsulation: 封装
1 Input Validation and Representation(输入验证和表示)
输入验证和表示问题是由元字符,备用编码和数字表示引起的。 信任输入导致安全问题。 问题包括:缓冲区溢出,跨站点脚本***,SQL注入以及许多其他问题
功能模块 | 扫描项 |
---|---|
Input Validation and Representation | Buffer Overflow |
Input Validation and Representation | Command Injection |
Input Validation and Representation | Cross-Site Scripting |
Input Validation and Representation | Format String |
Input Validation and Representation | HTTP Response Splitting |
Input Validation and Representation | Illegal Pointer Value |
Input Validation and Representation | Integer Overflow |
Input Validation and Representation | Log Forging |
Input Validation and Representation | Path Manipulation |
Input Validation and Representation | Process Control |
Input Validation and Representation | Resource Injection |