<pre id="vvttv"><mark id="vvttv"><progress id="vvttv"></progress></mark></pre>
    <pre id="vvttv"></pre>
      <p id="vvttv"></p>

          

          <p id="vvttv"></p>
                <p id="vvttv"></p>
                

                <pre id="vvttv"><cite id="vvttv"><progress id="vvttv"></progress></cite></pre>
                  
<output id="vvttv"><dfn id="vvttv"><th id="vvttv"></th></dfn></output>
                    <p id="vvttv"></p>
                    


					
                    
						
                    
													
							
                    
							   Insecure Transport
							
                    
							
                    ABSTRACT
                    
							
                    
							  調用使用 HTTP(而非 HTTPS)協議與服務器通信。
							
                    
							
                    EXPLANATION
                    
							
                    
							  所用利用 HTTP、FTP 或 gopher 的通信均未經過驗證和加密。因此可能會受到危害,特別是在移動環境中設備要利用 WiFi 連接頻繁連接不安全的、公共的無線網絡。

                    例子 1:以下示例通過 HTTP 協議(而不是 HTTPS 協議)讀取數據。



                    URL url = new URL("http://www.android.com/");
                    HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();
                    try {
                    InputStream in = new BufferedInputStream(urlConnection.getInputStream());
                    readStream(in);
                         ...
                       }



                    由于來源流 instream 通過未加密和未驗證的通道傳輸,因而可能受到危害。
							
                    
							 								
                    REFERENCES
                    
																								   
                    [1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A10 Insecure Configuration Management 
                    
																									   
                    [2] Standards Mapping - OWASP Top 10 2007 - (OWASP 2007) A9 Insecure Communications 
                    
																									   
                    [3] Standards Mapping - OWASP Top 10 2010 - (OWASP 2010) A9 Insufficient Transport Layer Protection 
                    
																									   
                    [4] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3250.1 CAT I, APP3250.2 CAT I, APP3250.3 CAT II, APP3250.4 CAT II 
                    
																									   
                    [5] Standards Mapping - Security Technical Implementation Guide Version 3.4 - (STIG 3.4) APP3250.1 CAT I, APP3250.2 CAT I, APP3250.3 CAT II, APP3250.4 CAT II 
                    
																									   
                    [6] Standards Mapping - FIPS200 - (FISMA) CM, SC 
                    
																									   
                    [7] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 311 
                    
																									   
                    [8]  Designing for Security Android
                    
																									   
                    [9] Standards Mapping - Web Application Security Consortium 24 + 2 - (WASC 24 + 2) Information Leakage 
                    
																									   
                    [10] Standards Mapping - SANS Top 25 2009 - (SANS 2009) Insecure Interaction - CWE ID 319 
                    
																									   
                    [11]  OWASP Top 10 Mobile Risks OWASP
                    
																									   
                    [12] Standards Mapping - SANS Top 25 2010 - (SANS 2010) Porous Defenses - CWE ID 311 
                    
																									   
                    [13] Standards Mapping - SANS Top 25 2011 - (SANS Top 25 2011) Porous Defenses - CWE ID 311 
                    
																									   
                    [14] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 4.1, Requirement 6.3.1.4, Requirement 6.5.9 
                    
																									   
                    [15] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 4.1, Requirement 6.5.10 
                    
																									   
                    [16] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 - (PCI 2.0) Requirement 4.1, Requirement 6.5.4 
                    
																									   
                    [17] S. Fahl, M. Harbach, T. Muders, M. Smith, L. Baumgartner, B. Friesleben Why Eve and Mallory Love Android:An Analysis of Android SSL (In)Security 
                    
																														
                    
							
                    
							
                    
							
                    
							Copyright 2013 Fortify Software - All rights reserved.
							
                    
							(Generated from version 2013.1.1.0008 of the Fortify Secure Coding Rulepacks)
							
                    
							desc.dataflow.java.insecure_transport
							
                    
							
                    
						
                    

                      <pre id="vvttv"><mark id="vvttv"><progress id="vvttv"></progress></mark></pre>
                      <pre id="vvttv"></pre>
                        <p id="vvttv"></p>

                            

                            <p id="vvttv"></p>
                                  <p id="vvttv"></p>
                                  

                                  <pre id="vvttv"><cite id="vvttv"><progress id="vvttv"></progress></cite></pre>
                                    
<output id="vvttv"><dfn id="vvttv"><th id="vvttv"></th></dfn></output>
                                      <p id="vvttv"></p>
                                      

这里只有精品视频