DIVA Android - 1.Insecure Logging
DIVA Android - 2.Hardcoding Issues – Part 1
DIVA Android - 3.Insecure Data Storage – Part 1
DIVA Android - 4.Insecure Data Storage – Part 2
DIVA Android - 5.Insecure Data Storage – Part 3
DIVA Android - 6.Insecure Data Storage – Part 4
DIVA Android - 7.Input Validation Issues – Part 1
DIVA Android - 8.Input Validation Issues – Part 2
DIVA Android - 9.Access Control Issues – Part 1DIVA Android - 7.Input Validation Issues – Part 1
DIVA Android - 8.Input Validation Issues – Part 2
DIVA Android - 10.Access Control Issues – Part 2
DIVA Android - 11.Access Control Issues – Part 3
DIVA Android - 12.Hardcoding Issues – Part 2
DIVA Android - 13.Input Validation Issues – Part 3
「2.Hardcoding Issues – Part 1」對應到的 Activity 是 HardcodeActivity,看一下 code 長這樣:
弱點在於 App 直接將敏感資訊寫死在程式中,所以只要讓輸入的字串和條件式的字串相符即可。
防範方法:不要把敏感資訊,如密碼、加密的金鑰等寫在程式中。
沒有留言:
張貼留言