All geek questions in one place

Strengthen Android Checks

I'm curious about the vulnerabilities that Fortify apps look for in Android apps. Sorry, I can not find the documentation. I know that they look back at specific Java universities along with component rights checks - anything else? SQL injection? Check Intent?

+4
source share
2 answers

In addition to all the usual Java rules, there are special Android rules for the following categories:

Code Quality:
Android Bad Practices - Using the Released Camera
Android Bad Practices - Using a released SQLite resource
Android Bad Practices - Using Released Media Resources
Unreleased Resource - Android Media

Encapsulation:
Insecure Storage - Android External Storage Leak System Information

Input validation and performance:
Team injection
Cross: Site Scripting - Permanent
Cross: Site Scripting - Bad Validation
Cross: Site Scripting - Reflected
Header Manipulation - Cookies
Logarithmic cutting
Path of manipulation
Query String Injection - Android Service Provider
Resource injection
SQL injection

Security features:
Access Control - Android Provider
Access Control - Database
Android Bad Practices - Lack of Broadcast Rights

Android bad practice - no recipient permission
Android Bad Practices - Important Broadcast
Password management
Password Management - blank password
Password Management - Hard Code Password
Password Management - Null Password
Password Management - Weak Cryptography
Privacy violation
Privilege Management - Android Location
Privilege Management - Android Messaging
Privilege Management - Android Telephony Privilege Management - Missing API Permission
Privilege Management - Resolving Missing Content Providers
Privilege management - permission for lack of intent

+7
source

Here is the official list of what Fortify has to offer:

All many need to be listed.

+1
source

Source: https://habr.com/ru/post/1439075/

More articles:


All Articles