漏洞描述 | 处理方式 | |
Privacy Violation: Autocomplete | 修复 | input 增加autocomplete="off" |
Privacy Violation | 删除 | |
Password Management: Password in Configuration File | 修复 | 将关键字“password”修改为其他单词; |
Password Management: Insecure Submission | 修复 | form使用post提交 |
Key Management: Hardcoded Encryption Key | 删除 | |
Key Management: Empty Encryption Key | 修复 | 将关键字“key”修改为其他单词; |
JSON Injection | 修复 | xss.js过滤 HTML; https://github/leizongmin/js 使用样例: filterXSS('<script>alert("xss");</scr' + "ipt>"); |
Cross-Site Scripting: DOM | 修复 |
更多推荐
常见Fortify扫描漏洞修复方法
发布评论