Properly Configure Server-side SSL Details Remediation References CWE/OWASP Properly Configure Server-side SSL Details Many web servers allow lower encryption settings, s...

6.7 Declare Intended Use of Protected Data Classes Details Remediation References CWE/OWASP 6.7 Declare Intended Use of Protected Data Classes Details To help maintain th...

Introduction What is Injection ? General advices to prevent Injection Specific Injection types SQL Symptom How to prevent Example References JPA Symptom How to prevent Ex...

7.1 Implement File Permissions Carefully Details Remediation CWE/OWASP 7.1 Implement File Permissions Carefully Details World readable files can act as a vector for your p...

Introduction What is Injection ? General advices to prevent Injection Specific Injection types SQL Symptom How to prevent Example References JPA Symptom How to prevent Ex...

Using security-related headers to secure your application against common attacks One Paragraph Explainer Table of Contents HTTP Strict Transport Security (HSTS) Public Key Pinni...

Using security-related headers to secure your application against common attacks One Paragraph Explainer Table of Contents HTTP Strict Transport Security (HSTS) Public Key Pinni...

使用Cookie的安全设置 详细描述 建议 CWE/OWASP 使用Cookie的安全设置 详细描述 如果Cookie未标记为“Secure”，则无论与主机的会话是否安全，都可能通过不安全的连接进行传输。 换句话说，它可以通过HTTP连接来传输。 此外，由于Cookie无法通过客户端访问（例如，无法使用JavaScript代码段访问），因...

7.14 Set the “usesCleartextTraffic” flag to false Details Remediation CWE/OWASP 7.14 Set the “usesCleartextTraffic” flag to false Details An unsecured communications chann...

正确配置服务器端SSL 详细描述 建议 参考 CWE/OWASP 正确配置服务器端SSL 详细描述 许多Web服务器允许较低的加密设置，例如非常弱的导出级40位加密。 实施强密码套件以保护用于创建共享密钥，在客户端和服务器之间加密消息，以及生成消息哈希和签名以确保这些消息的完整性的信息。 还要确保禁用弱协议。 建议 确保正确安装和配...