1、Client Use Of JQuery Outdated Version
可将jQuery具体版本号删除;
2、Client Potential XSS
可对用户输入的进行过滤
如,编写过滤方法
String xssFilter(String value){
value = value.replaceall(">",">");
value = value.replaceall("<","<");
value = value.replaceall("\"",""");
value = value.replaceall("'","'");
value = value.replaceall("\r","");
value = value.replaceall("\n","");
value = value.replaceall("\r\n","");
retrun value; , such as the preparation method of filtration can filter the user input. 4, the Stored XSS the CGI trust boundary, no effect can be ignored;. 3, the Trust Boundary Violation
}
String xssFilter(String value){
value = value.replaceall(">",">");
value = value.replaceall("<","<");
value = value.replaceall("\"",""");
value = value.replaceall("'","'");
value = value.replaceall("\r","");
value = value.replaceall("\n","");
value = value.replaceall("\r\n","");
retrun value; URL parameters carried without rectification;. 8, Cross Site Five History Manipulation using CSRF token technology, can be written in the form a hidden input, a value similar to the randomly generated string, verification methods, and graphical codes;. 7, Client the DOM XSRF pseudorandom number, no effect can be ignored;. 6, the Use of Insufficiently the Random Values weak encryption type, no effect can be ignored;. 5, the Use of Cryptographically Weak pRNG
}
About checkmars of vulnerability
Guess you like
Origin blog.csdn.net/zyc050707/article/details/103137091
Recommended
Ranking