Business class fortify White box artifact introduction and usage analysis

What is fortify and what is it capable of?

A: Fottify full name: Fortify SCA, is the HP product, is a static, white box of software source code security testing tools. It through the built-in five main analysis engine: Data flow, semantics, structure, control flow, configuration flow and so on the application software source code carries on the static analysis, the analysis process and its unique software security vulnerability rule set carries on the thorough match, the search, thus the source code exists the security flaw to scan out, and gives the collation report.

How many languages does it support scanning?

Answer: Fortifysca supports 21 languages, respectively:

1. asp. NET 2. VB.net 3. C#.net 4. ASP 5. VBscript 6. VS6 7.java 8.JSP 9.javascript 10. HTML 11. XML 12. 14.t-sql 15.pl/sql 16/C + + 13.PHP. Action script 17. Object-c (IPHONE-2012/5) 18. ColdFusion5.0-Option 19. Python-option 20. COBOL-Shop 21.SAP-ABAP-Shop

Is he free?

A: No, it's a charge. Of course there is no crack on the internet. He seems to be charging 100,000 for one months.

How do I use it?

After installing fortify, open

Interface:

Select Advanced Scan

Did he ask to be updated? I chose no, because this is my personal, I was in July 2015 to purchase a probationary period of 1 months. Afraid of the update will not be used. If you purchased, you can choose Yes.

After selection, the following screen appears

Browse means: The path to which the saved results are saved after the scan.

Then click Next.

Parameter description:

Enable clean: The last scan result is clear, unless you change the build ID, the intermediate file may have an impact on the next scan. Enable translation: Convert, convert source code to NST file-64: Scan 64-bit mode, SCA default scan is 32-bit mode. -xmx4000m:4000m is probably 4G, make the memory number-xmx4g: can also use G to define this parameter proposed add-encoding: custom code, UTF-8 comparison, tool parsing code when the specified character set conversion is better, suggested add, if the Chinese note will not be garbled. -diable-source-:rendering: Does not load the vulnerability-independent code to the audit platform, does not recommend adding, so that the code is not displayed.

Then click Next

It says: This is a Java EE Web application

Select No (because you are scanning PHP)

Then scan (start scanning)

Always run in background meaning: running in the background

Run in background meaning: running in the background

Cancel means:

Details Meaning: Detail

After sweep:

None on behalf of the other 1
A1 Injection of 7
A3 XSS 37 x
A4 non-Secure direct object reference 35
A6 sensitive data exposure of 4
A10 unauthenticated redirection and forwarding 2

If found to be in English, want to change to the following method of Chinese:

The following is the analysis chart provided by the official website:

Parsing vulnerability: None Vulnerability:

This is a mutable variable, according to the Chinese saying short: "Variable overlay."

Let's talk about the principle of this vulnerability:

Variable variable

$first ="Hello";  $hello ="World";  Echo $first." ". $ $first;            

The result is Hello World

$ $first is $hello, because the value of $first is Hello

——————————— but it's not the same in foreach ————————————————— –

<?php$a=' SSS ';Foreach($_getAs$key=>  $value )   {     //if it's in foreach, it's different.      echo $ $key ;//will $$ differentiate between   and then $key  equals key   then start merging   such as opening Http://www.com.com/demo.php?a = value   becomes $a   because $key's key is a  so it becomes $a     $ $key  < Span class= "pun" >=  $value ; $a  =  values    substitution variables     } echo  ' >?>               

A1 Injection Vulnerability:

The $c variable is found to be controlled by the client for the GET request.

The Safe_replace function filters the following characters:

functionSafe_replace($string){$string=Str_replace('%20 ',‘‘,$string);$string=Str_replace('%27 ',‘‘,$string);$string=Str_replace('%2527 ',‘‘,$string);$string=Str_replace(‘*‘,‘‘,$string);$string=Str_replace(‘"‘,‘"‘,$string);$string=Str_replace("‘",‘‘,$string);$string=Str_replace(‘"‘,‘‘,$string);$string=Str_replace(‘;‘,‘‘,$string);$string=Str_replace(' < ',' < ',$string);$string=Str_replace(' > ',' > ',$string);$string=Str_replace ( "{" , ", $string  $string  = str_replace ( '} ' , ", $string  $string  = str_replace ( ' \ \ ' ,, $string return  $string ;               /span>                

Include $c. ".  PHP "; But there's a. PHP is stitched up in the back.

However, if the PHP version is less than 5.3.40 can take the null byte that is%00 binary as the end of the string, according to other words that is truncated ...

A3 XSS Vulnerability

$field _sql="Update".  Db_pre." Member set {$field _sql} where userid={$last _id} ";  $query=query($field _sql)     , $this, MySQL 

When writing to the database, there is no restriction or output without any filtering on the direct output resulting in XSS. (I will not explain it all)

A4 non-Secure direct object Reference vulnerability

The number of file uploads does not make a policy, which can cause an attack.

A6 sensitive data Exposure Vulnerability:

A10 unauthenticated redirection and forwarding vulnerability:

Here I will not go to the location to see who use this function, understand the point PHP people believe all understand.

The whole process is almost over, but a bit I would like to remind you that when you set the memory, if you do not set the memory he will automatically help you set up, such as your computer memory is 8G he automatically set to 8G and then will occupy your 8G memory, and then make your computer card Kaka card card. Before the next sweep remember to set your memory, if your computer is 8G memory settings 7G, and still have 1G left to play 4399 small games. ~_~

Business class fortify White box artifact introduction and usage analysis