Android Bad Practices: Application Permission Defined

ABSTRACT

程序在應用程序級別明確設置了權限。

EXPLANATION

只有定義了該權限的應用程序才能訪問此應用程序的組件。

REFERENCES

[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A2 Broken Access Control

[2] Standards Mapping - OWASP Top 10 2010 - (OWASP 2010) A6 Security Misconfiguration

[3] Standards Mapping - FIPS200 - (FISMA) AC

[4] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 265

[5] Standards Mapping - SANS Top 25 2009 - (SANS 2009) Improper Access Control - CWE ID 285

[6] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.10

[7] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 7.1.1

Copyright 2013 Fortify Software - All rights reserved.
(Generated from version 2013.1.1.0008 of the Fortify Secure Coding Rulepacks)
desc.config.java.android_bad_practices_application_permission_defined

亚洲欧美在线