Fortify 常見弱掃筆記

# Fortify 常見弱掃筆記 1.Mass Assignment: Insecure Binder Configuration、 ASP.NET MVC Bad Practices: Model With Optional and Required Properties **解法**:在Action加上[Bind("")] ![](https://i.imgur.com/0fGiF9b.png) 2.Mass Assignment: Sensitive Field Exposure **解法**:在Model上方加上[BindProperties] ![](https://i.imgur.com/PrCw1ii.png) 3.Cross-Site Scripting: DOM **解法**:加入htmlEncode function ![](https://i.imgur.com/NVVHmFD.png) 4.Cookie Security: Overly Broad Domain、 Cookie Security: Overly Broad Path **解法**:options加上domain、path ![](https://i.imgur.com/DA0B0X3.png) 5.Privacy Violation: Autocomplete **解法**:加上autocomplete="off" ![](https://i.imgur.com/fRmVoo3.png) 6.Path Manipulation: Base Path Overwriting **解法**:加入Path.IsPathRooted判斷 ![](https://hackmd.io/_uploads/B1nOsuq4h.png) 7.Privacy Violation: Shoulder Surfing **解法**:密碼欄位加上[DataType(DataType.Password)] ![](https://hackmd.io/_uploads/HJI2hd9Vn.png)