728x90 반응형 보안/개발보안51 보안약점 진단 #4 01 public void do() throws Throwable { 02 String data = System.getenv("ADD"); 03 if (data != null) { 04 String names[] = data.split("-"); 05 int successCount = 0; 06 Connection dbConnection = null; 07 Statement stmt = null; 08 try { 09 dbConnection = IO.getDBConnection(); 10 stmt = dbConnection.createStatement(); 11 for (int i = 0; i < names.length; i++) { 12 stmt.addBatch("update users set hitc.. 2020. 7. 12. 보안약점 진단 #3 01 private static final boolean PRIVATE_STATIC_FINAL_TRUE = true; 02 private static final boolean PRIVATE_STATIC_FINAL_FALSE = false; 03 04 public void do(String password) throws Throwable { 05 if (password == null) { 06 return; 07 } 08 if (PRIVATE_STATIC_FINAL_TRUE) { 09 MessageDigest hash = MessageDigest.getInstance("SHA-512"); 10 byte[] hashValue = hash.digest(password.getBytes("UTF-8")); 11 .. 2020. 7. 12. 보안약점 진단 #2 01 public void do(HttpServletRequest request, HttpServletResponse response) throws Throwable { 02 String data = ""; 03 { 04 Connection connection = null; 05 PreparedStatement preparedStatement = null; 06 ResultSet resultSet = null; 07 try { 08 connection = IO.getDBConnection(); 09 preparedStatement = connection.prepareStatement("select name from users where id=0"); 10 resultSet = preparedStateme.. 2020. 7. 12. 보안약점 진단 #1 01 public void do() throws Throwable { 02 String data = ""; 03 { 04 Socket socket = null; 05 BufferedReader readerBuffered = null; 06 InputStreamReader readerInputStream = null; 07 try { 08 socket = new Socket("host.example.org", 39544); 09 readerInputStream = new InputStreamReader(socket.getInputStream(), "UTF-8"); 10 readerBuffered = new BufferedReader(readerInputStream); 11 data = readerBuffe.. 2020. 7. 12. 이전 1 ··· 5 6 7 8 9 10 11 ··· 13 다음 728x90 반응형