Security Code Scan - static code analyzer for .NET
https://security-code-scan.github.io/#Rules
Security Code Scan
Quick Facts Two modes: for Developers and Auditors. Detects various security vulnerability patterns: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), XML eXternal Entity Injection (XXE), etc. Taint analysis to track user input
security-code-scan.github.io
SCS0001 - Command Injection
If a malicious user controls either the FileName or Arguments, he might be able to execute unwanted commands or add unwanted argument. This behavior would not be possible if input parameter are validate against a white-list of characters.
SCS0003 - XPath Injection
The dynamic value passed to the XPath query should be validated.Risk
If the user input is not properly filtered, a malicious user could extend the XPath query.
SCS0007 - XML eXternal Entity Injection (XXE)
The XML parser is configured incorrectly. The operation could be vulnerable to XML eXternal Entity (XXE) processing.
SCS0018 - Path Traversal
A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the expected directory.By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files
등등 각종 취약점 코드 detect
'기술(Azure 만...) > [MS]Azure PaaS' 카테고리의 다른 글
| azure sql database 복구 복원 (0) | 2020.05.03 |
|---|---|
| azuer sql database 백업 4종류 (0) | 2020.05.03 |
| linux 웹앱---Azure storage 매핑 (0) | 2019.11.02 |
| 웹앱 스케일링 (0) | 2019.09.02 |
| webapp 소스 가져오기, sync 다양한 방법 (0) | 2019.08.13 |