Secure Mobile Development
首页 白天 夜间 下载 阅读记录
  • 书签 我的书签
  • 添加书签 添加书签 移除书签 移除书签
编辑文档

Protect Against SSL Downgrade Attacks

来源 1 浏览 847 扫码 打印 2019-04-27 17:32:55

    Protect Against SSL Downgrade Attacks

    • Moxie Marlinspike’s sslstrip exploitation tool -
    • CWE: CWE-757: Selection of Less-Secure Algorithm During Negotiation (‘Algorithm Downgrade’)
    上一篇:
    下一篇:
    • 书签
    • 添加书签 移除书签
    • Android
      • Sign Android APKs
      • Avoid GUI Objects Caching
      • Avoid Intent Sniffing
      • Avoid Storing Cached Camera Images
      • Check Activities
      • Implement Content Providers Carefully
      • Implement File Permissions Carefully
      • Implement Intents Carefully
      • Implement PendingIntents Carefully
      • Protect Application Services
      • 7.13 Request Android permissions carefully
      • 7.14 Set the “usesCleartextTraffic” flag to false
      • Use Broadcasts Carefully
      • Follow WebView Best Practices
    • Caching and Logging
      • Avoid Caching App Data
      • Avoid Crash Logs
      • Be Aware of Copy and Paste
      • Be Aware of the Keyboard Cache
      • Carefully Manage Debug Logs
      • Limit Caching of Username
    • Coding Practices
      • Implement Anti-tamper Techniques
      • Avoid Query String for Sensitive Data
      • Avoid Simple Logic
      • Increase Code Complexity and Use Obfuscation
      • 2.8 Use caution in deserializing untrusted data
      • Securely Store Sensitive Data in RAM
      • Test Third-Party libraries
      • Understand Secure Deletion of Data
    • iOS
      • Avoid Cached Application Snapshots
      • Avoid Caching HTTP(S) Requests/Responses
      • 6.7 Declare Intended Use of Protected Data Classes
      • Implement App Transport Security (ATS)
      • Implement Protections Against Buffer Overflow Attacks
      • Implement Touch ID Properly
      • Use the Keychain Carefully
    • Mobile Security Primer
    • Secure Mobile Development
    • Handling Sensitive Data
      • Avoid Storing App Data in Backups
      • Fully validate SSL/TLS
      • Hide Account Numbers and Use Tokens
      • Implement Enhanced/Two-Factor Authentication
      • Implement Secure Data Storage
      • Implement Secure Network Transmission Of Sensitive Data
      • Institute Local Session Timeout
      • Limit Use of UUID
      • Protect Against SSL Downgrade Attacks
      • Protect Application Settings
      • Treat Geolocation Data Carefully
      • Use SECURE Setting For Cookies
      • Validate Input From Client
    • Servers
      • Protect and Perform Penetration Testing of Web Services
      • Protect Internal Resources
      • Properly Configure Server-side SSL
      • Implement Proper Web Server Configuration
      • Use Proper Session Management
    • Webviews
      • Prevent Framing and Clickjacking
      • Protect against CSRF with form tokens
    暂无相关搜索结果!

      本文档使用 全库网 构建

      展开/收起文章目录

      思维导图备注

      文章二维码

      手机扫一扫,轻松掌上读

      文档下载

      请下载您需要的格式的文档,随时随地,享受汲取知识的乐趣!
      PDF文档 EPUB文档 MOBI文档

      书签列表

        阅读记录

        阅读进度: 0.00% ( 0/0 ) 重置阅读进度