Input validation issues - Part 2

Description :

Because Web Content that can have HTML and JavaScript
Improper use might to be web security problem occurred
such as insert Javascript Command.

Basic recomment : 

- use method : setJavaScriptEnabled(); protect cross-site scripting
- recommend exposing only Javascript contained in your application.
  method : addJavaScriptInterface();
- If your application access sensitive information
  to consider use remove files that store specific place.
  for example, to indicate that application not should cache particular content.
  use : method clearCache();
  ( clearCache(); will to do clear all cache of used )


ความคิดเห็น

แสดงความคิดเห็น

โพสต์ยอดนิยมจากบล็อกนี้

Access Control issues Part 1-3

Description : Caused by use Intent-filter inside Menifest files. Recomment :  Show an app chooser If the Implicit Intent can launch a second app on the user's device, make it an app chooser. This helps users transfer sensitive information to apps they trust. val intent = Intent(ACTION_SEND) val possibleActivitiesList: List<ResolveInfo> = queryIntentActivities(intent, PackageManager.MATCH_ALL) // Verify that an activity in at least two apps on the user's device // can handle the intent. Otherwise, start the intent only if an app // on the user's device can handle the intent. if (possibleActivitiesList.size > 1) {     // Create intent to show chooser.     // Title is something similar to "Share this photo with".     val chooser = resources.getString(R.string.chooser_title).let { title ->         Intent.createChooser(intent, title)     }     startActivity(chooser) } else if (intent.resolveActivity(packageManager) != null) {     startActivity(intent) } Mor
อ่านเพิ่มเติม

Insecure Data Stroage Part 1-4

รูปภาพ
Description :  This is problem of Developer that to do store sensitive information  such as Username Password into Share Preferences file is not have encode information. How to fix : If you whant store sensitive information There are some basic recommendations as follows. - Store data safely. - Store private data within internal storage. - Store personal information into : device internal storage (sanboxed separate app). - Your App no require request permission to see files. - Others App can not access file is new security furture. - When user uninstall app, device will delete all file in internal storage. // Creates a file with this name, or replaces an existing file that has the same name.  // Note that the file name cannot contain path separators. val FILE_NAME = "sensitive_info.txt" val fileContents = "This is some top-secret information!" openFileOutput(FILE_NAME, Context.MODE_PRIVATE).use { fos ->     fos.write(fileContents.toByteArray()) } - Use external s
อ่านเพิ่มเติม