移动应用程序的安全漏洞
[英]Security vulnerability for mobile applications
问题描述
I would like to know if the security vulnerabilities for web based applications such as the ones due to poor input validation such as SQL injection XML injection XSS CSRF Click Jacking (Frame bursting) 
我想知道基于Web的应用程序的安全漏洞,例如由于输入验证不充分而导致的安全漏洞,例如SQL注入XML注入XSS CSRF Click Jacking(帧爆发)
Since the mobile app runs in its own sandbox environment, i would have thought that the browser specific vulnerabilities would not be applicable. 由于移动应用程序在其自己的沙盒环境中运行,因此我本以为浏览器特定的漏洞将不适用。 OWASP does not list out these as part of their top 10 list and I wanted to understand if there is a scenario where these can pose a issue for mobile apps OWASP并未将它们列为前十名,我想了解是否存在这样的情况,这些问题可能会给移动应用带来问题
1 个解决方案
解决方案1
0 2019-01-24 09:07:52
Most of the vulns described in the OWASP top 10 are attacks against the server. OWASP Top 10中描述的大多数漏洞都是针对服务器的攻击。 Eg SQL injection, XML injection, Java deserialization, CSRF and others. 例如SQL注入,XML注入,Java反序列化,CSRF等。
Thus it doesn't matter if the client is a browser or a mobile App. 因此,客户端是浏览器还是移动应用都没有关系。 The attacker can craft their requests with any tool they want. 攻击者可以使用所需的任何工具来编写请求。
There are specific vulns related to mobile application on the client side. 客户端上有与移动应用程序相关的特定漏洞。 These are described in the Owasp mobile app top 10 这些在Owasp移动应用排名前10位中进行了描述
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.