- 博客(1)
- 资源 (19)
- 收藏
- 关注
JRT0185-2020商业银行应用程序接口安全管理规范.pdf 高清文字版,非图片拍照
JRT0185-2020商业银行应用程序接口安全管理规范 --高清文字版,非图片拍照
JRT0185-2020商业银行应用程序接口安全管理规范 --高清文字版,非图片拍照
JRT0185-2020商业银行应用程序接口安全管理规范 --高清文字版,非图片拍照
2020-08-26
Fortify-SCA-扫描工具指导手册.pdf
fortify扫描工具的说明手册,对实际工作有指导作用,讲的比较清晰。
Fortify SCA分析原理
Front-End
3rd party IDE
Java
Pug-In
C/C++
MicrOsoL
NET
IBM.eclipse
Audit workbench
PLSQL
XML
Analysis Engine
Semantic
fdi/ fpr
Gobal Data flow
N Control Flow
Configuration
Structural
Fortify Manager
NST
Rules builder
Custom
Pre-Packaged
FORTIFY
Fortify SCA分析过程
SCA Engine
Intermediate
Scan phase
fles
Using Analyzers
Tt
transation
(NST)
.Rules
Analysis
Result
File
-b build id
阶段一:转换阶段( Translation)
阶段二:分析阶段(Scan
o sourceanalyzer-b <build-id>-clean
o sourceanalyzer -b <build-id>
sourceanalyzer-b <build-id> -Xmx1250m-scan-f results fpr
FORTIFY
Fortify SCA扫描的工作
Visual studio
Eclipse, IBM RAD
面 Audit
Workbench
Java,. Net
Fortify Global
Build Tool
C, C/C++
Analysis
JSP
Touchless Build
Fortify
PL/SQL
IDE
Intermediate
FPR
TSOL
Model
Cold
Command
Line Interface
Fusion
运己
Fortify
I m Manager
Secure Coding Rules
Fortify Customized
Rules
Rules
FORTIFY
Fortify SCA扫描的五种方式
插件方式:
Plug-In(Eclipse, vs WsAd,rad)
命令行方式
Command line
●扫描目录方式: Audit workbench scan Folder
与其他工具集成: Scan with ANt, Makefile
●编译监控器方式: Fortify SCA Build Monitor
FORTIFY
Fortify SCA扫描的四个步骤
Fortify SCA扫描总共可以分为四个步骤:
●1. Clean:清除阶段:
sourceanalyzer -b proName -clean
2. Translation:转换阶段
3.ShoW-fe:查看阶段
sourceanalyzer -b proName -show-files
4.scan:扫描阶段
sourceanalyzer-b proName -Xmx1250m -scan -f proName. fpr
FORTIFY
Fortify SCA命令行参数说明
查看SCA扫描命令及参数→> sourceanalyzer
ca\ C:\VIRDoS\syste32\cd. exe
川 icrosoft Windows XP[版不5.1268g
Kc版权所有1985-2 061 Microsoft Gorp
:Documents and settings anming >sourceanalyzer --he lp
Fortify Source Code Analyze4..日.回153
Copyright (c>2003-2006 Fortify Software
Usage
Bu⊥1d
Java: sourceanalyzer -b <buildid> <files>
sourceanalyzer -b <buildid> javac <compiler opts> <files>
G/C++: sourceanalyzer -b <buildid> <compiler> <compiler opts> <files>
NET: sourceanalyzer -b <buildin> <exe file>
scan〓
sourceanalyzer -b <buildid> -scan -f results. fpr
Output opt ions
-format <fmt>
Controls the output format. Valid options are
auto, fpr. fvdl, and text. Default is auto
for which type will be determined automatically
based on file extension
一£<fi1e>
The file to which results are written
Default is stdout
build-pro ject <name>
The name of the project being scanned. Will
be inc luded in the output
bu⊥1d-1abe1<labe1>
The1abe1 of the project being scanned.W主工1
be inc luded in the output
build-version <version> The version of the project being scanned. wil1RTIFY.
e
uale
OFTWARE
Fortify SCA转换源代码
转换Java代码
Java程序命令行语法
JaVa命令行语法例子
转换J2EE应用程序
使用 Find bugs
转换NET源代码
o. NET Versions 1.1 and 2.0
Visual studio. net version 2003
o Visual studio.net version 2005
转换CC++代码
●转换 PL/SQLITSQL
FORTIFY
SCA转换JAVA源代码命令
sourceanalyzer -b <build-id> -cp <classpath> <file-list>
●附注参数:-Xmx;- encoding-jdk;- appserver- appserver- veron
-appserver-home
Table 1: File specifiers
File specifier
Description
darna盈e
All files found under the named directory or any subdirectories
dx己盈e/古古
Any file named Example. java found under the named
Example java
directory or any subdirectories
dx22盈e/,ava
Any file with the extension. j ava found in the named
directory
dxna盈e吉/古,java
Any file wth the extension j ava found under the named
directory or any subdirectories
d工22a盈e/方/吉
All files found under the named directory or ary subdirectories
(same as dirname
FORTIFY
2019-09-06
SM2_SM3_SM4国密算法java源码+PC工具
SM2_SM3_SM4国密算法java源代码和PC端通用工具,亲测可用,可以为正在做国密开发工作的java开发者提供参考。我已经在此基础上进行修改投入到了正式使用中。
2018-11-24
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人