Стандарт OWASP Application Security Verification Standard (ASVS) - это список требований к безопасности приложений и тестов, которые могут использоваться архитекторами ПО, разработчиками, тестировщиками, специалистами по защищённости приложений, продавцами инструментов и пользователями для разработки, сборки, тестирования и верификации защищённых приложений.
C/C++ диагностики
| V504 | It is highly probable that the semicolon ';' is missing after 'return' keyword. | OWASP-11.1.1 |
| V565 | An empty exception handler. Silent suppression of exceptions can hide the presence of bugs in source code during testing. | OWASP-7.4.2 |
| V596 | The object was created but it is not being used. The 'throw' keyword could be missing. | OWASP-11.1.8 |
| V629 | Consider inspecting the expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type. | OWASP-5.4.3 |
| V658 | A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the comparison operation can potentially behave unexpectedly. | OWASP-5.4.3 |
| V673 | More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits. | OWASP-5.4.3 |
| V683 | Consider inspecting the loop expression. It is possible that the 'i' variable should be incremented instead of the 'n' variable. | OWASP-5.4.3 |
| V702 | Classes should always be derived from std::exception (and alike) as 'public'. | OWASP-7.4.2 |
| V1010 | Unchecked tainted data is used in expression. | OWASP-5.1.3, OWASP-5.2.2, OWASP-5.3.8, OWASP-5.4.2 |
| V1026 | The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow. | OWASP-5.4.3 |
| V1028 | Possible overflow. Consider casting operands, not the result. | OWASP-5.4.3 |
| V1036 | Potentially unsafe double-checked locking. | OWASP-11.1.6, OWASP-1.11.3 |
C# диагностики
| V3006 | The object was created but it is not being used. The 'throw' keyword could be missing. | OWASP-11.1.8 |
| V3052 | The original exception object was swallowed. Stack of original exception could be lost. | OWASP-11.1.8 |
| V3054 | Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this. | OWASP-11.1.6, OWASP-1.11.3 |
| V3083 | Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it. | OWASP-1.11.3, OWASP-11.1.6 |
| V3163 | An exception handling block does not contain any code. | OWASP-7.4.2 |
| V3164 | Exception classes should be publicly accessible. | OWASP-7.4.2 |
Java диагностики
| V5301 | An exception handling block does not contain any code. | OWASP-7.4.2 |
| V6006 | The object was created but it is not being used. The 'throw' keyword could be missing. | OWASP-11.1.8 |
| V6082 | Unsafe double-checked locking. | OWASP-11.1.6, OWASP-1.11.3 |
Написать нам
