{"id":8079,"date":"2024-04-16T14:14:36","date_gmt":"2024-04-16T05:14:36","guid":{"rendered":"\/blog\/?p=8079"},"modified":"2025-06-12T08:08:12","modified_gmt":"2025-06-11T23:08:12","slug":"fortify-%ec%86%8c%ec%8a%a4%ec%bd%94%eb%93%9c-%eb%b3%b4%ec%95%88-%ec%b7%a8%ec%95%bd%ec%a0%90%ec%9d%80-%ea%b8%b0%eb%b3%b8-%eb%b6%84%eb%a5%98","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=8079","title":{"rendered":"[Fortify] \uc18c\uc2a4\ucf54\ub4dc \ubcf4\uc548\ucde8\uc57d\uc810 \uae30\ubcf8 \ubd84\ub958"},"content":{"rendered":"\n\ucd9c\ucc98: https:\/\/vulncat.fortify.com\/ko<\/a>

1.\uc785\ub825\ub370\uc774\ud130 \uac80\uc99d \ubc0f \ud45c\ud604 (Input Validation and Representation)
  \ud504\ub85c\uadf8\ub7a8 \uc785\ub825\uac12\uc5d0 \ub300\ud55c \uac80\uc99d \ub204\ub77d \ub610\ub294 \ubd80\uc801\uc808\ud55c \uac80\uc99d, \ub370\uc774\ud130\uc758 \uc798\ubabb\ub41c \ud615\uc2dd \uc9c0\uc815\uc73c\ub85c \uc778\ud574 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubcf4\uc548\ucde8\uc57d\uc810.

    SQL \uc0bd\uc785
    \ud06c\ub85c\uc2a4\uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud2b8(Cross Site Scripting, XSS)
    \ud06c\ub85c\uc2a4\uc0ac\uc774\ud2b8 \uc694\uccad \uc704\uc870(Cross Site Request Forgery, CSRF)
    Format String Bug
    Integer Buffer Overflow
    Memory Buffer Overflow
    \uc704\ud5d8\ud55c \ud615\uc2dd \ud30c\uc77c \uc5c5\ub85c\ub4dc (\uc774\ud558 \uc0dd\ub7b5)


2.API \uc624\uc6a9 (API Abuse)
  \uc758\ub3c4\ub41c \uc0ac\uc6a9\uc5d0 \ubc18\ud558\ub294 \ubc29\ubc95\uc73c\ub85c API\ub97c \uc0ac\uc6a9\ud558\uac70\ub098, \ubcf4\uc548\uc5d0 \ucde8\uc57d\ud55c API\ub97c \uc0ac\uc6a9\ud558\uc5ec \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubcf4\uc548\ucde8\uc57d\uc810.

    DNS lookup\uc5d0 \uc758\uc874\ud55c \ubcf4\uc548\uacb0\uc815
    \ucde8\uc57d\ud55c API \uc0ac\uc6a9


3.\ubcf4\uc548 \uae30\ub2a5 (Security Features)
  \ubcf4\uc548\uae30\ub2a5(\uc778\uc99d, \uc811\uadfc\uc81c\uc5b4, \uae30\ubc00\uc131, \uc554\ud638\ud654, \uad8c\ud55c \uad00\ub9ac \ub4f1)\uc744 \ubd80\uc801\uc808\ud558\uac8c \uad6c\ud604 \uc2dc \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubcf4\uc548\ucde8\uc57d\uc810.

    \uc911\uc694\uc815\ubcf4 \ud3c9\ubb38\uc800\uc7a5
    \uc911\uc694\uc815\ubcf4 \ud3c9\ubb38\uc804\uc1a1
    \ud558\ub4dc\ucf54\ub4dc\ub41c \ube44\ubc00\ubc88\ud638
    \ud558\ub4dc\ucf54\ub4dc\ub41c \uc554\ud638\ud654 \ud0a4
    \ucda9\ubd84\ud558\uc9c0 \uc54a\uc740 \ud0a4 \uae38\uc774 \uc0ac\uc6a9 (\uc774\ud558 \uc0dd\ub7b5)


4.\uc2dc\uac04 \ubc0f \uc0c1\ud0dc (Time and State)
  \ub3d9\uc2dc \ub610\ub294 \uac70\uc758 \ub3d9\uc2dc \uc218\ud589\uc744 \uc9c0\uc6d0\ud558\ub294 \ubcd1\ub82c \uc2dc\uc2a4\ud15c\uc774\ub098 \ud558\ub098 \uc774\uc0c1\uc758 \ud504\ub85c\uc138\uc2a4\uac00 \ub3d9\uc791\ud558\ub294 \ud658\uacbd\uc5d0\uc11c \uc2dc\uac04 \ubc0f \uc0c1\ud0dc\ub97c \ubd80\uc801\uc808\ud558\uac8c \uad00\ub9ac\ud558\uc5ec \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubcf4\uc548\ucde8\uc57d\uc810

    \uacbd\uc7c1 \uc870\uac74(Race Condition): \uac80\uc0ac \uc2dc\uc810\uacfc \uc0ac\uc6a9 \uc2dc\uc810(TOCTOU) \ucc28\uc774 \uc774\uc6a9\ud558\uc5ec \ud574\ud0b9
    \uc885\ub8cc\ub418\uc9c0 \uc54a\ub294 \ubc18\ubcf5\ubb38 \ub610\ub294 \uc7ac\uadc0 \ud568\uc218


5.\uc5d0\ub7ec \ucc98\ub9ac (Errors)
  \uc5d0\ub7ec\ub97c \ucc98\ub9ac\ud558\uc9c0 \uc54a\uac70\ub098, \ubd88\ucda9\ubd84\ud558\uac8c \ucc98\ub9ac\ud558\uc5ec \uc5d0\ub7ec\uc815\ubcf4\uc5d0 \uc911\uc694\uc815\ubcf4(\uc2dc\uc2a4\ud15c \uc815\ubcf4 \ub4f1)\uac00 \ud3ec\ud568\ub420 \ub54c \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubcf4\uc548\ucde8\uc57d\uc810.

    \uc624\ub958 \uba54\uc2dc\uc9c0\ub97c \ud1b5\ud55c \uc815\ubcf4 \ub178\ucd9c
    \uc624\ub958 \uc0c1\ud669 \ub300\uc751 \ubd80\uc7ac
    \ubd80\uc801\uc808\ud55c \uc608\uc678 \ucc98\ub9ac


6.\ucf54\ub4dc \uc624\ub958 (Code Quality)
  \ud0c0\uc785\ubcc0\ud658 \uc624\ub958, \uc790\uc6d0(\uba54\ubaa8\ub9ac \ub4f1)\uc758 \ubd80\uc801\uc808\ud55c \ubc18\ud658 \ub4f1\uacfc \uac19\uc774 \uac1c\ubc1c\uc790\uac00 \ubc94\ud560 \uc218 \uc788\ub294 \ucf54\ub529\uc624\ub958\ub85c \uc778\ud574 \uc720\ubc1c\ub418\ub294 \ubcf4\uc548\ucde8\uc57d\uc810.

    Null Pointer \uc5ed\ucc38\uc870
    \ubd80\uc801\uc808\ud55c \uc790\uc6d0 \ud574\uc81c
    \ud574\uc81c\ub41c \uc790\uc6d0 \uc0ac\uc6a9
    \ucd08\uae30\ud654\ub418\uc9c0 \uc54a\uc740 \ubcc0\uc218 \uc0ac\uc6a9


7.\ucea1\uc290\ud654 (Encapsulation)
  \uc911\uc694\ud55c \ub370\uc774\ud130 \ub610\ub294 \uae30\ub2a5\uc131\uc744 \ubd88\ucda9\ubd84\ud558\uac8c \ucea1\uc290\ud654 \ud558\uc600\uc744 \ub54c, \uc778\uac00\ub418\uc9c0 \uc54a\uc740 \uc0ac\uc6a9\uc790\uc5d0\uac8c \ub370\uc774\ud130 \ub204\ucd9c\uc774 \uac00\ub2a5\ud574\uc9c0\ub294 \ubcf4\uc548\ucde8\uc57d\uc810.

    \uc798\ubabb\ub41c \uc138\uc158\uc5d0 \uc758\ud55c \ub370\uc774\ud130 \uc815\ubcf4 \ub178\ucd9c
    \uc81c\uac70\ub418\uc9c0 \uc54a\uace0 \ub0a8\uc740 \ub514\ubc84\uadf8 \ucf54\ub4dc
    \uc2dc\uc2a4\ud15c \ub370\uc774\ud130 \uc815\ubcf4\ub178\ucd9c
    Public \uba54\uc18c\ub4dc\ub85c\ubd80\ud130 \ubc18\ud658\ub41c Private \ubc30\uc5f4
    Private \ubc30\uc5f4\uc5d0 Public \ub370\uc774\ud130 \ud560\ub2f9


*\uadf8 \uc678. \ud658\uacbd \uc124\uc815 (Environment)<\/span>\n","protected":false},"excerpt":{"rendered":"

\ucd9c\ucc98: https:\/\/vulncat.fortify.com\/ko 1.\uc785\ub825\ub370\uc774\ud130 \uac80\uc99d \ubc0f \ud45c\ud604 (Input Validation and Representation)  \ud504\ub85c\uadf8\ub7a8 \uc785\ub825\uac12\uc5d0 \ub300\ud55c \uac80\uc99d \ub204\ub77d \ub610\ub294 \ubd80\uc801\uc808\ud55c \uac80\uc99d, \ub370\uc774\ud130\uc758 \uc798\ubabb\ub41c \ud615\uc2dd \uc9c0\uc815\uc73c\ub85c \uc778\ud574 \ubc1c\uc0dd\ud560 \uc218 \uc788\ub294 \ubcf4\uc548\ucde8\uc57d\uc810.     SQL \uc0bd\uc785    \ud06c\ub85c\uc2a4\uc0ac\uc774\ud2b8 \uc2a4\ud06c\ub9bd\ud2b8(Cross Site Scripting, XSS)    \ud06c\ub85c\uc2a4\uc0ac\uc774\ud2b8 \uc694\uccad \uc704\uc870(Cross Site Request Forgery, CSRF)    Format String Bug    Integer Buffer Overflow    Memory […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[66],"tags":[],"class_list":["post-8079","post","type-post","status-publish","format-standard","hentry","category-computing_fortify"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/8079","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8079"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/8079\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8079"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8079"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8079"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}