{"id":963,"date":"2019-05-20T11:41:38","date_gmt":"2019-05-20T20:41:38","guid":{"rendered":"\/blog\/?p=963"},"modified":"2023-09-21T09:26:54","modified_gmt":"2023-09-21T00:26:54","slug":"fortify-sca-mbsmobile-build-session-%ec%82%ac%ec%9a%a9%eb%b0%a9%eb%b2%95","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=963","title":{"rendered":"[Fortify] SCA MBS(Mobile Build Session) \uc0ac\uc6a9\ubc29\ubc95"},"content":{"rendered":"\n\u25a0 \uac1c\uc694

SCA \ubaa8\ubc14\uc77c \ube4c\ub4dc \uc138\uc158(MBS)\uc744 \uc0ac\uc6a9\ud558\uba74 \uac1c\ubc1c\uc790 PC\ub4f1\uc758 \ucef4\ud4e8\ud130\uc5d0\uc11c \ud504\ub85c\uc81d\ud2b8\ub97c \ube4c\ub4dc\ud558\uace0 \ub354 \ub098\uc740 \ud558\ub4dc\uc6e8\uc5b4\ub97c \uac16\ucd98 \ub2e4\ub978 \ucef4\ud4e8\ud130\uc5d0\uc11c \ud504\ub85c\uc81d\ud2b8\ub97c \uc2a4\uce94\ud560 \uc218 \uc788\ub2e4. MBS\ub97c \uc0ac\uc6a9\ud558\uba74 \uc6d0\ubcf8 \ucef4\ud4e8\ud130\uc5d0\uc11c \ubcc0\ud658\uc744 \uc218\ud589\ud55c \ub2e4\uc74c \ube4c\ub4dc \uc138\uc158\uc744 \ub354 \uc798 \uac16\ucd94\uc5b4\uc9c4 \ucef4\ud4e8\ud130\ub85c \uc774\ub3d9\ud558\uc5ec \uc2a4\uce94\uc744 \uc218\ud589\ud560 \uc218 \uc788\ub2e4. \uac1c\ubc1c\uc790\ub294 \uc790\uc2e0\uc758 \ucef4\ud4e8\ud130\uc5d0\uc11c \ube4c\ub4dc\uc744 \uc2e4\ud589\ud558\uace0 \ud558\ub098\uc758 \uac15\ub825\ud55c \ucef4\ud4e8\ud130\ub9cc \uc0ac\uc6a9\ud558\uc5ec \ub300\uaddc\ubaa8 \uc2a4\uce94\uc744 \uc2e4\ud589\ud560 \uc218 \uc788\ub2e4.


\u25a0 \uc0ac\uc6a9 \uc608\uc81c

1. \uc544\ub798\ub294 WebGoat5.0 \uc18c\uc2a4\ucf54\ub4dc\ub97c \ube4c\ub4dc\ud558\ub294 \uc2a4\ud06c\ub9bd\ud2b8


sourceanalyzer -b WebGoat5.0 -clean

:: \ube4c\ub4dc\ub97c \uc2e4\ud589\ud558\uba74 %USERPROFILE%\\AppData\\Local\\Fortify\\sca18.1\\build\\WebGoat5.0 \ub514\ub809\ud1a0\ub9ac\uac00 \uc0dd\uc131\ub428
sourceanalyzer -b WebGoat5.0 -source 1.5 -cp \"WebGoat5.0\/WebContent\/WEB-INF\/lib\/*.jar\" WebGoat5.0\/JavaSource WebGoat5.0\/WebContent

:: \ube4c\ub4dc \ud6c4 MBS\ud30c\uc77c\uc744 \uc0dd\uc131\ud55c\ub2e4.
sourceanalyzer -b WebGoat5.0 -export-build-session WebGoat5.0.mbs

:: MBS \ud30c\uc77c \uc0dd\uc131 \ud6c4 \ud504\ub85c\uc81d\ud2b8\ub97c \ud074\ub9b0 \uc2dc\ud0a8\ub2e4.
sourceanalyzer -b WebGoat5.0 -clean


2. \uc18c\uc2a4\ucf54\ub4dc \uc5c6\uc774 MBS \ud30c\uc77c\uc744 \uc0ac\uc6a9\ud558\uc5ec \uc544\ub798\uc640 \uac19\uc774 \uc2a4\uce94\uc744 \uc2e4\ud589\ud55c\ub2e4.

sourceanalyzer -b WebGoat5.0 -import-build-session WebGoat5.0.mbs
sourceanalyzer -b WebGoat5.0 -scan -f WebGoat5.0.fpr


\u25a0 \uc8fc\uc758 \uc0ac\ud56d

\u203b MBS\ud30c\uc77c\uc740 SCA \ube4c\ub4dc \ub514\ub809\ud1a0\ub9ac\ub97c \uc555\ucd95\ud55c ZIP \ud30c\uc77c
\u203b \ube4c\ub4dc\uc640 \uc2a4\uce94\uc758 SCA \ubc84\uc804\uc740 \ubc18\ub4dc\uc2dc \uc77c\uce58 \ud574\uc57c \ud55c\ub2e4.
<\/span>\n","protected":false},"excerpt":{"rendered":"

\u25a0 \uac1c\uc694 SCA \ubaa8\ubc14\uc77c \ube4c\ub4dc \uc138\uc158(MBS)\uc744 \uc0ac\uc6a9\ud558\uba74 \uac1c\ubc1c\uc790 PC\ub4f1\uc758 \ucef4\ud4e8\ud130\uc5d0\uc11c \ud504\ub85c\uc81d\ud2b8\ub97c \ube4c\ub4dc\ud558\uace0 \ub354 \ub098\uc740 \ud558\ub4dc\uc6e8\uc5b4\ub97c \uac16\ucd98 \ub2e4\ub978 \ucef4\ud4e8\ud130\uc5d0\uc11c \ud504\ub85c\uc81d\ud2b8\ub97c \uc2a4\uce94\ud560 \uc218 \uc788\ub2e4. MBS\ub97c \uc0ac\uc6a9\ud558\uba74 \uc6d0\ubcf8 \ucef4\ud4e8\ud130\uc5d0\uc11c \ubcc0\ud658\uc744 \uc218\ud589\ud55c \ub2e4\uc74c \ube4c\ub4dc \uc138\uc158\uc744 \ub354 \uc798 \uac16\ucd94\uc5b4\uc9c4 \ucef4\ud4e8\ud130\ub85c \uc774\ub3d9\ud558\uc5ec \uc2a4\uce94\uc744 \uc218\ud589\ud560 \uc218 \uc788\ub2e4. \uac1c\ubc1c\uc790\ub294 \uc790\uc2e0\uc758 \ucef4\ud4e8\ud130\uc5d0\uc11c \ube4c\ub4dc\uc744 \uc2e4\ud589\ud558\uace0 \ud558\ub098\uc758 \uac15\ub825\ud55c \ucef4\ud4e8\ud130\ub9cc \uc0ac\uc6a9\ud558\uc5ec \ub300\uaddc\ubaa8 \uc2a4\uce94\uc744 \uc2e4\ud589\ud560 \uc218 \uc788\ub2e4. \u25a0 […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[66],"tags":[],"class_list":["post-963","post","type-post","status-publish","format-standard","hentry","category-computing_fortify"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/963","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=963"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/963\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=963"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=963"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=963"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}