Thursday, December 20, 2012

HP Fortify Challenges

Oh boy, if it takes three hours to run a Fortify scan it is really hard to validate that your fixes are really fixes. (see: this) :( All you can do is guess how to fix a problem and then let a scan run overnight. I am just this morning realizing that I've solved no problems yesterday whatsoever. Today, I guess I will try to fix one bug in each category of bugs and then see if I have any successes. I found http://stackoverflow.com/tags/fortify-software/hot online which seems to be a pretty good cheatsheet for how to fix up some things. Server.Transfer("/whatever.aspx") is perhaps superior to the approach of using Response.Redirect("/whatever.aspx") but I won't really know for sure until tomorrow after a scan runs overnight.

No comments:

Post a Comment