2.跨站点请求伪CSRF:
response.getWriter().write( "");
带参数的:
response.getWriter().write(? ""? );
3.启用不安全HTTP方法
在web.xml加入如下配置
/*
PUT
DELETE
HEAD
OPTIONS
TRACE
BASIC
4.已解密登录请求
SSL
/*
CONFIDENTIAL
5.高速缓存的ssl页面
页面添加
?6.会话cookie 中缺少HttpOnly 属性
response.addHeader("Set-Cookie", "uid=110; Path=/; HttpOnly");
//设置多个cookie
response.addHeader("Set-Cookie", "uid=110; Path=/; HttpOnly");
response.addHeader("Set-Cookie", "timeout=30; Path=/test; HttpOnly");
//设置https的cookie
response.addHeader("Set-Cookie", "uid=110; Path=/; Secure; HttpOnly");
//csdn博客里面有更多关于appscan扫描报告和修复的详情:http://blog.csdn.net/huoyunshen88/article/details/39181107