45 lines
1.1 KiB
Plaintext
45 lines
1.1 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
val random = Random() // Noncompliant: Random() is not a secure random number generaotr
|
|
val bytes = ByteArray(20)
|
|
random.nextBytes(bytes)
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,kotlin]
|
|
----
|
|
val random = SecureRandom()
|
|
val bytes = ByteArray(20)
|
|
random.nextBytes(bytes)
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
* OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements]
|
|
* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
|
|
* OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m10-insufficient-cryptography[Mobile Top 10 2024 Category M10 - Insufficient Cryptography]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|