Allowing all headers makes the application vulnerable

• warning
• java
• Spring
• security
• framework specific
• web
• Spring Security

Exposing all headers makes the application vulnerable

• warning
• java
• Spring
• security
• framework specific
• web
• Spring Security

A value over 30 minutes is considered prolonged and likely to reduce security

• warning
• java
• Spring
• security
• framework specific
• web
• Spring Security

Allowing unsafe methods puts the application at risk

• warning
• java
• Spring
• security
• framework specific
• web
• Spring Security

Allowing all origins makes the application vulnerable to scripts from any domain

• warning
• java
• Spring
• security
• framework specific
• web
• Spring Security

Disabling Spring Security's default headers makes the application vulnerable

• warning
• java
• Spring
• security
• framework specific
• web
• Spring Security
• OWASP Top 10

The debug parameter on EnableWebSecurity should not be hardcoded to true

• warning
• java
• Spring
• security
• framework specific
• web
• Spring Security
• OWASP Top 10

Do not use URL Parameters for session tracking

• warning
• java
• Spring
• security
• framework specific
• Spring Security
• web

Using DefaultHttpFirewall may lead to security flaws

• warning
• java
• Spring
• security
• framework specific
• Spring Security
• web

Using DefaultHttpFirewall may lead to security flaws

• warning
• java
• kotlin
• Spring
• security
• framework specific
• Spring Security
• web

Not allowing just any HTTP method is more secure

• warning
• java
• Spring
• security
• framework specific
• Spring Security
• web

Rejecting semicolons is more secure

• warning
• java
• Spring
• security
• framework specific
• Spring Security
• web

Rejecting the use of a (URL encoded) backslash is more secure

• warning
• java
• Spring
• security
• framework specific
• Spring Security
• web

Rejecting the use of a URL encoded double slash in the URL is more secure

• warning
• java
• Spring
• security
• framework specific
• Spring Security
• web

Rejecting the use of a (URL encoded) null is more secure

• warning
• java
• Spring
• security
• framework specific
• Spring Security
• web

Rejecting the use of a URL encoded percent in the URL is more secure

• warning
• java
• Spring
• security
• framework specific
• Spring Security
• web

Rejecting the use of a URL encoded period is more secure

• warning
• java
• Spring
• security
• framework specific
• Spring Security
• web

Rejecting the use of a URL encoded slash is more secure

• warning
• java
• Spring
• security
• framework specific
• Spring Security
• web

Protection against XSS is better done by blocking the content instead of filtering it

• warning
• java
• Spring
• security
• framework specific
• Spring Security
• web
• XSS
• OWASP Top 10

Do not disable Spring Security's built-in XSS protection

• warning
• java
• Spring
• security
• framework specific
• Spring Security
• web
• XSS
• OWASP Top 10

Do not disable Spring Security's built-in XSS protection

• warning
• java
• Spring
• security
• framework specific
• Spring Security
• web
• XSS
• OWASP Top 10

Delete all sessions after logout

• warning
• java
• Spring
• security
• framework specific
• Spring Security
• web

Classes annotated with @(Rest)Controller, @Service, @Repository should have a singleton scope

• warning
• java
• web
• framework specific
• Spring Boot
• Spring
• quality

This operating mode has been deprecated

• warning
• java
• security
• framework specific
• mobile
• Android

A call to String.format is being made without the return value being used

• warning
• java
• Java basic
• quality