Explore

Filters (0) Clear filters
Languages
Level
Tags

226-250 of 379

Secure Transport: use RequiresSecure to enforce HTTPS

Serve requests over HTTPS instead of unencrypted HTTP

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • OWASP Top 10
Secure Transport: use RequiresSecure to enforce HTTPS on all paths

Enforce HTTPS on all requests, not just on a selected number

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • OWASP Top 10
Security Misconfiguration: Clickjacking protection: Disabled Header - frameOptions()

Disabling Spring Security default headers makes the application vulnerable to clickjackin

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • Clickjacking
  • OWASP Top 10
Security Misconfiguration: Content sniffing protection

Prevent MIME sniffing by disabling contentTypeOptions

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • OWASP Top 10
Security Misconfiguration: CORS: Avoid broad settings: CorsRegistry#allowCredentials

Allowing credentials makes the application more vulnerable

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
Security Misconfiguration: CORS: Avoid broad settings: CorsRegistry#allowedHeaders

Allowing all headers makes the application vulnerable

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
Security Misconfiguration: CORS: Avoid broad settings: CorsRegistry#allowedMethods

Allowing unsafe methods puts the application at risk

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
Security Misconfiguration: CORS: Avoid broad settings: CorsRegistry#allowedOrigins

Allowing all origins makes the application vulnerable to scripts from any domain

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
Security Misconfiguration: CORS: Avoid broad settings: CorsRegistry#exposedHeaders

Exposing all headers makes the application vulnerable

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
Security Misconfiguration: CORS: Avoid broad settings: CorsRegistry#maxAge

A value over 30 minutes is considered prolonged and likely to reduce security

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
Security Misconfiguration: CORS: Avoid broad settings: @CrossOrigin

Avoid enabling CORS, or configure it as strictly as possible

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
Security Misconfiguration: CORS: Avoid broad settings: @CrossOrigin - allowCredentials

Allowing credentials makes the application more vulnerable

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
Security Misconfiguration: CORS: Avoid broad settings: @CrossOrigin - allowedHeaders

Allowing all headers makes the application vulnerable

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
Security Misconfiguration: CORS: Avoid broad settings: @CrossOrigin - exposedHeaders

Exposing all headers makes the application vulnerable

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
Security Misconfiguration: CORS: Avoid broad settings: @CrossOrigin - maxAge

A value over 30 minutes is considered prolonged and likely to reduce security

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
Security Misconfiguration: CORS: Avoid broad settings: @CrossOrigin - methods

Allowing unsafe methods puts the application at risk

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
Security Misconfiguration: CORS: Avoid broad settings: @CrossOrigin - origins

Allowing all origins makes the application vulnerable to scripts from any domain

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
Security Misconfiguration: Disabled Headers

Disabling Spring Security's default headers makes the application vulnerable

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • OWASP Top 10
Security Misconfiguration: Disabled Security Settings: CookieCsrfTokenRepository#withHttpOnlyFalse

Make sure to set HttpOnly to true to protect against CSRF or remove it

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • CSRF
  • OWASP Top 10
Security Misconfiguration: Disable Security Features - HSTS

Enforce HSTS protection against vulnerabilities over HTTP

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • OWASP Top 10
Security Misconfiguration: EnableWebSecurity with Debug enabled

The debug parameter on EnableWebSecurity should not be hardcoded to true

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • OWASP Top 10
Security Misconfiguration: HSTS - includeSubDomains

Include subdomains in the HSTS domain

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • OWASP Top 10
Security Misconfiguration: Prevent session from being included in the URL

Do not use URL Parameters for session tracking

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Avoid DefaultHttpFirewall (instance creation)

Using DefaultHttpFirewall may lead to security flaws

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Avoid DefaultHttpFirewall (method return type)

Using DefaultHttpFirewall may lead to security flaws

  • warning
  • java
  • kotlin
  • Spring
  • security
  • framework specific
  • Spring Security
  • web