Explore
251-275 of 379
Security Misconfiguration: StrictHttpFirewall: Rule configuration: HTTP method validation
Not allowing just any HTTP method is more secure
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject semicolon
Rejecting semicolons is more secure
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject (URL encoded) backslash
Rejecting the use of a (URL encoded) backslash is more secure
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject URL encoded double slash
Rejecting the use of a URL encoded double slash in the URL is more secure
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject (URL encoded) null
Rejecting the use of a (URL encoded) null is more secure
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject URL encoded percent
Rejecting the use of a URL encoded percent in the URL is more secure
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject URL encoded period
Rejecting the use of a URL encoded period is more secure
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject URL encoded slash
Rejecting the use of a URL encoded slash is more secure
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web
Security Misconfiguration: XSS protection: Add CSP header - xssProtection
Add a CSP header for additional protection agains XSS and data injection
- info
- java
- Spring
- security
- framework specific
- Spring Security
- web
- XSS
- OWASP Top 10
Security Misconfiguration: XSS protection: Add CSP header - XXssConfig
Add a CSP header for additional protection agains XSS and data injection
- info
- java
- Spring
- security
- framework specific
- Spring Security
- web
- XSS
- OWASP Top 10
Security Misconfiguration: XSS protection: Disabled Header - block()
Protection against XSS is better done by blocking the content instead of filtering it
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web
- XSS
- OWASP Top 10
Security Misconfiguration: XSS protection: Disabled Header - disable()
Do not disable Spring Security's built-in XSS protection
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web
- XSS
- OWASP Top 10
Security Misconfiguration: XSS protection: Disabled Header - xssProtectionEnabled()
Do not disable Spring Security's built-in XSS protection
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web
- XSS
- OWASP Top 10
Sensitive Information: SMS: intent.putExtra
Usage of SMS discouraged
- error
- java
- security
- framework specific
- mobile
- Android
Sensitive Information: SMS: Uri.parse
Usage of SMS discouraged
- error
- java
- security
- framework specific
- mobile
- Android
Session configuration: Cookies: Configure HttpOnly flag
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Boot
- OWASP Top 10
Session configuration: Cookies: Configure Secure flag
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Web
- OWASP Top 10
Session configuration: Cookies: Configure Secure flag
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Boot
- OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Web
- OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Boot
- OWASP Top 10
Session configuration: Cookies: Set Secure flag to true
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Boot
- OWASP Top 10
Session configuration: Cookies: Set Secure flag to true
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Web
- OWASP Top 10
Session Configuration: Invalidate the HttpSession after logout
Delete all sessions after logout
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web
Session management: Avoid CSRF: Use narrow mapping for state-changing methods
Non-specified RequestMapping method will map to any HTTP request
- error
- java
- Spring
- security
- framework specific
- web
- Spring Web
- CSRF
Should use requiresSecure
Use of HTTP instead of HTTPS is insecure
- error
- java
- Spring
- security
- framework specific
- web
- Spring Security
- OWASP Top 10