Explore

Filters (0) Clear filters
Languages
Level
Tags

251-275 of 379

Security Misconfiguration: StrictHttpFirewall: Rule configuration: HTTP method validation

Not allowing just any HTTP method is more secure

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject semicolon

Rejecting semicolons is more secure

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject (URL encoded) backslash

Rejecting the use of a (URL encoded) backslash is more secure

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject URL encoded double slash

Rejecting the use of a URL encoded double slash in the URL is more secure

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject (URL encoded) null

Rejecting the use of a (URL encoded) null is more secure

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject URL encoded percent

Rejecting the use of a URL encoded percent in the URL is more secure

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject URL encoded period

Rejecting the use of a URL encoded period is more secure

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject URL encoded slash

Rejecting the use of a URL encoded slash is more secure

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: XSS protection: Add CSP header - xssProtection

Add a CSP header for additional protection agains XSS and data injection

  • info
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
  • XSS
  • OWASP Top 10
Security Misconfiguration: XSS protection: Add CSP header - XXssConfig

Add a CSP header for additional protection agains XSS and data injection

  • info
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
  • XSS
  • OWASP Top 10
Security Misconfiguration: XSS protection: Disabled Header - block()

Protection against XSS is better done by blocking the content instead of filtering it

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
  • XSS
  • OWASP Top 10
Security Misconfiguration: XSS protection: Disabled Header - disable()

Do not disable Spring Security's built-in XSS protection

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
  • XSS
  • OWASP Top 10
Security Misconfiguration: XSS protection: Disabled Header - xssProtectionEnabled()

Do not disable Spring Security's built-in XSS protection

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
  • XSS
  • OWASP Top 10
Sensitive Information: SMS: intent.putExtra

Usage of SMS discouraged

  • error
  • java
  • security
  • framework specific
  • mobile
  • Android
Sensitive Information: SMS: Uri.parse

Usage of SMS discouraged

  • error
  • java
  • security
  • framework specific
  • mobile
  • Android
Session configuration: Cookies: Configure HttpOnly flag

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Boot
  • OWASP Top 10
Session configuration: Cookies: Configure Secure flag

Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Web
  • OWASP Top 10
Session configuration: Cookies: Configure Secure flag

Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Boot
  • OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Web
  • OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Boot
  • OWASP Top 10
Session configuration: Cookies: Set Secure flag to true

Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Boot
  • OWASP Top 10
Session configuration: Cookies: Set Secure flag to true

Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Web
  • OWASP Top 10
Session Configuration: Invalidate the HttpSession after logout

Delete all sessions after logout

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Session management: Avoid CSRF: Use narrow mapping for state-changing methods

Non-specified RequestMapping method will map to any HTTP request

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Web
  • CSRF
Should use requiresSecure

Use of HTTP instead of HTTPS is insecure

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • OWASP Top 10