Explore

Filters (0) Clear filters
Languages
Level
Tags

351-375 of 589

Security Misconfiguration: Disabled Security Settings: CookieCsrfTokenRepository#withHttpOnlyFalse

Make sure to set HttpOnly to true to protect against CSRF or remove it

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • CSRF
  • OWASP Top 10
Security Misconfiguration: Disable Security Features - HSTS

Enforce HSTS protection against vulnerabilities over HTTP

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • OWASP Top 10
Security Misconfiguration: EnableWebSecurity with Debug enabled

The debug parameter on EnableWebSecurity should not be hardcoded to true

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • OWASP Top 10
Security Misconfiguration: HSTS - includeSubDomains

Include subdomains in the HSTS domain

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • OWASP Top 10
Security Misconfiguration: Prevent session from being included in the URL

Do not use URL Parameters for session tracking

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Avoid DefaultHttpFirewall (instance creation)

Using DefaultHttpFirewall may lead to security flaws

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Avoid DefaultHttpFirewall (method return type)

Using DefaultHttpFirewall may lead to security flaws

  • warning
  • java
  • kotlin
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: HTTP method validation

Not allowing just any HTTP method is more secure

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject semicolon

Rejecting semicolons is more secure

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject (URL encoded) backslash

Rejecting the use of a (URL encoded) backslash is more secure

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject URL encoded double slash

Rejecting the use of a URL encoded double slash in the URL is more secure

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject (URL encoded) null

Rejecting the use of a (URL encoded) null is more secure

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject URL encoded percent

Rejecting the use of a URL encoded percent in the URL is more secure

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject URL encoded period

Rejecting the use of a URL encoded period is more secure

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: StrictHttpFirewall: Rule configuration: Reject URL encoded slash

Rejecting the use of a URL encoded slash is more secure

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Security Misconfiguration: XSS protection: Add CSP header - xssProtection

Add a CSP header for additional protection agains XSS and data injection

  • info
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
  • XSS
  • OWASP Top 10
Security Misconfiguration: XSS protection: Add CSP header - XXssConfig

Add a CSP header for additional protection agains XSS and data injection

  • info
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
  • XSS
  • OWASP Top 10
Security Misconfiguration: XSS protection: Disabled Header - block()

Protection against XSS is better done by blocking the content instead of filtering it

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
  • XSS
  • OWASP Top 10
Security Misconfiguration: XSS protection: Disabled Header - disable()

Do not disable Spring Security's built-in XSS protection

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
  • XSS
  • OWASP Top 10
Security Misconfiguration: XSS protection: Disabled Header - xssProtectionEnabled()

Do not disable Spring Security's built-in XSS protection

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
  • XSS
  • OWASP Top 10
Sensitive Information: SMS: intent.putExtra

Usage of SMS discouraged

  • error
  • java
  • security
  • framework specific
  • mobile
  • Android
Sensitive Information: SMS: Uri.parse

Usage of SMS discouraged

  • error
  • java
  • security
  • framework specific
  • mobile
  • Android
Session configuration: Cookie: Configure HttpOnly flag

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • security
  • web
  • OWASP Top 10
Session configuration: Cookies: Configure HttpOnly flag

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Boot
  • OWASP Top 10
Session configuration: Cookies: Configure HttpOnly flag

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • security
  • web
  • Apache Shiro
  • OWASP Top 10