Explore
551-575 of 579
Use requestMapping on public methods
RequestMapping should not be used on non-public methods
- warning
- java
- Spring
- framework specific
- web
- Spring Web
- quality
Use SecureRandom instead of Random
Using Random can lead to predictable randomness
- error
- java
- security
- SEI CERT
Use SSLSocket instead of Socket/ServerSocket
Use SSLSocket instead of Socket/ServerSocket
- warning
- java
- security
- web
- SEI CERT
Use .stronger() for a more secure alternative
Encryptors.stronger() is more secure than Encryptors.standard()
- warning
- java
- Spring
- security
- framework specific
- Spring Security
Use the Region enum
AWS recommends to use one of the constants in the Regions enum
- warning
- java
- framework specific
- AWS
- quality
Validate Zip Entries
Ensure the zip entry is validated for nesting depth and size
- warning
- java
- security
- Java basic
Vulnerable Log4j version - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105
Vulnerable Log4j version - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105
- error
- java
- kotlin
- Log4j
- OWASP Top 10
- SLF4J
- basic protection set
- framework specific
- injection
- logging
- security
WebView Best Practices: Check URL to White List
Consider allowlist validation for URLs passed to this method
- error
- java
- security
- mobile
- framework specific
- Android
WebView Best Practices: Disable File Access (constructor)
Enabling file access in the webview could lead to misuse
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
WebView Best Practices: Disable File Access (setter)
Enabling file access in the webview could lead to misuse
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
WebView best practices: Disable Geolocation (constructor)
Enabling geolocation in the webview could lead to data exposure
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
WebView best practices: Disable Geolocation (setter)
Enabling geolocation in the webview could lead to data exposure
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
WebView best practices: Disable JavaScript (constructor)
Enabling JavaScript in the webview could lead to XSS
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
WebView best practices: Disable JavaScript (setter)
Enabling JavaScript in the webview could lead to XSS
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
WebView Best Practices: Do not allow access to local resources
Avoid targeting local resources
- warning
- java
- security
- framework specific
- mobile
- Android
X509: Disabled validation in TrustManager
A TrustManager has overridden the getAcceptedIssuers method, and only returns null.
- warning
- java
- security
- web
- TLS
- OWASP Top 10
XXE: DocumentBuilderFactory: Add missing feature dissallow-doctype-decl
Could lead to XXE
- error
- java
- security
- XXE
- basic protection set
- OWASP Top 10
XXE: DocumentBuilderFactory: Add missing feature external-parameter-entities
Could lead to XXE
- error
- java
- security
- XXE
- basic protection set
- OWASP Top 10
XXE: DocumentBuilderFactory: Add missing feature load-external-dtd
Could lead to XXE
- error
- java
- security
- XXE
- basic protection set
- OWASP Top 10
XXE: DocumentBuilderFactory: Add missing feature setExpandEntityReferences
Could lead to XXE
- error
- java
- security
- XXE
- basic protection set
- OWASP Top 10
XXE: DocumentBuilderFactory: Add missing feature setXIncludeAware
Could lead to XXE
- error
- java
- security
- XXE
- basic protection set
- OWASP Top 10
XXE: DocumentBuilderFactory: Set features to false
Could lead to XXE
- error
- java
- security
- XXE
- basic protection set
- OWASP Top 10
XXE: DocumentBuilderFactory: Set features to true
Could lead to XXE
- error
- java
- security
- XXE
- basic protection set
- OWASP Top 10
XXE: DocumentBuilderFactory: Setters to false
Could lead to XXE
- error
- java
- security
- XXE
- basic protection set
- OWASP Top 10
XXE: Set missing secure processing feature
Could lead to XXE
- error
- java
- OWASP Top 10
- XML
- XXE
- basic protection set
- security