Explore

Filters (0) Clear filters
Languages
Level
Tags

551-575 of 579

Use requestMapping on public methods

RequestMapping should not be used on non-public methods

  • warning
  • java
  • Spring
  • framework specific
  • web
  • Spring Web
  • quality
Use SecureRandom instead of Random

Using Random can lead to predictable randomness

  • error
  • java
  • security
  • SEI CERT
Use SSLSocket instead of Socket/ServerSocket

Use SSLSocket instead of Socket/ServerSocket

  • warning
  • java
  • security
  • web
  • SEI CERT
Use .stronger() for a more secure alternative

Encryptors.stronger() is more secure than Encryptors.standard()

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
Use the Region enum

AWS recommends to use one of the constants in the Regions enum

  • warning
  • java
  • framework specific
  • AWS
  • quality
Validate Zip Entries

Ensure the zip entry is validated for nesting depth and size

  • warning
  • java
  • security
  • Java basic
Vulnerable Log4j version - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105

Vulnerable Log4j version - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105

  • error
  • java
  • kotlin
  • Log4j
  • OWASP Top 10
  • SLF4J
  • basic protection set
  • framework specific
  • injection
  • logging
  • security
WebView Best Practices: Check URL to White List

Consider allowlist validation for URLs passed to this method

  • error
  • java
  • security
  • mobile
  • framework specific
  • Android
WebView Best Practices: Disable File Access (constructor)

Enabling file access in the webview could lead to misuse

  • error
  • java
  • security
  • framework specific
  • Android
  • mobile
  • Android security set
WebView Best Practices: Disable File Access (setter)

Enabling file access in the webview could lead to misuse

  • error
  • java
  • security
  • framework specific
  • Android
  • mobile
  • Android security set
WebView best practices: Disable Geolocation (constructor)

Enabling geolocation in the webview could lead to data exposure

  • error
  • java
  • security
  • framework specific
  • Android
  • mobile
  • Android security set
WebView best practices: Disable Geolocation (setter)

Enabling geolocation in the webview could lead to data exposure

  • error
  • java
  • security
  • framework specific
  • Android
  • mobile
  • Android security set
WebView best practices: Disable JavaScript (constructor)

Enabling JavaScript in the webview could lead to XSS

  • error
  • java
  • security
  • framework specific
  • Android
  • mobile
  • Android security set
WebView best practices: Disable JavaScript (setter)

Enabling JavaScript in the webview could lead to XSS

  • error
  • java
  • security
  • framework specific
  • Android
  • mobile
  • Android security set
WebView Best Practices: Do not allow access to local resources

Avoid targeting local resources

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android
X509: Disabled validation in TrustManager

A TrustManager has overridden the getAcceptedIssuers method, and only returns null.

  • warning
  • java
  • security
  • web
  • TLS
  • OWASP Top 10
XXE: DocumentBuilderFactory: Add missing feature dissallow-doctype-decl

Could lead to XXE

  • error
  • java
  • security
  • XXE
  • basic protection set
  • OWASP Top 10
XXE: DocumentBuilderFactory: Add missing feature external-parameter-entities

Could lead to XXE

  • error
  • java
  • security
  • XXE
  • basic protection set
  • OWASP Top 10
XXE: DocumentBuilderFactory: Add missing feature load-external-dtd

Could lead to XXE

  • error
  • java
  • security
  • XXE
  • basic protection set
  • OWASP Top 10
XXE: DocumentBuilderFactory: Add missing feature setExpandEntityReferences

Could lead to XXE

  • error
  • java
  • security
  • XXE
  • basic protection set
  • OWASP Top 10
XXE: DocumentBuilderFactory: Add missing feature setXIncludeAware

Could lead to XXE

  • error
  • java
  • security
  • XXE
  • basic protection set
  • OWASP Top 10
XXE: DocumentBuilderFactory: Set features to false

Could lead to XXE

  • error
  • java
  • security
  • XXE
  • basic protection set
  • OWASP Top 10
XXE: DocumentBuilderFactory: Set features to true

Could lead to XXE

  • error
  • java
  • security
  • XXE
  • basic protection set
  • OWASP Top 10
XXE: DocumentBuilderFactory: Setters to false

Could lead to XXE

  • error
  • java
  • security
  • XXE
  • basic protection set
  • OWASP Top 10
XXE: Set missing secure processing feature

Could lead to XXE

  • error
  • java
  • OWASP Top 10
  • XML
  • XXE
  • basic protection set
  • security