Explore
51-75 of 159
Email: Disabled SSL Server Identity check
When sending an email, the setSSLCheckServerIdentity has been set to false
- error
- java
- security
- Apache Commons
- web
- OWASP Top 10
Encryptors requires the use of a random 8-byte salt
The salt should be random, 8-bytes and in hex-encoded String
- error
- java
- Spring
- security
- framework specific
- Spring Security
Incorrect equality check of wrapper values (equals)
Use equals method to compare wrapped values
- error
- java
- Java basic
- quality
- SEI CERT
Incorrect equality check of wrapper values (not equals)
Use equals method to compare wrapped values
- error
- java
- Java basic
- quality
- SEI CERT
Information Exposure: Avoid using hardware identifiers - Compliant
Using hardware identifiers is not recommended - compliant
- error
- java
- security
- framework specific
- mobile
- Android
Injection: Avoid Code Injection: Use SafeConstructor: 1st argument of type Constructor
Could lead to Remote Code Execution
- error
- java
- security
- basic protection set
- injection
- YAML
- OWASP Top 10
Injection: Avoid Code Injection: Use SafeConstructor: arguments, but no Constructor argument
Could lead to Remote Code Execution
- error
- java
- security
- basic protection set
- injection
- YAML
- OWASP Top 10
Injection: Avoid Code Injection: Use SafeConstructor: no arguments
Could lead to Remote Code Execution
- error
- java
- security
- basic protection set
- injection
- YAML
- OWASP Top 10
Injection: Avoid SQL Injection: Use Parameterized Queries (PreparedStatement)
Could lead to SQL Injection
- error
- java
- security
- SEI CERT
- basic protection set
- injection
- SQL
- OWASP Top 10
Injection: Avoid SQL Injection: Use Parameterized Queries (Statement)
Could lead to SQL Injection
- error
- java
- security
- SEI CERT
- basic protection set
- injection
- SQL
- OWASP Top 10
Injection - SQL Injection in JPA: EntityManager#createNativeQuery
Avoid SQLi by using parameterized queries, instead of string concatenation with untrusted input
- error
- java
- security
- JPA
- injection
- SQL
- OWASP Top 10
Injection - SQL Injection in JPA: EntityManager#createQuery
Avoid SQLi by using parameterized queries, instead of string concatenation with untrusted input
- error
- java
- security
- JPA
- injection
- SQL
- OWASP Top 10
Injection: XXE: Jaxb2Marshaller#setProcessExternalEntities set to true
Prevent XXE by disabling the processing of external entities
- error
- java
- Spring
- security
- XXE
- framework specific
- Spring XML
- OWASP Top 10
Injection: XXE: Jaxb2Marshaller#setSupportDtd set to true
Prevent XXE by disabling DTDs
- error
- java
- Spring
- security
- XXE
- framework specific
- Spring XML
- OWASP Top 10
Injection: XXE: Jaxb2RootElementHttpMessageConverter#setProcessExternalEntities set to true
Prevent XXE by disabling the processing of External Entities
- error
- java
- Spring
- security
- XXE
- framework specific
- Spring XML
- OWASP Top 10
Injection: XXE: Jaxb2RootElementHttpMessageConverter#setSupportDtd set to true
Prevent XXE by disabling DTDs
- error
- java
- Spring
- security
- XXE
- framework specific
- Spring XML
- OWASP Top 10
Injection: XXE: SourceHttpMessageConverter#setProcessExternalEntities set to true
Prevent XXE by disabling the processing of External Entities
- error
- java
- Spring
- security
- XXE
- framework specific
- Spring XML
- OWASP Top 10
Injection: XXE: SourceHttpMessageConverter#setSupportDtd set to true
Prevent XXE by disabling DTDs
- error
- java
- Spring
- security
- XXE
- framework specific
- Spring XML
- OWASP Top 10
Input Validation: Avoid Expression Language Injection: Do not evaluate expressions controlled by user input (javax)
Could lead to Expression Language Injection
- error
- java
- expression language
- security
- injection
- OWASP Top 10
Input Validation: Avoid JDBC Injection: Bind variables in prepared statements: single parameter
Could lead to JDBC Injection
- error
- java
- Spring
- security
- Spring Data
- framework specific
- injection
- SQL
- OWASP Top 10
Input Validation: Avoid JDBC Injection: Bind variables in prepared statements: Two parameters
Could lead to JDBC Injection
- error
- java
- Spring
- security
- Spring Data
- framework specific
- injection
- SQL
- OWASP Top 10
Input Validation: Avoid Spring Expression Language Injection: Do not evaluate expressions controlled by user input (ExpressionParser)
Could lead to Spring Expression Language Injection
- error
- java
- expression language
- Spring
- Spring Core
- security
- framework specific
- injection
- OWASP Top 10
Input Validation: Avoid XXE: Use automatically protected source types
Could lead to XXE
- error
- java
- Spring
- security
- XXE
- framework specific
- Spring XML
- OWASP Top 10
Invalid comparison of String to number primitive
This comparison of a String to a number will always return false
- error
- java
- Java basic
- quality
Invalid comparison of String to number wrapper
This comparison of a String to a number will always return false
- error
- java
- Java basic
- quality