Explore

Filters (0) Clear filters
Languages
Level
Tags

51-75 of 159

Email: Disabled SSL Server Identity check

When sending an email, the setSSLCheckServerIdentity has been set to false

  • error
  • java
  • security
  • Apache Commons
  • web
  • email
  • OWASP Top 10
Encryptors requires the use of a random 8-byte salt

The salt should be random, 8-bytes and in hex-encoded String

  • error
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
Incorrect equality check of wrapper values (equals)

Use equals method to compare wrapped values

  • error
  • java
  • Java basic
  • quality
  • SEI CERT
Incorrect equality check of wrapper values (not equals)

Use equals method to compare wrapped values

  • error
  • java
  • Java basic
  • quality
  • SEI CERT
Information Exposure: Avoid using hardware identifiers - Compliant

Using hardware identifiers is not recommended - compliant

  • error
  • java
  • security
  • framework specific
  • mobile
  • Android
Injection: Avoid Code Injection: Use SafeConstructor: 1st argument of type Constructor

Could lead to Remote Code Execution

  • error
  • java
  • security
  • basic protection set
  • injection
  • YAML
  • OWASP Top 10
Injection: Avoid Code Injection: Use SafeConstructor: arguments, but no Constructor argument

Could lead to Remote Code Execution

  • error
  • java
  • security
  • basic protection set
  • injection
  • YAML
  • OWASP Top 10
Injection: Avoid Code Injection: Use SafeConstructor: no arguments

Could lead to Remote Code Execution

  • error
  • java
  • security
  • basic protection set
  • injection
  • YAML
  • OWASP Top 10
Injection: Avoid SQL Injection: Use Parameterized Queries (PreparedStatement)

Could lead to SQL Injection

  • error
  • java
  • security
  • SEI CERT
  • basic protection set
  • injection
  • SQL
  • OWASP Top 10
Injection: Avoid SQL Injection: Use Parameterized Queries (Statement)

Could lead to SQL Injection

  • error
  • java
  • security
  • SEI CERT
  • basic protection set
  • injection
  • SQL
  • OWASP Top 10
Injection - SQL Injection in JPA: EntityManager#createNativeQuery

Avoid SQLi by using parameterized queries, instead of string concatenation with untrusted input

  • error
  • java
  • security
  • JPA
  • injection
  • SQL
  • OWASP Top 10
Injection - SQL Injection in JPA: EntityManager#createQuery

Avoid SQLi by using parameterized queries, instead of string concatenation with untrusted input

  • error
  • java
  • security
  • JPA
  • injection
  • SQL
  • OWASP Top 10
Injection: XXE: Jaxb2Marshaller#setProcessExternalEntities set to true

Prevent XXE by disabling the processing of external entities

  • error
  • java
  • Spring
  • security
  • XXE
  • framework specific
  • Spring XML
  • OWASP Top 10
Injection: XXE: Jaxb2Marshaller#setSupportDtd set to true

Prevent XXE by disabling DTDs

  • error
  • java
  • Spring
  • security
  • XXE
  • framework specific
  • Spring XML
  • OWASP Top 10
Injection: XXE: Jaxb2RootElementHttpMessageConverter#setProcessExternalEntities set to true

Prevent XXE by disabling the processing of External Entities

  • error
  • java
  • Spring
  • security
  • XXE
  • framework specific
  • Spring XML
  • OWASP Top 10
Injection: XXE: Jaxb2RootElementHttpMessageConverter#setSupportDtd set to true

Prevent XXE by disabling DTDs

  • error
  • java
  • Spring
  • security
  • XXE
  • framework specific
  • Spring XML
  • OWASP Top 10
Injection: XXE: SourceHttpMessageConverter#setProcessExternalEntities set to true

Prevent XXE by disabling the processing of External Entities

  • error
  • java
  • Spring
  • security
  • XXE
  • framework specific
  • Spring XML
  • OWASP Top 10
Injection: XXE: SourceHttpMessageConverter#setSupportDtd set to true

Prevent XXE by disabling DTDs

  • error
  • java
  • Spring
  • security
  • XXE
  • framework specific
  • Spring XML
  • OWASP Top 10
Input Validation: Avoid Expression Language Injection: Do not evaluate expressions controlled by user input (javax)

Could lead to Expression Language Injection

  • error
  • java
  • expression language
  • security
  • injection
  • OWASP Top 10
Input Validation: Avoid JDBC Injection: Bind variables in prepared statements: single parameter

Could lead to JDBC Injection

  • error
  • java
  • Spring
  • security
  • Spring Data
  • framework specific
  • injection
  • SQL
  • OWASP Top 10
Input Validation: Avoid JDBC Injection: Bind variables in prepared statements: Two parameters

Could lead to JDBC Injection

  • error
  • java
  • Spring
  • security
  • Spring Data
  • framework specific
  • injection
  • SQL
  • OWASP Top 10
Input Validation: Avoid Spring Expression Language Injection: Do not evaluate expressions controlled by user input (ExpressionParser)

Could lead to Spring Expression Language Injection

  • error
  • java
  • expression language
  • Spring
  • Spring Core
  • security
  • framework specific
  • injection
  • OWASP Top 10
Input Validation: Avoid XXE: Use automatically protected source types

Could lead to XXE

  • error
  • java
  • Spring
  • security
  • XXE
  • framework specific
  • Spring XML
  • OWASP Top 10
Invalid comparison of String to number primitive

This comparison of a String to a number will always return false

  • error
  • java
  • Java basic
  • quality
Invalid comparison of String to number wrapper

This comparison of a String to a number will always return false

  • error
  • java
  • Java basic
  • quality