Explore
51-75 of 91
Session configuration: Cookies: Set HttpOnly flag to true
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Boot
- OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- security
- web
- OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- security
- web
- Apache Shiro
- OWASP Top 10
Session configuration: Cookies: Set Secure flag to true
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- security
- web
- OWASP Top 10
Session configuration: Cookies: Set Secure flag to true
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- security
- web
- Apache Shiro
- OWASP Top 10
Session configuration: Cookies: Set Secure flag to true
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Boot
- OWASP Top 10
Session configuration: Cookies: Set Secure flag to true
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Web
- OWASP Top 10
Session configuration: HttpCookie: Configure HttpOnly flag
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- security
- web
- OWASP Top 10
Should use requiresSecure
Use of HTTP instead of HTTPS is insecure
- error
- java
- Spring
- security
- framework specific
- web
- Spring Security
- OWASP Top 10
SLF4J Logging: enforce usage of placeholders in the messages
Do not concatenate untrusted data in the message string, instead use placeholders ( '{}' )
- marked_information
- java
- security
- logging
- injection
- OWASP Top 10
- SLF4J
- framework specific
Spring Data Neo4jClient#query is vulnerable to injections
Spring Data Neo4jClient#query is vulnerable to injections
- error
- java
- security
- Neo4j
- framework specific
- OWASP Top 10
- injection
- Spring Data
SQL Injection: SQLiteDatabase#execSQL
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteDatabase#query - 1st parameter
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteDatabase#query - 2nd parameter
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteDatabase#query - 3rd parameter
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteDatabase#query - 5th parameter
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteQueryBuilder appendWhere
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteQueryBuilder#buildQuery
This method is vulnerable to SQL injection. Consider writing the query instead of relying on builders.
- error
- java
- security
- framework specific
- mobile
- injection
- SQL
- Android
- OWASP Top 10
SQL Injection: SQLiteQueryBuilder compileStatement
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteQueryBuilder compileStatement Compliant
SQL Injection: SQLiteQueryBuilder compileStatement - Compliant
- compliant
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- Android security set
- OWASP Top 10
TLS: Disabled Certificate validation
The verify method has been overridden, and always returns true
- warning
- java
- security
- web
- TLS
- OWASP Top 10
TLS: Weak Encryption: Insecure Version
Could lead to Data Exposure
- error
- java
- security
- web
- TLS
- OWASP Top 10
TLS: Weak Encryption: Outdated Version
Could lead to Data Exposure
- warning
- java
- security
- web
- TLS
- OWASP Top 10
Untrusted input in logging
Prevent log injection by filtering untrusted input
- info
- java
- security
- OWASP Top 10
- framework specific
- logging
- Logger
- injection
Vulnerable Log4j dependency - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105
Vulnerable Log4j dependency - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105
- error
- xml
- Apache Maven
- Log4j
- OWASP Top 10
- SLF4J
- basic protection set
- framework specific
- injection
- logging
- security