Explore
51-75 of 219
Data Protection: Secure Data Storage: Avoid Data Exposure: Do not use NoOpPasswordEncoder
Could lead to data exposure
- error
- java
- Spring
- security
- framework specific
- Spring Security
Data Protection: Secure Data Storage: Avoid Data Exposure: Hash passwords using strong hashing algorithms
Could lead to data exposure
- error
- java
- Spring
- security
- framework specific
- Spring Security
Data Protection: Secure Data Storage: Avoid Data Exposure: Hash passwords using strong hashing algorithms
Could lead to data exposure
- error
- java
- security
- framework specific
- Spring
- Spring Security
Data Protection - Secure Data Storage: Avoid data exposure: Use Cipher instead of NullCipher
Could lead to data exposure
- error
- java
- security
- basic protection set
Do not compare classes/types by their name
Comparing the class names is less robust than comparing the actual classes
- warning
- java
- Java basic
- SEI CERT
- quality
- security
Do not compare classes/types by their name (literal)
Comparing the class names is less robust than comparing the actual classes
- warning
- java
- Java basic
- SEI CERT
- quality
- security
Do not compare classes/types by their name (literal inverted)
Comparing the class names is less robust than comparing the actual classes
- warning
- java
- Java basic
- SEI CERT
- quality
- security
Do not expose internal array
Do not expose an internal array as it is mutable
- warning
- java
- security
- Java basic
- quality
Email: Disabled SSL on Connect
When sending an email, SSL has been disabled on connection
- error
- java
- security
- Apache Commons
- web
- OWASP Top 10
Email: Disabled SSL Server Identity check
When sending an email, the setSSLCheckServerIdentity has been set to false
- error
- java
- security
- Apache Commons
- web
- OWASP Top 10
Encryptors requires the use of a random 8-byte salt
The salt should be random, 8-bytes and in hex-encoded String
- error
- java
- Spring
- security
- framework specific
- Spring Security
Hardcoded Credentials: AWS Key
AWS credentials should not be hardcoded.
- warning
- java
- security
- framework specific
- AWS
Hibernate: Missing transport-level security: No SSL for database connection
Use transport level security to connect to the database
- warning
- xml
- database
- security
- Hibernate
- framework specific
- OWASP Top 10
- TLS
Info Leakage: Throwable.printStacktrace leaks valuable program structure information
Printing a stack trace gives valuable information about software internals, including library/framework names and versions, to an attacker
- warning
- java
- security
- framework specific
- logging
- Logger
Information Exposure: Avoid DeviceEncryptedStorage for Sensitive Information
Using DeviceEncryptedStorage for Sensitive information is insecure
- warning
- java
- security
- framework specific
- mobile
- Android
Information Exposure: Avoid using hardware identifiers - Compliant
Using hardware identifiers is not recommended - compliant
- error
- java
- security
- framework specific
- mobile
- Android
Information Exposure: Do not place sensitive information on ClipBoard
Never copy sensitive information to the ClipBoard
- info
- java
- security
- framework specific
- mobile
- Android
Information Exposure: Sensitive information
Do not send sensitive information or put it on the clipboard
- warning
- java
- security
- framework specific
- mobile
- Android
Injection: Avoid Code Injection: Use SafeConstructor: 1st argument of type Constructor
Could lead to Remote Code Execution
- error
- java
- security
- basic protection set
- injection
- YAML
- OWASP Top 10
Injection: Avoid Code Injection: Use SafeConstructor: arguments, but no Constructor argument
Could lead to Remote Code Execution
- error
- java
- security
- basic protection set
- injection
- YAML
- OWASP Top 10
Injection: Avoid Code Injection: Use SafeConstructor: no arguments
Could lead to Remote Code Execution
- error
- java
- security
- basic protection set
- injection
- YAML
- OWASP Top 10
Injection: Avoid SQL Injection: Use Parameterized Queries (PreparedStatement)
Could lead to SQL Injection
- error
- java
- security
- SEI CERT
- basic protection set
- injection
- SQL
- OWASP Top 10
Injection: Avoid SQL Injection: Use Parameterized Queries (Statement)
Could lead to SQL Injection
- error
- java
- security
- SEI CERT
- basic protection set
- injection
- SQL
- OWASP Top 10
Injection - SQL Injection in JPA: EntityManager#createNativeQuery
Avoid SQLi by using parameterized queries, instead of string concatenation with untrusted input
- error
- java
- security
- JPA
- injection
- SQL
- OWASP Top 10
Injection - SQL Injection in JPA: EntityManager#createQuery
Avoid SQLi by using parameterized queries, instead of string concatenation with untrusted input
- error
- java
- security
- JPA
- injection
- SQL
- OWASP Top 10