Explore

Filters (0) Clear filters
Languages
Level
Tags

51-75 of 219

View details
Data Protection: Secure Data Storage: Avoid Data Exposure: Do not use NoOpPasswordEncoder

Could lead to data exposure

  • error
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
View details
Data Protection: Secure Data Storage: Avoid Data Exposure: Hash passwords using strong hashing algorithms

Could lead to data exposure

  • error
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
View details
Data Protection: Secure Data Storage: Avoid Data Exposure: Hash passwords using strong hashing algorithms

Could lead to data exposure

  • error
  • java
  • security
  • framework specific
  • Spring
  • Spring Security
View details
Data Protection - Secure Data Storage: Avoid data exposure: Use Cipher instead of NullCipher

Could lead to data exposure

  • error
  • java
  • security
  • basic protection set
View details
Do not compare classes/types by their name

Comparing the class names is less robust than comparing the actual classes

  • warning
  • java
  • Java basic
  • SEI CERT
  • quality
  • security
View details
Do not compare classes/types by their name (literal)

Comparing the class names is less robust than comparing the actual classes

  • warning
  • java
  • Java basic
  • SEI CERT
  • quality
  • security
View details
Do not compare classes/types by their name (literal inverted)

Comparing the class names is less robust than comparing the actual classes

  • warning
  • java
  • Java basic
  • SEI CERT
  • quality
  • security
View details
Do not expose internal array

Do not expose an internal array as it is mutable

  • warning
  • java
  • security
  • Java basic
  • quality
View details
Email: Disabled SSL on Connect

When sending an email, SSL has been disabled on connection

  • error
  • java
  • security
  • Apache Commons
  • web
  • email
  • OWASP Top 10
View details
Email: Disabled SSL Server Identity check

When sending an email, the setSSLCheckServerIdentity has been set to false

  • error
  • java
  • security
  • Apache Commons
  • web
  • email
  • OWASP Top 10
View details
Encryptors requires the use of a random 8-byte salt

The salt should be random, 8-bytes and in hex-encoded String

  • error
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
View details
Hardcoded Credentials: AWS Key

AWS credentials should not be hardcoded.

  • warning
  • java
  • security
  • framework specific
  • AWS
View details
Hibernate: Missing transport-level security: No SSL for database connection

Use transport level security to connect to the database

  • warning
  • xml
  • database
  • security
  • Hibernate
  • framework specific
  • OWASP Top 10
  • TLS
View details
Info Leakage: Throwable.printStacktrace leaks valuable program structure information

Printing a stack trace gives valuable information about software internals, including library/framework names and versions, to an attacker

  • warning
  • java
  • security
  • framework specific
  • logging
  • Logger
View details
Information Exposure: Avoid DeviceEncryptedStorage for Sensitive Information

Using DeviceEncryptedStorage for Sensitive information is insecure

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android
View details
Information Exposure: Avoid using hardware identifiers - Compliant

Using hardware identifiers is not recommended - compliant

  • error
  • java
  • security
  • framework specific
  • mobile
  • Android
View details
Information Exposure: Do not place sensitive information on ClipBoard

Never copy sensitive information to the ClipBoard

  • info
  • java
  • security
  • framework specific
  • mobile
  • Android
View details
Information Exposure: Sensitive information

Do not send sensitive information or put it on the clipboard

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android
View details
Injection: Avoid Code Injection: Use SafeConstructor: 1st argument of type Constructor

Could lead to Remote Code Execution

  • error
  • java
  • security
  • basic protection set
  • injection
  • YAML
  • OWASP Top 10
View details
Injection: Avoid Code Injection: Use SafeConstructor: arguments, but no Constructor argument

Could lead to Remote Code Execution

  • error
  • java
  • security
  • basic protection set
  • injection
  • YAML
  • OWASP Top 10
View details
Injection: Avoid Code Injection: Use SafeConstructor: no arguments

Could lead to Remote Code Execution

  • error
  • java
  • security
  • basic protection set
  • injection
  • YAML
  • OWASP Top 10
View details
Injection: Avoid SQL Injection: Use Parameterized Queries (PreparedStatement)

Could lead to SQL Injection

  • error
  • java
  • security
  • SEI CERT
  • basic protection set
  • injection
  • SQL
  • OWASP Top 10
View details
Injection: Avoid SQL Injection: Use Parameterized Queries (Statement)

Could lead to SQL Injection

  • error
  • java
  • security
  • SEI CERT
  • basic protection set
  • injection
  • SQL
  • OWASP Top 10
View details
Injection - SQL Injection in JPA: EntityManager#createNativeQuery

Avoid SQLi by using parameterized queries, instead of string concatenation with untrusted input

  • error
  • java
  • security
  • JPA
  • injection
  • SQL
  • OWASP Top 10
View details
Injection - SQL Injection in JPA: EntityManager#createQuery

Avoid SQLi by using parameterized queries, instead of string concatenation with untrusted input

  • error
  • java
  • security
  • JPA
  • injection
  • SQL
  • OWASP Top 10