Explore

Filters (0) Clear filters
Languages
Level
Tags

51-75 of 79

Session configuration: Cookies: Configure HttpOnly flag

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • security
  • web
  • Apache Shiro
  • OWASP Top 10
Session configuration: Cookies: Configure HttpOnly flag

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Boot
  • OWASP Top 10
Session configuration: Cookies: Configure Secure flag

Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true

  • error
  • java
  • security
  • web
  • OWASP Top 10
Session configuration: Cookies: Configure Secure flag

Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Web
  • OWASP Top 10
Session configuration: Cookies: Configure Secure flag

Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true

  • error
  • java
  • security
  • web
  • Apache Shiro
  • OWASP Top 10
Session configuration: Cookies: Configure Secure flag

Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Boot
  • OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Boot
  • OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • security
  • web
  • OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • security
  • web
  • Apache Shiro
  • OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Web
  • OWASP Top 10
Session configuration: Cookies: Set Secure flag to true

Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true

  • error
  • java
  • security
  • web
  • Apache Shiro
  • OWASP Top 10
Session configuration: Cookies: Set Secure flag to true

Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true

  • error
  • java
  • security
  • web
  • OWASP Top 10
Session configuration: Cookies: Set Secure flag to true

Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Boot
  • OWASP Top 10
Session configuration: Cookies: Set Secure flag to true

Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Web
  • OWASP Top 10
Session configuration: HttpCookie: Configure HttpOnly flag

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • security
  • web
  • OWASP Top 10
Session Configuration: Invalidate the HttpSession after logout

Delete all sessions after logout

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Session management: Avoid CSRF: Use narrow mapping for state-changing methods

Non-specified RequestMapping method will map to any HTTP request

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Web
  • CSRF
Should use requiresSecure

Use of HTTP instead of HTTPS is insecure

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • OWASP Top 10
Spring recommendation: @(Rest)Controller, @Service, @Repository should be singletons

Classes annotated with @(Rest)Controller, @Service, @Repository should have a singleton scope

  • warning
  • java
  • web
  • framework specific
  • Spring Boot
  • Spring
  • quality
Spring Security: race condition: SecurityContextHolder.getContext.setAuthentication

It is important to create a new SecurityContext instance to avoid race conditions across multiple threads.

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
Suffix Matching: UseRegisteredSuffixPatternMatch set to false to prevent suffix pattern matching

Prevent suffix pattern matching by setting UseRegisteredSuffixPatternMatch to false

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Web
Suffix Matching: UseSuffixPatternMatch set to false to prevent suffix pattern matching

Prevent suffix pattern matching by setting UseSuffixPatternMatching to false

  • warning
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Web
TLS: Disabled Certificate validation

The verify method has been overridden, and always returns true

  • warning
  • java
  • security
  • web
  • TLS
  • OWASP Top 10
TLS: Weak Encryption: Insecure Version

Could lead to Data Exposure

  • error
  • java
  • security
  • web
  • TLS
  • OWASP Top 10
TLS: Weak Encryption: Outdated Version

Could lead to Data Exposure

  • warning
  • java
  • security
  • web
  • TLS
  • OWASP Top 10