Explore
51-75 of 79
Session configuration: Cookies: Configure HttpOnly flag
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- security
- web
- Apache Shiro
- OWASP Top 10
Session configuration: Cookies: Configure HttpOnly flag
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Boot
- OWASP Top 10
Session configuration: Cookies: Configure Secure flag
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- security
- web
- OWASP Top 10
Session configuration: Cookies: Configure Secure flag
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Web
- OWASP Top 10
Session configuration: Cookies: Configure Secure flag
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- security
- web
- Apache Shiro
- OWASP Top 10
Session configuration: Cookies: Configure Secure flag
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Boot
- OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Boot
- OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- security
- web
- OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- security
- web
- Apache Shiro
- OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Web
- OWASP Top 10
Session configuration: Cookies: Set Secure flag to true
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- security
- web
- Apache Shiro
- OWASP Top 10
Session configuration: Cookies: Set Secure flag to true
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- security
- web
- OWASP Top 10
Session configuration: Cookies: Set Secure flag to true
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Boot
- OWASP Top 10
Session configuration: Cookies: Set Secure flag to true
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Web
- OWASP Top 10
Session configuration: HttpCookie: Configure HttpOnly flag
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- security
- web
- OWASP Top 10
Session Configuration: Invalidate the HttpSession after logout
Delete all sessions after logout
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web
Session management: Avoid CSRF: Use narrow mapping for state-changing methods
Non-specified RequestMapping method will map to any HTTP request
- error
- java
- Spring
- security
- framework specific
- web
- Spring Web
- CSRF
Should use requiresSecure
Use of HTTP instead of HTTPS is insecure
- error
- java
- Spring
- security
- framework specific
- web
- Spring Security
- OWASP Top 10
Spring recommendation: @(Rest)Controller, @Service, @Repository should be singletons
Classes annotated with @(Rest)Controller, @Service, @Repository should have a singleton scope
- warning
- java
- web
- framework specific
- Spring Boot
- Spring
- quality
Spring Security: race condition: SecurityContextHolder.getContext.setAuthentication
It is important to create a new SecurityContext instance to avoid race conditions across multiple threads.
- error
- java
- Spring
- security
- framework specific
- web
- Spring Security
Suffix Matching: UseRegisteredSuffixPatternMatch set to false to prevent suffix pattern matching
Prevent suffix pattern matching by setting UseRegisteredSuffixPatternMatch to false
- warning
- java
- Spring
- security
- framework specific
- web
- Spring Web
Suffix Matching: UseSuffixPatternMatch set to false to prevent suffix pattern matching
Prevent suffix pattern matching by setting UseSuffixPatternMatching to false
- warning
- java
- Spring
- security
- framework specific
- web
- Spring Web
TLS: Disabled Certificate validation
The verify method has been overridden, and always returns true
- warning
- java
- security
- web
- TLS
- OWASP Top 10
TLS: Weak Encryption: Insecure Version
Could lead to Data Exposure
- error
- java
- security
- web
- TLS
- OWASP Top 10
TLS: Weak Encryption: Outdated Version
Could lead to Data Exposure
- warning
- java
- security
- web
- TLS
- OWASP Top 10