Explore
76-100 of 219
Injection: XXE: Jaxb2Marshaller#setProcessExternalEntities set to true
Prevent XXE by disabling the processing of external entities
- error
- java
- Spring
- security
- XXE
- framework specific
- Spring XML
- OWASP Top 10
Injection: XXE: Jaxb2Marshaller#setSupportDtd set to true
Prevent XXE by disabling DTDs
- error
- java
- Spring
- security
- XXE
- framework specific
- Spring XML
- OWASP Top 10
Injection: XXE: Jaxb2RootElementHttpMessageConverter#setProcessExternalEntities set to true
Prevent XXE by disabling the processing of External Entities
- error
- java
- Spring
- security
- XXE
- framework specific
- Spring XML
- OWASP Top 10
Injection: XXE: Jaxb2RootElementHttpMessageConverter#setSupportDtd set to true
Prevent XXE by disabling DTDs
- error
- java
- Spring
- security
- XXE
- framework specific
- Spring XML
- OWASP Top 10
Injection: XXE: SourceHttpMessageConverter#setProcessExternalEntities set to true
Prevent XXE by disabling the processing of External Entities
- error
- java
- Spring
- security
- XXE
- framework specific
- Spring XML
- OWASP Top 10
Injection: XXE: SourceHttpMessageConverter#setSupportDtd set to true
Prevent XXE by disabling DTDs
- error
- java
- Spring
- security
- XXE
- framework specific
- Spring XML
- OWASP Top 10
Input Validation: Avoid Expression Language Injection: Do not evaluate expressions controlled by user input (javax)
Could lead to Expression Language Injection
- error
- java
- expression language
- security
- injection
- OWASP Top 10
Input Validation: Avoid JDBC Injection: Bind variables in prepared statements: single parameter
Could lead to JDBC Injection
- error
- java
- Spring
- security
- Spring Data
- framework specific
- injection
- SQL
- OWASP Top 10
Input Validation: Avoid JDBC Injection: Bind variables in prepared statements: Two parameters
Could lead to JDBC Injection
- error
- java
- Spring
- security
- Spring Data
- framework specific
- injection
- SQL
- OWASP Top 10
Input Validation: Avoid Spring Expression Language Injection: Do not evaluate expressions controlled by user input (ExpressionParser)
Could lead to Spring Expression Language Injection
- error
- java
- expression language
- Spring
- Spring Core
- security
- framework specific
- injection
- OWASP Top 10
Input Validation: Avoid XXE: Use automatically protected source types
Could lead to XXE
- error
- java
- Spring
- security
- XXE
- framework specific
- Spring XML
- OWASP Top 10
Insecure Data Storage: Store Sensitive Data in a Private Location (FileOutputStream constructor) in Activity
Do not store sensitive data in a public location
- warning
- java
- security
- framework specific
- mobile
- Android
Insecure Data Storage: Store Sensitive Data in a Private Location (FileOutputStream constructor) in Fragment
Do not store sensitive data in a public location
- warning
- java
- security
- framework specific
- mobile
- Android
Insecure Data Storage: Use SQLCipher Database (all other methods)
SQLite Databases are an insecure means of storage
- warning
- java
- security
- framework specific
- mobile
- Android
- SQL
- Android security set
Insecure Data Storage: Use SQLCipher Database (creation)
SQLite Databases are an insecure means of storage
- warning
- java
- security
- framework specific
- mobile
- Android
- SQL
- Android security set
Manifest Best Practices: Activity: launch mode should not be set
Launch mode should not be set for private activities
- warning
- xml
- security
- framework specific
- mobile
- Android
Manifest Best Practices: Activity: task affinity should not be set
Task affinity should not be set for private activities
- warning
- xml
- security
- framework specific
- mobile
- Android
Manifest best practices: Disable Backups
Enabling backups could lead to undesired manipulation
- error
- xml
- security
- framework specific
- mobile
- Android
Manifest best practices: disable cleartext traffic
When android:usesCleartextTraffic="true" is set the application will allow clear text traffic which could lead to data leakage
- error
- xml
- security
- framework specific
- mobile
- Android
Manifest best practices: explicit exported components
When android:exported is set to true any application will be able to call this component.
- error
- xml
- security
- framework specific
- mobile
- Android
MongoDB: _id NoSQL Injection
Do not use string concatenation in where filters
- error
- java
- security
- NoSQL
- framework specific
- MongoDB
- injection
- OWASP Top 10
Portability Flaw: Avoid locale dependent comparisons: equals after case conversion
This comparison is sensitive to the system's locale. Ignore the case or add a locale.
- warning
- java
- security
- Java basic
- quality
- SEI CERT
Prevent CRLF injection in SLF4J
Encode untrustated data to prevent the log files from CRLF injections
- marked_information
- java
- security
- SLF4J
- framework specific
- logging
- injection
Prevent CRLF injection in SLF4J using the Logstash Logback Encoder
Encode untrustated data to prevent the log files from CRLF injections
- marked_information
- java
- security
- SLF4J
- framework specific
- logging
- injection
Protect against Session Fixation attacks
Spring Security's default protection against Session Fixation is disabled, which means an attacker could hijack a valid user session
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web