Explore

Filters (0) Clear filters
Languages
Level
Tags

76-100 of 219

View details
Injection: XXE: Jaxb2Marshaller#setProcessExternalEntities set to true

Prevent XXE by disabling the processing of external entities

  • error
  • java
  • Spring
  • security
  • XXE
  • framework specific
  • Spring XML
  • OWASP Top 10
View details
Injection: XXE: Jaxb2Marshaller#setSupportDtd set to true

Prevent XXE by disabling DTDs

  • error
  • java
  • Spring
  • security
  • XXE
  • framework specific
  • Spring XML
  • OWASP Top 10
View details
Injection: XXE: Jaxb2RootElementHttpMessageConverter#setProcessExternalEntities set to true

Prevent XXE by disabling the processing of External Entities

  • error
  • java
  • Spring
  • security
  • XXE
  • framework specific
  • Spring XML
  • OWASP Top 10
View details
Injection: XXE: Jaxb2RootElementHttpMessageConverter#setSupportDtd set to true

Prevent XXE by disabling DTDs

  • error
  • java
  • Spring
  • security
  • XXE
  • framework specific
  • Spring XML
  • OWASP Top 10
View details
Injection: XXE: SourceHttpMessageConverter#setProcessExternalEntities set to true

Prevent XXE by disabling the processing of External Entities

  • error
  • java
  • Spring
  • security
  • XXE
  • framework specific
  • Spring XML
  • OWASP Top 10
View details
Injection: XXE: SourceHttpMessageConverter#setSupportDtd set to true

Prevent XXE by disabling DTDs

  • error
  • java
  • Spring
  • security
  • XXE
  • framework specific
  • Spring XML
  • OWASP Top 10
View details
Input Validation: Avoid Expression Language Injection: Do not evaluate expressions controlled by user input (javax)

Could lead to Expression Language Injection

  • error
  • java
  • expression language
  • security
  • injection
  • OWASP Top 10
View details
Input Validation: Avoid JDBC Injection: Bind variables in prepared statements: single parameter

Could lead to JDBC Injection

  • error
  • java
  • Spring
  • security
  • Spring Data
  • framework specific
  • injection
  • SQL
  • OWASP Top 10
View details
Input Validation: Avoid JDBC Injection: Bind variables in prepared statements: Two parameters

Could lead to JDBC Injection

  • error
  • java
  • Spring
  • security
  • Spring Data
  • framework specific
  • injection
  • SQL
  • OWASP Top 10
View details
Input Validation: Avoid Spring Expression Language Injection: Do not evaluate expressions controlled by user input (ExpressionParser)

Could lead to Spring Expression Language Injection

  • error
  • java
  • expression language
  • Spring
  • Spring Core
  • security
  • framework specific
  • injection
  • OWASP Top 10
View details
Input Validation: Avoid XXE: Use automatically protected source types

Could lead to XXE

  • error
  • java
  • Spring
  • security
  • XXE
  • framework specific
  • Spring XML
  • OWASP Top 10
View details
Insecure Data Storage: Store Sensitive Data in a Private Location (FileOutputStream constructor) in Activity

Do not store sensitive data in a public location

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android
View details
Insecure Data Storage: Store Sensitive Data in a Private Location (FileOutputStream constructor) in Fragment

Do not store sensitive data in a public location

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android
View details
Insecure Data Storage: Use SQLCipher Database (all other methods)

SQLite Databases are an insecure means of storage

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android
  • SQL
  • Android security set
View details
Insecure Data Storage: Use SQLCipher Database (creation)

SQLite Databases are an insecure means of storage

  • warning
  • java
  • security
  • framework specific
  • mobile
  • Android
  • SQL
  • Android security set
View details
Manifest Best Practices: Activity: launch mode should not be set

Launch mode should not be set for private activities

  • warning
  • xml
  • security
  • framework specific
  • mobile
  • Android
View details
Manifest Best Practices: Activity: task affinity should not be set

Task affinity should not be set for private activities

  • warning
  • xml
  • security
  • framework specific
  • mobile
  • Android
View details
Manifest best practices: Disable Backups

Enabling backups could lead to undesired manipulation

  • error
  • xml
  • security
  • framework specific
  • mobile
  • Android
View details
Manifest best practices: disable cleartext traffic

When android:usesCleartextTraffic="true" is set the application will allow clear text traffic which could lead to data leakage

  • error
  • xml
  • security
  • framework specific
  • mobile
  • Android
View details
Manifest best practices: explicit exported components

When android:exported is set to true any application will be able to call this component.

  • error
  • xml
  • security
  • framework specific
  • mobile
  • Android
View details
MongoDB: _id NoSQL Injection

Do not use string concatenation in where filters

  • error
  • java
  • security
  • NoSQL
  • framework specific
  • MongoDB
  • injection
  • OWASP Top 10
View details
Portability Flaw: Avoid locale dependent comparisons: equals after case conversion

This comparison is sensitive to the system's locale. Ignore the case or add a locale.

  • warning
  • java
  • security
  • Java basic
  • quality
  • SEI CERT
View details
Prevent CRLF injection in SLF4J

Encode untrustated data to prevent the log files from CRLF injections

  • marked_information
  • java
  • security
  • SLF4J
  • framework specific
  • logging
  • injection
View details
Prevent CRLF injection in SLF4J using the Logstash Logback Encoder

Encode untrustated data to prevent the log files from CRLF injections

  • marked_information
  • java
  • security
  • SLF4J
  • framework specific
  • logging
  • injection
View details
Protect against Session Fixation attacks

Spring Security's default protection against Session Fixation is disabled, which means an attacker could hijack a valid user session

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web