Explore
151-175 of 219
Session configuration: Cookies: Set HttpOnly flag to true
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Web
- OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Boot
- OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- security
- web
- OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- security
- web
- Apache Shiro
- OWASP Top 10
Session configuration: Cookies: Set Secure flag to true
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Boot
- OWASP Top 10
Session configuration: Cookies: Set Secure flag to true
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- security
- web
- Apache Shiro
- OWASP Top 10
Session configuration: Cookies: Set Secure flag to true
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- security
- web
- OWASP Top 10
Session configuration: Cookies: Set Secure flag to true
Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true
- error
- java
- Spring
- security
- framework specific
- web
- Spring Web
- OWASP Top 10
Session configuration: HttpCookie: Configure HttpOnly flag
Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true
- error
- java
- security
- web
- OWASP Top 10
Session Configuration: Invalidate the HttpSession after logout
Delete all sessions after logout
- warning
- java
- Spring
- security
- framework specific
- Spring Security
- web
Session management: Avoid CSRF: Use narrow mapping for state-changing methods
Non-specified RequestMapping method will map to any HTTP request
- error
- java
- Spring
- security
- framework specific
- web
- Spring Web
- CSRF
Should use requiresSecure
Use of HTTP instead of HTTPS is insecure
- error
- java
- Spring
- security
- framework specific
- web
- Spring Security
- OWASP Top 10
SLF4J Logging: enforce usage of placeholders in the messages
Do not concatenate untrusted data in the message string, instead use placeholders ( '{}' )
- marked_information
- java
- security
- logging
- injection
- OWASP Top 10
- SLF4J
- framework specific
SLF4J Logging: Print Exceptions using SLF4J instead
Standardise on SLF4J by replacing this call
- marked_information
- java
- security
- SLF4J
- framework specific
- logging
Spring Data Neo4jClient#query is vulnerable to injections
Spring Data Neo4jClient#query is vulnerable to injections
- error
- java
- security
- Neo4j
- framework specific
- OWASP Top 10
- injection
- Spring Data
Spring Security: race condition: SecurityContextHolder.getContext.setAuthentication
It is important to create a new SecurityContext instance to avoid race conditions across multiple threads.
- error
- java
- Spring
- security
- framework specific
- web
- Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices
DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating
- info
- java
- Spring
- security
- framework specific
- Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices (BCrypt)
DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating
- info
- java
- Spring
- security
- framework specific
- Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices (Bean)
DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating
- info
- java
- kotlin
- Spring
- security
- framework specific
- Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices (Bean - BCrypt)
DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating
- info
- java
- kotlin
- Spring
- security
- framework specific
- Spring Security
SQL Injection: SQLiteDatabase#execSQL
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteDatabase#query - 1st parameter
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteDatabase#query - 2nd parameter
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteDatabase#query - 3rd parameter
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteDatabase#query - 5th parameter
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10