Explore

Filters (0) Clear filters
Languages
Level
Tags

151-175 of 219

Session configuration: Cookies: Set HttpOnly flag to true

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Web
  • OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Boot
  • OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • security
  • web
  • OWASP Top 10
Session configuration: Cookies: Set HttpOnly flag to true

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • security
  • web
  • Apache Shiro
  • OWASP Top 10
Session configuration: Cookies: Set Secure flag to true

Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Boot
  • OWASP Top 10
Session configuration: Cookies: Set Secure flag to true

Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true

  • error
  • java
  • security
  • web
  • Apache Shiro
  • OWASP Top 10
Session configuration: Cookies: Set Secure flag to true

Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true

  • error
  • java
  • security
  • web
  • OWASP Top 10
Session configuration: Cookies: Set Secure flag to true

Prevent a cookie being sent over unencrypted HTTP by setting the Secure flag to true

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Web
  • OWASP Top 10
Session configuration: HttpCookie: Configure HttpOnly flag

Prevent client-side scripts from accessing the cookie by setting the HttpOnly flag to true

  • error
  • java
  • security
  • web
  • OWASP Top 10
Session Configuration: Invalidate the HttpSession after logout

Delete all sessions after logout

  • warning
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
  • web
Session management: Avoid CSRF: Use narrow mapping for state-changing methods

Non-specified RequestMapping method will map to any HTTP request

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Web
  • CSRF
Should use requiresSecure

Use of HTTP instead of HTTPS is insecure

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
  • OWASP Top 10
SLF4J Logging: enforce usage of placeholders in the messages

Do not concatenate untrusted data in the message string, instead use placeholders ( '{}' )

  • marked_information
  • java
  • security
  • logging
  • injection
  • OWASP Top 10
  • SLF4J
  • framework specific
SLF4J Logging: Print Exceptions using SLF4J instead

Standardise on SLF4J by replacing this call

  • marked_information
  • java
  • security
  • SLF4J
  • framework specific
  • logging
Spring Data Neo4jClient#query is vulnerable to injections

Spring Data Neo4jClient#query is vulnerable to injections

  • error
  • java
  • security
  • Neo4j
  • framework specific
  • OWASP Top 10
  • injection
  • Spring Data
Spring Security: race condition: SecurityContextHolder.getContext.setAuthentication

It is important to create a new SecurityContext instance to avoid race conditions across multiple threads.

  • error
  • java
  • Spring
  • security
  • framework specific
  • web
  • Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices

DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating

  • info
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices (BCrypt)

DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating

  • info
  • java
  • Spring
  • security
  • framework specific
  • Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices (Bean)

DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating

  • info
  • java
  • kotlin
  • Spring
  • security
  • framework specific
  • Spring Security
Spring Security recommends DelegatingPasswordEncoder for best practices (Bean - BCrypt)

DelegatingPasswordEncoder allows more flexibility when using several encoders, for code changes, and for migrating

  • info
  • java
  • kotlin
  • Spring
  • security
  • framework specific
  • Spring Security
SQL Injection: SQLiteDatabase#execSQL

This query could lead to SQL injection

  • error
  • java
  • security
  • framework specific
  • mobile
  • injection
  • Android
  • SQL
  • OWASP Top 10
SQL Injection: SQLiteDatabase#query - 1st parameter

This query could lead to SQL injection

  • error
  • java
  • security
  • framework specific
  • mobile
  • injection
  • Android
  • SQL
  • OWASP Top 10
SQL Injection: SQLiteDatabase#query - 2nd parameter

This query could lead to SQL injection

  • error
  • java
  • security
  • framework specific
  • mobile
  • injection
  • Android
  • SQL
  • OWASP Top 10
SQL Injection: SQLiteDatabase#query - 3rd parameter

This query could lead to SQL injection

  • error
  • java
  • security
  • framework specific
  • mobile
  • injection
  • Android
  • SQL
  • OWASP Top 10
SQL Injection: SQLiteDatabase#query - 5th parameter

This query could lead to SQL injection

  • error
  • java
  • security
  • framework specific
  • mobile
  • injection
  • Android
  • SQL
  • OWASP Top 10