Explore
176-200 of 219
SQL Injection: SQLiteQueryBuilder appendWhere
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteQueryBuilder#buildQuery
This method is vulnerable to SQL injection. Consider writing the query instead of relying on builders.
- error
- java
- security
- framework specific
- mobile
- injection
- SQL
- Android
- OWASP Top 10
SQL Injection: SQLiteQueryBuilder compileStatement
This query could lead to SQL injection
- error
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- OWASP Top 10
SQL Injection: SQLiteQueryBuilder compileStatement Compliant
SQL Injection: SQLiteQueryBuilder compileStatement - Compliant
- compliant
- java
- security
- framework specific
- mobile
- injection
- Android
- SQL
- Android security set
- OWASP Top 10
Storage best practices: deprecated operating mode
This operating mode has been deprecated
- warning
- java
- security
- framework specific
- mobile
- Android
Storage best practices: insecure operating mode
When using this value other applications will have access to your application's data
- error
- java
- security
- framework specific
- mobile
- Android
- Android security set
Strings: Regex Use: Escape Regex Special Character for Any Char Matching
First argument is a regular expression, matching with dot might have unintended behaviour.
- error
- java
- security
- Java basic
Suffix Matching: UseRegisteredSuffixPatternMatch set to false to prevent suffix pattern matching
Prevent suffix pattern matching by setting UseRegisteredSuffixPatternMatch to false
- warning
- java
- Spring
- security
- framework specific
- web
- Spring Web
Suffix Matching: UseSuffixPatternMatch set to false to prevent suffix pattern matching
Prevent suffix pattern matching by setting UseSuffixPatternMatching to false
- warning
- java
- Spring
- security
- framework specific
- web
- Spring Web
TLS: Disabled Certificate validation
The verify method has been overridden, and always returns true
- warning
- java
- security
- web
- TLS
- OWASP Top 10
TLS: Weak Encryption: Insecure Version
Could lead to Data Exposure
- error
- java
- security
- web
- TLS
- OWASP Top 10
TLS: Weak Encryption: Outdated Version
Could lead to Data Exposure
- warning
- java
- security
- web
- TLS
- OWASP Top 10
Untrusted input in logging
Prevent log injection by filtering untrusted input
- info
- java
- security
- OWASP Top 10
- framework specific
- logging
- Logger
- injection
URLClassloader: Call super when overriding getPermissions
Custom permissions should be based on those of the super class using super.getPermissions
- warning
- java
- security
- Java basic
- SEI CERT
Use .delux() for a 'stronger' password-based encryption
Encryptors.delux() uses a 'stronger' password-based encryption
- warning
- java
- Spring
- security
- framework specific
- Spring Security
Use SecureRandom instead of Random
Using Random can lead to predictable randomness
- error
- java
- security
- SEI CERT
Use SSLSocket instead of Socket/ServerSocket
Use SSLSocket instead of Socket/ServerSocket
- warning
- java
- security
- web
- SEI CERT
Use .stronger() for a more secure alternative
Encryptors.stronger() is more secure than Encryptors.standard()
- warning
- java
- Spring
- security
- framework specific
- Spring Security
Validate Zip Entries
Ensure the zip entry is validated for nesting depth and size
- warning
- java
- security
- Java basic
Vulnerable Log4j dependency - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105
Vulnerable Log4j dependency - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105
- error
- xml
- Apache Maven
- Log4j
- OWASP Top 10
- SLF4J
- basic protection set
- framework specific
- injection
- logging
- security
Vulnerable Log4j version - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105
Vulnerable Log4j version - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105
- error
- java
- kotlin
- Log4j
- OWASP Top 10
- SLF4J
- basic protection set
- framework specific
- injection
- logging
- security
Vulnerable Log4j version property - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105
Vulnerable Log4j version property - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105
- error
- xml
- Apache Maven
- Log4j
- OWASP Top 10
- SLF4J
- basic protection set
- framework specific
- injection
- logging
- security
WebView Best Practices: Check URL to White List
Consider allowlist validation for URLs passed to this method
- error
- java
- security
- mobile
- framework specific
- Android
WebView Best Practices: Disable File Access (constructor)
Enabling file access in the webview could lead to misuse
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set
WebView Best Practices: Disable File Access (setter)
Enabling file access in the webview could lead to misuse
- error
- java
- security
- framework specific
- Android
- mobile
- Android security set