Explore

Filters (0) Clear filters
Languages
Level
Tags

1-10 of 10

Configuration - User Interface: Avoid Tapjacking: Add filterTouchesWhenObscured

Not setting filterTouchesWhenObscured to true allows adversaries to hijack users' taps.

  • warning
  • xml
  • security
  • framework specific
  • mobile
  • Android
Configuration - User Interface: Avoid Tapjacking: Enable filterTouchesWhenObscured

Setting filterTouchesWhenObscured to false allows adversaries to hijack users' taps.

  • warning
  • xml
  • security
  • mobile
  • framework specific
  • Android
Hibernate: Missing transport-level security: No SSL for database connection

Use transport level security to connect to the database

  • warning
  • xml
  • database
  • security
  • Hibernate
  • framework specific
  • OWASP Top 10
  • TLS
Manifest Best Practices: Activity: launch mode should not be set

Launch mode should not be set for private activities

  • warning
  • xml
  • security
  • framework specific
  • mobile
  • Android
Manifest Best Practices: Activity: task affinity should not be set

Task affinity should not be set for private activities

  • warning
  • xml
  • security
  • framework specific
  • mobile
  • Android
Manifest best practices: Disable Backups

Enabling backups could lead to undesired manipulation

  • error
  • xml
  • security
  • framework specific
  • mobile
  • Android
Manifest best practices: disable cleartext traffic

When android:usesCleartextTraffic="true" is set the application will allow clear text traffic which could lead to data leakage

  • error
  • xml
  • security
  • framework specific
  • mobile
  • Android
Manifest best practices: explicit exported components

When android:exported is set to true any application will be able to call this component.

  • error
  • xml
  • security
  • framework specific
  • mobile
  • Android
Vulnerable Log4j dependency - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105

Vulnerable Log4j dependency - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105

  • error
  • xml
  • Apache Maven
  • Log4j
  • OWASP Top 10
  • SLF4J
  • basic protection set
  • framework specific
  • injection
  • logging
  • security
Vulnerable Log4j version property - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105

Vulnerable Log4j version property - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105

  • error
  • xml
  • Apache Maven
  • Log4j
  • OWASP Top 10
  • SLF4J
  • basic protection set
  • framework specific
  • injection
  • logging
  • security