Java Security Rules

Reshift Scans your custom Java code for security bugs, below are the security issues Reshift detects.

Security Issues

Severity

CWE

OWASP Top 10

PCI DSS

AWS Query Injection

Critical

943

A1

Code Execution

Critical

94

A1

Command Injection

Critical

78

A1

6.5.1

JSP Include Injection

Critical

917

A1

JSP Spring Eval

Critical

95

A1

SQL Injection

Critical

89

A1

6.5.1

XML External Entity Injection

Critical

611

A4

6.5.1

Reflected Cross-site Scripting

High

79

A7

DOM Cross-site Scripting

High

79

A7

Insecure Deserialization

High

502

A8

LDAP Injection

High

90

A1

6.5.1

Padding Oracle

High

463

A3

Path Tampering

High

73

Sensitive Data Exposure

High

798

A3

6.5.1

Stored Cross-site Scripting

High

79

A7

Template Injection

High

A1

6.5.1

Cross Site Request Forgery

Moderate

352

Denial of Service

Moderate

834

Insecure Crypto

Moderate

327

A3

Hardcoded Key

Moderate

321

A3

Header Injection

Moderate

20

A1

6.5.1

HTTP Parameter Pollution

Moderate

88

HTTP Response Splitting

Moderate

443

Information Leakage

Moderate

1230

A3

6.5.1

Insecure Data Storage

Moderate

922

A3

6.5.1

Insecure Logging

Moderate

312

A10

6.5.1

Parameter Tampering

Moderate

843

A5

RegEx Denial of Service

Moderate

400

RSA No Padding

Moderate

780

A3

Server Side Request Forgery

Moderate

918

Timing Attacks

Moderate

208

Unvalidated Redirect

Moderate

601

Using ECB Mode

Moderate

A3

Weak Hashing

Moderate

916

A3

XPath Injection

Moderate

643

A1

6.5.1