Comment on page

Java Security Rules

Reshift Scans your custom Java code for security bugs, below are the security issues Reshift detects.

Security Issues
Severity
CWE
​OWASP Top 10​
PCI DSS
AWS Query Injection
Critical
943
A1
​
Code Execution
Critical 
94
A1
​
Command Injection
Critical
78
A1
6.5.1
JSP Include Injection
Critical
917
A1
​
JSP Spring Eval
Critical
95
A1
​
SQL Injection
Critical
89
A1
6.5.1
XML External Entity Injection
Critical
611
A4
6.5.1
Reflected Cross-site Scripting
High
79
A7
​
DOM Cross-site Scripting
High
79
A7
​
Insecure Deserialization
High
502
A8
​
LDAP Injection
High
90
A1
6.5.1
Padding Oracle
High
463
A3
​
Path Tampering
High
73
​
​
Sensitive Data Exposure
High
798
A3
6.5.1
Stored Cross-site Scripting
High
79
A7
​
Template Injection
High
​
A1
6.5.1
Cross Site Request Forgery
Moderate
352
​
​
Denial of Service
Moderate
834
​
​
Insecure Crypto
Moderate
327
A3
​
Hardcoded Key
Moderate
321
A3
​
Header Injection
Moderate
20
A1
6.5.1
HTTP Parameter Pollution
Moderate
88
​
​
HTTP Response Splitting
Moderate
443
​
​
Information Leakage
Moderate
1230
A3
6.5.1
Insecure Data Storage
Moderate
922
A3
6.5.1
Insecure Logging
Moderate
312
A10
6.5.1
Parameter Tampering
Moderate
843
A5
​
RegEx Denial of Service
Moderate
400
​
​
RSA No Padding
Moderate
780
A3
​
Server Side Request Forgery
Moderate
918
​
​
Timing Attacks
Moderate
208
​
​
Unvalidated Redirect
Moderate
601
​
​
Using ECB Mode
Moderate
​
A3
​
Weak Hashing
Moderate
916
A3
​
XPath Injection
Moderate
643
A1
6.5.1

Integrations - Previous

GitLab

Next - Analysis Engine

JavaScript Security Rules

Last modified 2yr ago

Security Issues	Severity	CWE	OWASP Top 10	PCI DSS
AWS Query Injection	Critical	943	A1
Code Execution	Critical	94	A1
Command Injection	Critical	78	A1	6.5.1
JSP Include Injection	Critical	917	A1
JSP Spring Eval	Critical	95	A1
SQL Injection	Critical	89	A1	6.5.1
XML External Entity Injection	Critical	611	A4	6.5.1
Reflected Cross-site Scripting	High	79	A7
DOM Cross-site Scripting	High	79	A7
Insecure Deserialization	High	502	A8
LDAP Injection	High	90	A1	6.5.1
Padding Oracle	High	463	A3
Path Tampering	High	73
Sensitive Data Exposure	High	798	A3	6.5.1
Stored Cross-site Scripting	High	79	A7
Template Injection	High		A1	6.5.1
Cross Site Request Forgery	Moderate	352
Denial of Service	Moderate	834
Insecure Crypto	Moderate	327	A3
Hardcoded Key	Moderate	321	A3
Header Injection	Moderate	20	A1	6.5.1
HTTP Parameter Pollution	Moderate	88
HTTP Response Splitting	Moderate	443
Information Leakage	Moderate	1230	A3	6.5.1
Insecure Data Storage	Moderate	922	A3	6.5.1
Insecure Logging	Moderate	312	A10	6.5.1
Parameter Tampering	Moderate	843	A5
RegEx Denial of Service	Moderate	400
RSA No Padding	Moderate	780	A3
Server Side Request Forgery	Moderate	918
Timing Attacks	Moderate	208
Unvalidated Redirect	Moderate	601
Using ECB Mode	Moderate		A3
Weak Hashing	Moderate	916	A3
XPath Injection	Moderate	643	A1	6.5.1