Java Security Rules
Reshift Scans your custom Java code for security bugs, below are the security issues Reshift detects.
Security Issues | Severity | CWE | PCI DSS | |
AWS Query Injection | Critical | 943 | A1 | |
Code Execution | Critical | 94 | A1 | |
Command Injection | Critical | 78 | A1 | 6.5.1 |
JSP Include Injection | Critical | 917 | A1 | |
JSP Spring Eval | Critical | 95 | A1 | |
SQL Injection | Critical | 89 | A1 | 6.5.1 |
XML External Entity Injection | Critical | 611 | A4 | 6.5.1 |
Reflected Cross-site Scripting | High | 79 | A7 | |
DOM Cross-site Scripting | High | 79 | A7 | |
Insecure Deserialization | High | 502 | A8 | |
LDAP Injection | High | 90 | A1 | 6.5.1 |
Padding Oracle | High | 463 | A3 | |
Path Tampering | High | 73 | | |
Sensitive Data Exposure | High | 798 | A3 | 6.5.1 |
Stored Cross-site Scripting | High | 79 | A7 | |
Template Injection | High | | A1 | 6.5.1 |
Cross Site Request Forgery | Moderate | 352 | | |
Denial of Service | Moderate | 834 | | |
Insecure Crypto | Moderate | 327 | A3 | |
Hardcoded Key | Moderate | 321 | A3 | |
Header Injection | Moderate | 20 | A1 | 6.5.1 |
HTTP Parameter Pollution | Moderate | 88 | | |
HTTP Response Splitting | Moderate | 443 | | |
Information Leakage | Moderate | 1230 | A3 | 6.5.1 |
Insecure Data Storage | Moderate | 922 | A3 | 6.5.1 |
Insecure Logging | Moderate | 312 | A10 | 6.5.1 |
Parameter Tampering | Moderate | 843 | A5 | |
RegEx Denial of Service | Moderate | 400 | | |
RSA No Padding | Moderate | 780 | A3 | |
Server Side Request Forgery | Moderate | 918 | | |
Timing Attacks | Moderate | 208 | | |
Unvalidated Redirect | Moderate | 601 | | |
Using ECB Mode | Moderate | | A3 | |
Weak Hashing | Moderate | 916 | A3 | |
XPath Injection | Moderate | 643 | A1 | 6.5.1 |
Last modified 2yr ago