Java Security Rules

Reshift Scans your custom Java code for security bugs, below are the security issues Reshift detects.

Security Issues

Severity

CWE

​OWASP Top 10​

AWS Query Injection

​

​

A1

Code Execution

​

​

A1

Command Injection

​

​

A1

Reflected Cross-site Scripting

​

​

A7

DOM Cross-site Scripting

​

​

A7

Stored Cross-site Scripting

​

​

A7

Cross Site Request Forgery

​

​

​

Denial of Service

​

​

​

Insecure Crypto

​

​

A3

Template Injection

​

​

A1

Hardcoded Key

​

​

A3

Header Injection

​

​

A1

HTTP Parameter Pollution

​

​

​

HTTP Response Splitting

​

​

​

Information Leakage

​

​

A3

Insecure Data Storage

​

​

A3

Insecure Deserialization

​

​

A8

Insecure Logging

​

​

A10

LDAP Injection

​90​

​

A1

JSP Include Injection

​

​

A1

JSP Spring Eval

​

​

A1

Padding Oracle

​

​

A3

Parameter Tampering

​

​

A5

Path Tampering

​

​

​

RegEx Denial of Service

​

​

​

RSA No Padding

​

​

A3

Sensitive Data Exposure

​

​

A3

SQL Injection

​89​

​

A1

Server Side Request Forgery

​

​

​

Timing Attacks

​

​

​

Unvalidated Redirect

​

​

​

Using ECB Mode

​

​

A3

Weak Hashing

​

​

A3

XPath Injection

​

​

A1

XML External Entity Injection

​

​

A4