Product Documentation
Product Documentation
Welcome To Reshift
Getting Started
Scan Your First Project
Signing Up Using GitHub
Signing Up Using Bitbucket
Signing Up Using GitLab
Scanning Maven Projects
Scanning Gradle Projects
Granting Reshift GitHub Organization Access After Signing up
Setting Projects Up Using NPM
Integrations
GitHub Actions [JavaScript]
GitHub Actions [Java]
Circle CI
Jenkins
GitLab
Analysis Engine
Java Security Rules
JavaScript Security Rules
Product Features
Security Gates
Code Review Workflow
Autofix
IDE plugins
IntelliJ IDE
Reshift Security Model
Source Code Security in Reshift
User Authentication Mode in Reshift
Report Bundles and Call Graphs
User Data Flow
Common Questions and Answers
How do you ensure Reshift's own security?
How do I know my code is secure?
Why do you need access to my source code?
What permissions does reshift gain access to?
Can I try reshift without giving access to my source code?
Why do I need to sign up with GitHub, Bitbucket, or Gitlab?
Powered by GitBook

Java Security Rules

Reshift Scans your custom Java code for security bugs, below are the security issues Reshift detects.

Security Issues

Severity

CWE

​OWASP Top 10​

AWS Query Injection

​

​

A1

Code Execution

​

​

A1

Command Injection

​

​

A1

Reflected Cross-site Scripting

​

​

A7

DOM Cross-site Scripting

​

​

A7

Stored Cross-site Scripting

​

​

A7

Cross Site Request Forgery

​

​

​

Denial of Service

​

​

​

Insecure Crypto

​

​

A3

Template Injection

​

​

A1

Hardcoded Key

​

​

A3

Header Injection

​

​

A1

HTTP Parameter Pollution

​

​

​

HTTP Response Splitting

​

​

​

Information Leakage

​

​

A3

Insecure Data Storage

​

​

A3

Insecure Deserialization

​

​

A8

Insecure Logging

​

​

A10

LDAP Injection

​90​

​

A1

JSP Include Injection

​

​

A1

JSP Spring Eval

​

​

A1

Padding Oracle

​

​

A3

Parameter Tampering

​

​

A5

Path Tampering

​

​

​

RegEx Denial of Service

​

​

​

RSA No Padding

​

​

A3

Sensitive Data Exposure

​

​

A3

SQL Injection

​89​

​

A1

Server Side Request Forgery

​

​

​

Timing Attacks

​

​

​

Unvalidated Redirect

​

​

​

Using ECB Mode

​

​

A3

Weak Hashing

​

​

A3

XPath Injection

​

​

A1

XML External Entity Injection

​

​

A4

Integrations - Previous
GitLab
Next - Analysis Engine
JavaScript Security Rules
Last updated 1 month ago