Java
(1) Use of Hardcoded Credentials
(798) Use of Hard-coded Credentials
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
(259) Use of Hard-coded Password
SANS/CWE Top 25
(2) Use of Password Hash With Insufficient Computational Effort
(916) Use of Password Hash With Insufficient Computational Effort
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
(3) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
(614) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(4) Hardcoded Secret
(547) Use of Hard-coded, Security-relevant Constants
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(5) Command Injection
(78) Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(6) Cross-site Scripting (XSS)
(79) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(7) Server-Side Request Forgery (SSRF)
(918) Server-Side Request Forgery (SSRF)
OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF)
SANS/CWE Top 25
(8) Open Redirect
(601) URL Redirection to Untrusted Site ('Open Redirect')
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
(9) Regular expression injection
(400) Uncontrolled Resource Consumption
(730)
(10) SQL Injection
(89) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(11) XML External Entity (XXE) Injection
(611) Improper Restriction of XML External Entity Reference
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
SANS/CWE Top 25
(12) Inadequate Encryption Strength
(326) Inadequate Encryption Strength
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
(13) Use of Insufficiently Random Values
(330) Use of Insufficiently Random Values
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
(14) Sensitive Cookie Without 'HttpOnly' Flag
(1004) Sensitive Cookie Without 'HttpOnly' Flag
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(15) Deserialization of Untrusted Data
(502) Deserialization of Untrusted Data
OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures
SANS/CWE Top 25
(16) Code Injection
(94) Improper Control of Generation of Code ('Code Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
(17) Information Exposure
(200) Exposure of Sensitive Information to an Unauthorized Actor
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
SANS/CWE Top 25
(18) Cleartext Storage of Sensitive Information in a Cookie
(315) Cleartext Storage of Sensitive Information in a Cookie
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(19) LDAP Injection
(90) Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
(20) Path Traversal
(23) Relative Path Traversal
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
(21) XPath Injection
(643) Improper Neutralization of Data within XPath Expressions ('XPath Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
(22) Improper Certificate Validation
(295) Improper Certificate Validation
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
(23) Improper Authentication
(287) Improper Authentication
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
SANS/CWE Top 25
(24) Use of a Broken or Risky Cryptographic Algorithm
(327) Use of a Broken or Risky Cryptographic Algorithm
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
(25) Use of Potentially Dangerous Function
(676) Use of Potentially Dangerous Function
(26) Use of Hardcoded, Security-relevant Constants
(547) Use of Hard-coded, Security-relevant Constants
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(27) JWT Signature Verification Bypass
(347) Improper Verification of Cryptographic Signature
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
(28) Cleartext Transmission of Sensitive Information
(319) Cleartext Transmission of Sensitive Information
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
(29) Improper Validation of Certificate with Host Mismatch
(297) Improper Validation of Certificate with Host Mismatch
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
(30) Insufficient Session Expiration
(613) Insufficient Session Expiration
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
(31) Origin Validation Error
(942) Permissive Cross-domain Policy with Untrusted Domains
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(346) Origin Validation Error
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
(32) Cross-Site Request Forgery (CSRF)
(352) Cross-Site Request Forgery (CSRF)
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
SANS/CWE Top 25
(33) Disabled Neutralization of CRLF Sequences in HTTP Headers
(113) Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
OWASP Top Ten 2021 Category A03:2021 - Injection
(34) JavaScript Enabled
(79) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(35) File Access Enabled
(200) Exposure of Sensitive Information to an Unauthorized Actor
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
SANS/CWE Top 25
(36) Android Fragment Injection
(470) Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
OWASP Top Ten 2021 Category A03:2021 - Injection
(37) Spring Cross-Site Request Forgery (CSRF)
(352) Cross-Site Request Forgery (CSRF)
OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
SANS/CWE Top 25
(38) Struts Development Mode Enabled
(489) Active Debug Code
(39) Android Debug Mode Enabled
(489) Active Debug Code
(40) Process Control
(114) Process Control
(41) Use of Externally-Controlled Format String
(134) Use of Externally-Controlled Format String
(42) External Control of System or Configuration Setting
(15) External Control of System or Configuration Setting
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
(43) Server Information Exposure
(209) Generation of Error Message Containing Sensitive Information
OWASP Top Ten 2021 Category A04:2021 - Insecure Design
(44) Improper Neutralization of CRLF Sequences in HTTP Headers
(113) Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
OWASP Top Ten 2021 Category A03:2021 - Injection
(45) Trust Boundary Violation
(501) Trust Boundary Violation
OWASP Top Ten 2021 Category A04:2021 - Insecure Design
(46) Android Intent Forwarding
(940) Improper Verification of Source of a Communication Channel
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
(47) Unauthorized File Access
(79) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OWASP Top Ten 2021 Category A03:2021 - Injection
SANS/CWE Top 25
(48) Code Execution via Third Party Package Context
(94) Improper Control of Generation of Code ('Code Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
(49) Android Uri Permission Manipulation
(266) Incorrect Privilege Assignment
OWASP Top Ten 2021 Category A04:2021 - Insecure Design
(50) Java Naming and Directory Interface (JNDI) Injection
(74) Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
OWASP Top Ten 2021 Category A03:2021 - Injection
(51) Code Execution via Third Party Package Installation
(940) Improper Verification of Source of a Communication Channel
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
Last updated
Was this helpful?