Security detectors
Insecure cookies can lead to unencrypted transmission of sensitive data.
Sensitive cookie without 'HttpOnly' flag
Improper authentication from insufficient identity verification.
Insufficient key sizes can lead to brute force attacks.
Insufficiently random generators (or hardcoded seeds) can make pseudorandom sequences predictable.
Creating file paths from untrusted input might give a malicious actor access to sensitive files.
Relying on potentially untrusted user inputs when constructing web application outputs can lead to cross-site scripting vulnerabilities.
GCM Cipher with reused initialization vector is detected.
Code injection occurs when an application executes untrusted code from an attacker.
Server-side request forgery (SSRF) is a vulnerability that allows an attacker to manipulate a web application to make unintended requests from the server.
Insecure configuration can lead to a cross-site request forgery (CSRF) vulnerability.
Using untrusted inputs in a log statement can enable attackers to break the log's format, forge log entries, and bypass log monitors.
Hardcoded credentials can be intercepted by malicious actors.
Dereferencing a null pointer can lead to unexpected null pointer exceptions.
Obsolete, broken, or weak hashing algorithms can lead to security vulnerabilities.
The product does not encrypt sensitive or critical information before storage or transmission.
Intent receiver method is registered without specifying any broadcast permission.
Connections that use insecure protocols transmit data in cleartext, which can leak sensitive information.
Possible unintended system commands could be executed through user input.
Passing user-controlled input directly to bean validation APIs can lead to code injection attacks.
Use of untrusted inputs in SQL database query can enable attackers to read, modify, or delete sensitive data in the database
Failure to properly transform an object, resource, or structure from one type to a safer one.