Products Book A Demo Contact Us

Products Book A Demo Contact Us

Sec1 Documentation
Quick Start
Integration with Sec1
External Integrations
Static Application Security Testing
- SAST Java Rules
  GIT Leaks
  Leakage of Information in Logger Message
  Leakage of sensitive data in cookie
  Leakage of sensitive data in exception message
  Leakage of sensitive data to Airbrake
  Leakage of sensitive data to Algolia
  Leakage of Sensitive Data to Bugsnag
  Leakage of Sensitive Data to ClickHouse
  Leakage of Sensitive Data to Datadog
  Leakage of Sensitive Data to ElasticSearch
  Leakage of Sensitive Data to New Relic
  Leakage of Sensitive Data to OpenTelemetry
  Leakage of Sensitive Data to RollBar
  Leakage of Sensitive Data to Sentry
  Leakage of Sensitive Information in Exception Messages
  Leakage of sensitive information in logger message
  Missing authentication for database
  Missing database password detected
  Missing HTTP Only Option in Cookie Configuration
  Missing Optimal Asymmetric Encryption Padding (OAEP)
  Missing or Permissive SSL Hostname Verifier
  Missing Protection against Session Fixation Attacks
  Missing Secure option in cookie configuration
  Missing signature verification of JWT
  Missing SSL host check in SMTP
  Missing Support for Integrity Check
  Missing TLS validation
  Observable Timing Discrepancy
  Permissive Access-Control-Allow-Origin configuration
  Permissive context mode for resources
  Permissive cookie configuration
  Permissive HTTP Only option in cookie configuration
  Permissive Screenshot option set
  Possible CLRF injection detected
  Possible expression language (EL) injection detected
  Possible HTTP Parameter Pollution detected
  Unsanitized external input in SQL query
  Unsanitized use of FileUpload filename
  Unsanitized user input in 'eval' type function
  Unsanitized user input in Access-Control-Allow-Origin
  Unsanitized user input in AWS query
  Unsanitized user input in code generation
  Unsanitized user input in deserialization method
  Unsanitized User Input in File Path Traversal
  Unsanitized User Input in File Path
  Unsanitized user input in format string detected
  Unsanitized user input in HTTP request (SSRF)
  Unsanitized user input in HTTP response (XSS)
  Unsanitized user input in LDAP request
  Unsanitized user input in logger message
  Unsanitized User Input in OS Command
  Unsanitized User Input in Output Stream (XSS)
  Unsanitized User input in Redirect
  Unsanitized User Input in Regular Expression
  Unsanitized user input in SQL catalog configuration
  Unsanitized user input in XML External Entity
  Unsanitized User Input in XPath
  Usage of bad hex conversion on digest array
  Usage of CBC (Cipher Block Chaining) Mode with Padding
  Usage of custom Digest class
  Usage of dangerous permissions
  Usage of ECB Cipher Mode
  Usage of External Input in Code Reflection
  Usage of hard-coded database password
  Usage of hard-coded secret
  Usage of insufficient random value
  Usage of naive Socket class to create SSL Socket
  Usage of permissive file permission ('other')
  Usage of small key size with Blowfish encryption
  Usage of Trusted and Untrusted Data inside the same Data Structure
  Usage of vulnerable Apache Commons Collections InvokeTransformer class
  Usage of weak encryption algorithm (DES)
  Usage of Weak Hashing Library on a Password (SHA-1)
  Usage of Weak Hashing library (MD5)
- SAST JavaScript Rules
  Leakage of hard-coded secret in JWT
  Leakage of information in logger message
  Leakage of sensitive data in dynamic file generation
  Leakage of sensitive data in exception message
  Leakage of sensitive data in JWT
  Leakage of sensitive data in local storage
  Leakage of sensitive data to Airbrake
  Leakage of sensitive data to Algolia
  Leakage of sensitive data to Bugsnag
  Leakage of sensitive data to Datadog RUM
  Leakage of sensitive data to Datadog
  Leakage of sensitive data to ElasticSearch
  Leakage of sensitive data to Google Analytics (React)
  Leakage of sensitive data to Google Analytics
  Leakage of sensitive data to Google Tag Manager
  Leakage of sensitive data to HoneyBadger
  Leakage of sensitive data to New Relic
  Leakage of sensitive data to OpenTelemetry
  Leakage of sensitive data to OpenAI
  Leakage of sensitive data to RollBar
  Leakage of sensitive data to Segment
  Leakage of sensitive data to Sentry
  Leakage of sensitive information in logger message
  Missing Access Restriction on Directory Listing
  Missing escape of HTML entities in Handlebars template compilation
  Missing Helmet configuration on HTTP headers
  Leakage of Sensitive Information in Exception Messages
  Missing origin check in message handler
  Missing Revoke Method on JWT
  Missing Secure HTTP server Configuration
  Missing Secure option in Cookie Configuration
  Missing Server Configuration to reduce Server Fingerprinting
  Missing TLS validation
  Observable Timing Discrepancy
  Permissive file assignment
  Permissive origin in postMessage
  Unsanitized dynamic input in file path traversal
  Unsanitized dynamic input in file path
  Unsanitized Dynamic input in OS Command
  Unsanitized dynamic input in regular expression
  Unsanitized input in NoSQL query
  Unsanitized user input in 'eval' type function
  Unsanitized user input in React inner HTML method (XSS)
  Unsanitized user input in Access-Control-Allow-Origin
  Unsanitized user input in deserialization method
  Unsanitized user input in deserialization method
  Unsanitized user input in dynamic HTML insertion (XSS)
  Unsanitized user input in DynamoDB query
  Unsanitized User Input in File Path Traversal
  Unsanitized user input in format string
  Unsanitized user input in HTTP request (SSRF)
  Unsanitized user input in HTTP request (SSRF)
  Unsanitized user input in HTTP response (XSS)
  Unsanitized User input in HTTP Send file request
  Unsanitized User input in OS command
  Unsanitized user input in raw HTML strings (XSS)
  Unsanitized User input in Redirect HAPI
  Unsanitized user input in redirect
  Unsanitized User input in Redirect
  Unsanitized user input in regular expression
  Unsanitized User Input in Resource Rendering
  Unsanitized input in SQL query
  Unsanitized User Input in UI
  Unsanitized user input in XML parsing method
  Usage of default Cookie Configuration
  Usage of Default Session Cookie Configuration
  Usage of externally controlled input to select code
  Usage of hard-coded Passport Secret
  Usage of hard-coded secret
  Usage of Hard-Coded Secret
  Usage of insecure HTTP connection
  Usage of insecure websocket connection
  Usage of insufficient random value
  Usage of manual HTML sanitization (XSS)
  Usage of Session on Static Asset (CSRF)
  Usage of vulnerable DOMPurify package
  Usage of vulnerable marked package
  Usage of weak encryption algorithm (DES)
  Usage of weak encryption algorithm on a password (DES)
  Usage of weak encryption algorithm on a password (RC4)
  Usage of weak encryption algorithm (RC4)
  Usage of weak hashing library (MD5)
  Usage of weak hashing library on a password (Argon2)
  Usage of weak hashing library on a password (MD5)
  Usage of weak hashing library on a password (SHA-1)
  Usage of weak hashing library (SHA-1)
SBOM Scanner
- Config
- Scan
CISO Console
Pricing & Billing
CVE API

Powered by GitBook

SAST Java Rules

Key Java Security Rules

GIT Leaks
Missing HTTP Only option in cookie configuration
GIT Leaks
Leakage of Information in Logger Message
Leakage of sensitive data in cookie
Leakage of sensitive data in exception message
Leakage of sensitive data to Airbrake
Leakage of sensitive data to Algolia
Leakage of Sensitive Data to Bugsnag
Leakage of Sensitive Data to ClickHouse
Leakage of Sensitive Data to Datadog
Leakage of Sensitive Data to ElasticSearch
Leakage of Sensitive Data to New Relic
Leakage of Sensitive Data to OpenTelemetry
Leakage of Sensitive Data to RollBar
Leakage of Sensitive Data to Sentry
Leakage of Sensitive Information in Exception Messages
Leakage of sensitive information in logger message
Missing authentication for database
Missing database password detected
Missing HTTP Only Option in Cookie Configuration
Missing Optimal Asymmetric Encryption Padding (OAEP)
Missing or Permissive SSL Hostname Verifier
Missing Protection against Session Fixation Attacks
Missing Secure option in cookie configuration
Missing signature verification of JWT
Missing SSL host check in SMTP
Missing Support for Integrity Check
Missing TLS validation
Observable Timing Discrepancy
Permissive Access-Control-Allow-Origin configuration
Permissive context mode for resources
Permissive cookie configuration
Permissive HTTP Only option in cookie configuration
Permissive Screenshot option set
Possible CLRF injection detected
Possible expression language (EL) injection detected
Possible HTTP Parameter Pollution detected
Unsanitized external input in SQL query
Unsanitized use of FileUpload filename
Unsanitized user input in 'eval' type function
Unsanitized user input in Access-Control-Allow-Origin
Unsanitized user input in AWS query
Unsanitized user input in code generation
Unsanitized user input in deserialization method
Unsanitized User Input in File Path
Unsanitized User Input in File Path
Unsanitized user input in format string detected
Unsanitized user input in HTTP request (SSRF)
Unsanitized user input in HTTP response (XSS)
Unsanitized user input in LDAP request
Unsanitized user input in logger message
Unsanitized User Input in OS Command
Unsanitized User Input in Output Stream (XSS)
Unsanitized User input in Redirect
Unsanitized User Input in Regular Expression
Unsanitized user input in SQL catalog configuration
Unsanitized user input in XML External Entity
Unsanitized User Input in XPath
Usage of bad hex conversion on digest array
Usage of CBC (Cipher Block Chaining) Mode with Padding
Usage of custom Digest class
Usage of dangerous permissions
Usage of ECB Cipher Mode
Usage of External Input in Code Reflection
Usage of hard-coded database password
Usage of hard-coded secret
Usage of insufficient random value
Usage of naive Socket class to create SSL Socket
Usage of permissive file permission ('other')
Usage of small key size with Blowfish encryption
Usage of Trusted and Untrusted Data inside the same Data Structure
Usage of vulnerable Apache Commons Collections InvokeTransformer class
Usage of weak encryption algorithm (DES)
Usage of Weak Hashing Library on a Password (SHA-1)
Usage of Weak Hashing library (MD5)

PreviousStatic Application Security Testing NextGIT Leaks

Last updated 1 month ago

On this page