Missing Support for Integrity Check

Overview

Rule ID: java_lang_missing_integrity_check
Applicable Languages: Java
Weakness ID: CWE-353

Description

Without integrity checks ("checksums"), a protocol lacks the means to detect if transmitted data has been tampered with or altered by unauthorized parties, such as in a Man-in-the-Middle attack. This complicates the ability to verify the integrity of transmitted data.

Remediation Guidelines

Employ encryption schemes that incorporate integrity checks to verify that data has not been altered during transmission.
```
Cipher c = Cipher.getInstance("AES/GCM/PKCS5Padding");
```

References

Configuration

PreviousMissing SSL host check in SMTP NextMissing TLS validation

Last updated 9 months ago