Products Book A Demo Contact Us

Products Book A Demo Contact Us

Sec1 Documentation
Quick Start
Integration with Sec1
External Integrations
Static Application Security Testing
- SAST Java Rules
- SAST JavaScript Rules
SBOM Scanner
- Config
- Scan
CISO Console
Pricing & Billing
CVE API

Powered by GitBook

On this page

Overview
Description
Remediation Guidelines
References
Configuration

Static Application Security Testing

SAST Java Rules

Usage of hard-coded secret

PreviousUsage of hard-coded database password NextUsage of insufficient random value

Last updated 9 months ago

Overview

Rule ID: java_lang_hardcoded_secret
Applicable Languages: Java
Weakness ID: CWE-798

Description

Applications should securely store secret values rather than including them as literal values in the source code.

Remediation Guidelines

Fetch secrets from a secure location during runtime.

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our

OWASP hardcoded passwords

OWASP secrets management cheat sheet

CWE-798: Use of Hard-coded Credentials

OWASP Top 10: A07:2021 - Identification and Authentication Failures