Products Book A Demo Contact Us

Usage of insufficient random value

Overview

Rule ID: java_lang_insufficiently_random_values
Applicable Languages: Java
Weakness ID: CWE-330

Description

Employing predictable random values undermines application security, especially when these values are used for security-sensitive purposes.

Remediation Guidelines

Do utilize a robust library for generating random values to enhance security.
```
SecureRandom random = new SecureRandom();
```

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUsage of hard-coded secret NextUsage of naive Socket class to create SSL Socket

Last updated 8 months ago