Products Book A Demo Contact Us

Usage of insufficient random value

Overview

  • Rule ID: java_lang_insufficiently_random_values

  • Applicable Languages: Java

  • Weakness ID: CWE-330

Description

Employing predictable random values undermines application security, especially when these values are used for security-sensitive purposes.

Remediation Guidelines

  • Do utilize a robust library for generating random values to enhance security.

    SecureRandom random = new SecureRandom();

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUsage of hard-coded secretNextUsage of naive Socket class to create SSL Socket

Last updated