Vulnerability
Code Rules in Vulnerability category
Category | Severity | Name | Description |
---|---|---|---|
Vulnerability | Critical | DES or 3DES Used | DES or 3DES Used is a rule for encrypting data using the Data Encryption Standard (DES) or Triple DES (3DES) algorithms. DES is an older encryption algorithm that uses a 56-bit key to encrypt data, while 3DES is a more secure algorithm that uses three 56-bit keys for encryption. Both algorithms are widely used for encrypting data, especially for financial and government applications. |
Vulnerability | Critical | Exceptions should not be ignored |
The rule "Exceptions should not be ignored" in PL/SQL code means that any errors or exceptions that occur during the execution of the code should be handled properly. This means that the code should include appropriate exception handling blocks to catch any errors that may occur. The code should also include appropriate logging and error messages to ensure that any errors are properly recorded and reported. This rule is important to ensure that any errors that occur during the execution of the code are handled properly and do not cause any unexpected or undesired behavior. |
Vulnerability | Critical | Sensitive SYS owned functions should not be used |
The rule "Sensitive SYS owned functions should not be used" in PL/SQL code means that functions owned by the SYS user should not be used in PL/SQL code. These functions are considered sensitive because they can have a significant impact on the system, and can be used to access sensitive information. Therefore, it is important to ensure that these functions are used only when absolutely necessary, and with the proper security measures in place. |
Vulnerability | Critical | SHA-1 and Message-Digest hash algorithms should not be used in secure contexts |
The rule "SHA-1 and Message-Digest hash algorithms should not be used in secure contexts" means that these algorithms should not be used when data security is a priority. SHA-1 and Message-Digest are both hashing algorithms, which are used to generate a unique value (or "hash") from a given set of data. These hashes can be used to verify the integrity of data, but they are not considered secure enough for use in secure contexts. As such, they should not be used when security is a priority. |