Vulnerability

Code Rules in Vulnerability category

Category Severity Name Description
Vulnerability Critical Always use AES encryption algorithm in a secure mode AES encryption algorithm should be used with secured mode
Vulnerability Critical Cryptographic Hash Functions should not use SHA-1 or Message-Digest Algorithms SHA-1 and Message-Digest hash algorithms should not be used in secure contexts
Vulnerability Critical Database queries should not be vulnerable to injection attacks Database queries should not be vulnerable to injection attacks
Vulnerability Critical DES (Data Encryption Standard) or 3DES should not be used DES Crypting should not be used
Vulnerability Critical Encryption algorithms must be used with the appropriate secure mode and padding scheme. Encryption algorithms should be used with secure mode and padding scheme
Vulnerability Critical Encryption keys should be long enough Cryptographic keys should be robust
Vulnerability Critical Encryption keys should not be hardcoded Encryption keys should not be hardcoded
Vulnerability Critical IP addresses should not be Hardcoded Hard coded IP address should not be used
Vulnerability Minor Never use Console logging in production Console logging should not be used
Vulnerability Critical Never use CoSetProxyBlanket or CoInitializeSecurity CoSetProxyBlanket and CoInitializeSecurity should not be used
Vulnerability Critical OS commands should not allow injection attacks OS commands should not be vulnerable to injection attacks
Vulnerability Critical Regular expressions should not allow Denial of Service attacks Regular expressions should not be vulnerable to Denial of Service attacks
Vulnerability Critical SOAP and INET objects should not be used SOAP and INET PowerBuilder objects do not support use of TLS 1.2 and that makes it vulnerable to attacks
Vulnerability Critical The OLE web browser should not be used anymore (not secure) OLE Web Browser not secured
Vulnerability Critical User IDs and Passwords should not be Hardcoded Hard coded UserId / Password for database connection should not be used
Vulnerability Critical User input should not allow path injection or path transversal attacks I/O function calls should not be vulnerable to path injection attacks