Vulnerability

Code Rules in Vulnerability category

Category Severity Name Description
Vulnerability Critical AES encryption algorithm should be used with secured mode AES encryption algorithm should be used with secured mode
Vulnerability Minor Console logging should not be used Console logging should not be used
Vulnerability Critical CoSetProxyBlanket and CoInitializeSecurity should not be used CoSetProxyBlanket and CoInitializeSecurity should not be used
Vulnerability Critical Cryptographic keys should be robust Cryptographic keys should be robust
Vulnerability Critical Database queries should not be vulnerable to injection attacks Database queries should not be vulnerable to injection attacks
Vulnerability Critical DES Crypting DES Crypting should not be used
Vulnerability Critical Encryption algorithms should be used with secure mode and padding scheme Encryption algorithms should be used with secure mode and padding scheme
Vulnerability Minor Fields should not have public accessibility Fields should not have public accessibility
Vulnerability Minor Generic exceptions should not be ignored Generic exceptions should not be ignored
Vulnerability Critical Hard coded IP address Hard coded IP address should not be used
Vulnerability Critical Hard coded UserId / Password Hard coded UserId / Password for database connection should not be used
Vulnerability Critical I/O function calls should not be vulnerable to path injection attacks I/O function calls should not be vulnerable to path injection attacks
Vulnerability Minor Mutable fields should not be public static Mutable fields should not be public static
Vulnerability Critical OS commands should not be vulnerable to injection attacks OS commands should not be vulnerable to injection attacks
Vulnerability Critical Regular expressions should not be vulnerable to Denial of Service attacks Regular expressions should not be vulnerable to Denial of Service attacks
Vulnerability Critical SHA-1 and Message-Digest hash algorithms should not be used in secure contexts SHA-1 and Message-Digest hash algorithms should not be used in secure contexts
Vulnerability Critical Soap and INET Soap and INET should not be used