Vulnerability
Code Rules in Vulnerability category
| Category | Severity | Name | Description |
|---|---|---|---|
Vulnerability
|
Critical
|
Always use AES encryption algorithm in a secure mode
|
AES encryption algorithm should be used with secured mode |
|
Vulnerability
|
Critical
|
Cryptographic Hash Functions should not use SHA-1 or Message-Digest Algorithms
|
SHA-1 and Message-Digest hash algorithms should not be used in secure contexts |
|
Vulnerability
|
Critical
|
Database queries should not be vulnerable to injection attacks
|
Database queries should not be vulnerable to injection attacks |
|
Vulnerability
|
Critical
|
DES (Data Encryption Standard) or 3DES should not be used
|
DES Crypting should not be used |
|
Vulnerability
|
Critical
|
Encryption algorithms must be used with the appropriate secure mode and padding scheme.
|
Encryption algorithms should be used with secure mode and padding scheme |
|
Vulnerability
|
Critical
|
Encryption keys should be long enough
|
Cryptographic keys should be robust |
|
Vulnerability
|
Critical
|
Encryption keys should not be hardcoded
|
Encryption keys should not be hardcoded |
|
Vulnerability
|
Critical
|
IP addresses should not be Hardcoded
|
Hard coded IP address should not be used |
Vulnerability
|
Minor
|
Never use Console logging in production
|
Console logging should not be used |
|
Vulnerability
|
Critical
|
Never use CoSetProxyBlanket or CoInitializeSecurity
|
CoSetProxyBlanket and CoInitializeSecurity should not be used |
|
Vulnerability
|
Critical
|
OS commands should not allow injection attacks
|
OS commands should not be vulnerable to injection attacks |
|
Vulnerability
|
Critical
|
Regular expressions should not allow Denial of Service attacks
|
Regular expressions should not be vulnerable to Denial of Service attacks |
|
Vulnerability
|
Critical
|
SOAP and INET objects should not be used
|
SOAP and INET PowerBuilder objects do not support use of TLS 1.2 and that makes it vulnerable to attacks |
|
Vulnerability
|
Critical
|
The OLE web browser should not be used anymore (not secure)
|
OLE Web Browser not secured |
|
Vulnerability
|
Critical
|
User IDs and Passwords should not be Hardcoded
|
Hard coded UserId / Password for database connection should not be used |
|
Vulnerability
|
Critical
|
User input should not allow path injection or path transversal attacks
|
I/O function calls should not be vulnerable to path injection attacks |