Support
Articles and Tutorials
Policy
FAQ
Glossary
Products
Sax2 NIDS
Sax2 Screenshots
Buy Now
White Papers
Awards
Download
Contact Us

Consulting:

Technical Support:

Sales:

General Information:

 

 
  

Code Correctness: Call to System.gc()
Code Correctness: Call to System.gc() Abstract Explicit requests for garbage collection are a bellwether indicating likely performance problems....

J2EE Bad Practices: Sockets
J2EE Bad Practices: Sockets Abstract Socket-based communication in web applications is prone to error. Description The J2EE standard...

J2EE Bad Practices: getConnection()

J2EE Bad Practices: getConnection() Abstract The J2EE standard forbids the direct management of connections. Description The J2EE standard...

Object Model Violation: Just One of equals() and hashCode() Defined

Object Model Violation: Just One of equals() and hashCode() Defined Abstract This class overrides only one of equals() and hashCode(). ...

Often Misused: Authentication

Often Misused: Authentication Abstract Attackers can spoof DNS entries. Do not rely on DNS names for security. Description Many DNS...

Often Misused: Exception Handling

Often Misused: Exception Handling Abstract The _alloca() function can throw a stack overflow exception, potentially causing the program to crash....

Often Misused: File System

Often Misused: File System Abstract Passing an inadequately-sized output buffer to a path manipulation function can result in a buffer overflow....

Often Misused: Privilege Management

Often Misused: Privilege Management Abstract Failure to adhere to the principle of least privilege amplifies the risk posed by other...

Often Misused: String Management

Often Misused: String Management Abstract Functions that convert between Multibyte and Unicode strings encourage buffer overflows. ...

Poor Style: Explicit call to finalize()

Poor Style: Explicit call to finalize() Abstract The finalize() method should only be called by the JVM after the object has been garbage...

Ignored function return value

Ignored function return value Overview If a functions return value is not checked, it could have failed without any warning. Ignoring a...

Heap Inspection

Heap Inspection Abstract Do not use realloc() to resize buffers that store sensitive information. Description Heap inspection...

Code Correctness: Call to Thread.run()

Code Correctness: Call to Thread.run() Abstract The program calls a thread's run() method instead of calling start(). Description In most...

Code Correctness: Erroneous finalize() Method

Code Correctness: Erroneous finalize() Method Abstract This finalize() method does not call super.finalize(). Description The Java...

Dangerous Function

Abstract Functions that cannot be used safely should never be used. Description Certain functions behave in dangerous ways regardless of...

Directory Restriction Error

Directory Restriction Error Abstract Improper use of the chroot() system call may allow attackers to escape a chroot jail. Description The...

EJB Bad Practices: Use of AWT/Swing

EJB Bad Practices: Use of AWT/Swing Abstract The program violates the Enterprise JavaBeans specification by using AWT/Swing. Description ...

EJB Bad Practices: Use of Class Loader

EJB Bad Practices: Use of Class Loader Abstract The program violates the Enterprise JavaBeans specification by using the class loader. ...

EJB Bad Practices: Use of Sockets

EJB Bad Practices: Use of Sockets Abstract The program violates the Enterprise JavaBeans specification by using sockets. Description The...

EJB Bad Practices: Use of Synchronization Primitives

EJB Bad Practices: Use of Synchronization Primitives Abstract The program violates the Enterprise JavaBeans specification by using thread...
 

EJB Bad Practices: Use of java.io

EJB Bad Practices: Use of java.io Abstract The program violates the Enterprise JavaBeans specification by using the java.io package. ...