Bugs

The bug patterns identified by the plugin are not automatically vulnerabilities or defects. They represent sensible points of the application that should be analyse closely. A description will always be attach to explain the risk.

Some vulnerability categories covered:

  • Endpoints from various framework
  • Command Injection
  • XPath Injection
  • Xml eXternal Entity (XXE)
  • Weak cryptography
  • Tainted inputs
  • Predictable random
  • Specific library weakness
  • XSS in JSP page
  • SQL/HQL injection
  • ReDOS
  • Path traversal

Frameworks support:

  • Spring MVC
  • Apache Tapestry 5
  • Struts 1
  • Struts 2
  • JaxRS (Jersey)
  • JaxWS (Axis2, Metro)
  • J2EE classic Web api
  • Apache Wicket
Bugs descriptions

Find Security Bugs has a total of <% print nbDetectors %> detectors and <% print nbPatterns %> different bug patterns. The complete list of bug patterns are list in this section.

<% print """ """; bugPatterns.each {b-> print """ """ } print """
${b.title} link icon
${b.description}
"""; %>