Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Insecure-transport
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Java stdlib
Detects direct creations of SSLConnectionSocketFactories that don’t disallow SSL v2, SSL v3, and TLS v1. SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates. These protocols are deprecated due to POODLE, man in the middle attacks, and other vulnerabilities.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A
- 0
- 3
- :
- 2
- 0
- 1
- 7
-
- -
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- D
- a
- t
- a
-
- E
- x
- p
- o
- s
- u
- r
- e
Checks for outgoing connections to ftp servers. FTP does not encrypt traffic, possibly leading to PII being sent plaintext over the network.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A
- 0
- 3
- :
- 2
- 0
- 1
- 7
-
- -
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- D
- a
- t
- a
-
- E
- x
- p
- o
- s
- u
- r
- e
Checks for requests sent via Unirest to http:// URLS. This is dangerous because the server is attempting to connect to a website that does not encrypt traffic with TLS. Instead, send requests only to https:// URLS.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A
- 0
- 3
- :
- 2
- 0
- 1
- 7
-
- -
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- D
- a
- t
- a
-
- E
- x
- p
- o
- s
- u
- r
- e
Detected an HTTP request sent via HttpURLConnection. This could lead to sensitive information being sent over an insecure channel. Instead, it is recommended to send requests over HTTPS.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A
- 0
- 3
- :
- 2
- 0
- 1
- 7
-
- -
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- D
- a
- t
- a
-
- E
- x
- p
- o
- s
- u
- r
- e
Checks for cases where java applications are allowing unsafe renegotiation. This leaves the application vulnerable to a man-in-the-middle attack where chosen plain text is injected as prefix to a TLS connection.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A
- 0
- 3
- :
- 2
- 0
- 1
- 7
-
- -
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- D
- a
- t
- a
-
- E
- x
- p
- o
- s
- u
- r
- e
Insecure transport rules to catch socket connections to http, telnet, and ftp servers. This is dangerous because these are protocols that do not encrypt traffic.
Likelihood: MEDIUM
Confidence: LOW
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A
- 0
- 3
- :
- 2
- 0
- 1
- 7
-
- -
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- D
- a
- t
- a
-
- E
- x
- p
- o
- s
- u
- r
- e
Checks for requests sent via Apache HTTP Components to http:// URLS. This is dangerous because the server is attempting to connect to a website that does not encrypt traffic with TLS. Instead, send requests only to https:// URLS.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A
- 0
- 3
- :
- 2
- 0
- 1
- 7
-
- -
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- D
- a
- t
- a
-
- E
- x
- p
- o
- s
- u
- r
- e
Detects setting client protocols to insecure versions of TLS and SSL. These protocols are deprecated due to POODLE, man in the middle attacks, and other vulnerabilities.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A
- 0
- 3
- :
- 2
- 0
- 1
- 7
-
- -
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- D
- a
- t
- a
-
- E
- x
- p
- o
- s
- u
- r
- e
Checks for attempts to connect through telnet. This is insecure as the telnet protocol supports no encryption, and data passes through unencrypted.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A
- 0
- 3
- :
- 2
- 0
- 1
- 7
-
- -
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- D
- a
- t
- a
-
- E
- x
- p
- o
- s
- u
- r
- e
Checks for redefinitions of the checkServerTrusted function in the X509TrustManager class that disables TLS/SSL certificate verification. This should only be used for debugging purposes because it leads to vulnerability to MTM attacks.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A
- 0
- 3
- :
- 2
- 0
- 1
- 7
-
- -
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- D
- a
- t
- a
-
- E
- x
- p
- o
- s
- u
- r
- e
Checks for requests sent via HttpClient to http:// URLS. This is dangerous because the server is attempting to connect to a website that does not encrypt traffic with TLS. Instead, send requests only to https:// URLS.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A
- 0
- 3
- :
- 2
- 0
- 1
- 7
-
- -
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- D
- a
- t
- a
-
- E
- x
- p
- o
- s
- u
- r
- e
Detected an HTTP request sent via HttpGet. This could lead to sensitive information being sent over an insecure channel. Instead, it is recommended to send requests over HTTPS.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 3
- 1
- 9
- :
-
- C
- l
- e
- a
- r
- t
- e
- x
- t
-
- T
- r
- a
- n
- s
- m
- i
- s
- s
- i
- o
- n
-
- o
- f
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- I
- n
- f
- o
- r
- m
- a
- t
- i
- o
- n
OWASP:
- A
- 0
- 3
- :
- 2
- 0
- 1
- 7
-
- -
-
- S
- e
- n
- s
- i
- t
- i
- v
- e
-
- D
- a
- t
- a
-
- E
- x
- p
- o
- s
- u
- r
- e