Highest Voted 'veracode' Questions

3

votes

2 answers

Veracode directory traversal Issue c#

I have this code that stores file to server: function void StoreFile(string inputFileName) { ... var extension = Path.GetExtension(inputFileName); if(extension == ".csv") { var fileName = string.Format("{0}_{1}{2}",…

c# asp.net security veracode

asked Aug 25 '15 at 13:15

freshbm

5,525
3
43
70

3

votes

1 answer

How to resolve CWE 117 Issue

I have a CWE 117 issue reported in my Product. CWE 117 issue is that the software does not properly sanitize or incorrectly sanitizes output that is written to logs and one possible solution i got was to add the following while logging. String clean…

java veracode

asked Jun 18 '15 at 09:56

Divya Rose

227
3
15

3

votes

0 answers

Security: CWE-201: What is the correct way to securely read a properties file using openStream?

I'm working on coming up with a solution for CWE-201 that is flagged from Veracode. Background: CWE-201: Information Exposure Through Sent Data Information Exposure Through Sent Data Weakness ID: 201 (Weakness Variant) Status: Draft +…

java security veracode

asked Jun 10 '15 at 14:07

joker1979

171
2
11

3

votes

2 answers

How to resolve CWE-259: Use of Hard-coded Password?

I submitted my application EAR to Veracode Security scanning tool and got this flaw in the below piece of code : private String url = "jdbc:mysql://localhost:8081/sql"; private String userName = "xyz"; private String password =…

java security veracode

asked Apr 14 '13 at 17:55

user1782009

221
3
13
32

2

votes

4 answers

Security flaws in code with veracode tool

i ran my application for security compilance in veracode tool. And whenever the tool find any logging it detected as a flaw in code And the flaw says below quote Improper Output Neutralization for Logs Description Function call could result in a log…

java security web-applications veracode

asked Jul 26 '11 at 12:57

BOSS

2,681
7
26
49

2

votes

0 answers

Can I integrate Log Analytics with log4j2?

Use-case: Running Spark job in Databricks and monitoring logs in LogAnalytics. Issue: In Veracode report, I am getting security vulnerabilities(CRLF) with Slf4j logger. I am looking for other approaches, with Log4j2 I don't see any issues. Now my…

log4j2 slf4j azure-databricks azure-log-analytics veracode

asked Aug 21 '20 at 16:45

Vikas

21
1

2

votes

2 answers

Veracode Scan: jQuery html method showing Improper Neutralization of Script-Related HTML Tags in a Web Page issue

Veracode is pointing out the issue Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in the below line. $('#SummaryDiv').html(data); $.ajax({ url: 'Target_URL', type: 'GET', …

javascript jquery ajax xss veracode

asked Aug 14 '20 at 08:56

Srinubabu Ravilla

39
3

2

votes

2 answers

How can I use Xmlint to map a certain value from a XML file?

I'm a beginner. I need to script a automation command line in linux(but havent achieved success yet), that can map the value sandbox_id= and output it, using the xml as follows:

xml xpath xmllint veracode

asked Jul 27 '20 at 19:08

Ricardo Lima

21
3

2

votes

1 answer

Unable to fix veracode cwe id 918 flaw (SSRF) when using API gateway pattern in a Microservices architecture

I am using API Gateway Pattern in a Micro services architecture in which the Front End Angular app makes an HTTP request to my API Gateway project which is simply a ASP.net Core 3.1 Web API project. Currently I only have 2 micro services and an API…

microservices asp.net-core-webapi api-gateway veracode ssrf

asked Jun 13 '20 at 11:10

Hamza Khanzada

1,102
1
13
29

2

votes

1 answer

ColdFusion 9 - prevent SQL injection while using dynamic table/view name

I'm not ColdFusion developer but this has something put on my head to fix within week. Problem: our legacy app creates view by empid and use logged user id to select records from view. Then this variable is used in…

coldfusion adobe sql-injection cfml veracode

asked Sep 08 '19 at 22:06

Navi

21
2

2

votes

0 answers

How to fix VeraCode issue "Use of a Broken or Risky Cryptographic Algorithm (CWE ID 327)" for dot net core 2.0 Angular Project?

I am getting Veracode issue (CWE ID 327 & 326) "Use of a Broken or Risky Cryptographic Algorithm" with Two Microsoft DLL's(microsoft.codeanalysis.dll and microsoft.identitymodel.tokens.dll). Below are the approaches we have tried to mitigate this…

c# algorithm encryption cryptography veracode

asked Apr 25 '19 at 09:44

M P Reddy

21
1

2

votes

3 answers

Improper Neutralization of CRLF Sequences in HTTP Headers

I ran Veracode scan on my project and it gave me CWE ID 113 issue under HTTP response splitting. I tried to resolve the issue with there recommendations but it did not work. e.g. try { String selNhid = req.getParameter("selNhid"); …

java xss veracode

asked Apr 16 '19 at 10:20

Pavan Divekar

439
2
11

2

votes

3 answers

Veracode CWE id 611

I have a piece of code where there is veracode finding for Improper Restriction of XML External Entity Reference ('XXE') Attack. Code: Transformer transformer = TransformerFactory.newInstance().newTransformer(); StreamResult result = new…

veracode

asked Mar 06 '19 at 08:18

Ab_sin

51
8

2

votes

1 answer

org.owasp.esapi.reference.DefaultEncoder vs. org.owasp.encoder.Encode

Both the org.owasp.esapi.reference.DefaultEncoder and org.owasp.encoder.Encode classes provide some of VeraCode's Supported Cleansing Functions for addressing potential cross-site scripting (XSS) attacks. Given that they both come from OWASP, I…

character-encoding xss owasp veracode

asked Sep 06 '18 at 14:30

kc2001

4,580
4
40
79

2

votes

0 answers

Veracode issue CWE 915

I'm having a POST method in my ASP.NET core web API which takes a model as a parameter (binding POST content directly to model). The model contains all the parameters as optional parameters. While scanning the web service using Veracode, I get…

asp.net-web-api veracode

asked Sep 04 '18 at 09:09

Harshvardhan Chittora

107
10

Prev 1 2

3

…

18 19 Next

Questions tagged [veracode]