ASP.NET Misconfiguration: Creating Debug Binary Abstract Debugging messages help attackers learn about the system and plan a form of...

ASP.NET Misconfiguration: Missing Custom Error Handling Abstract An ASP .NET application must enable custom error pages in order to prevent...

Failure of true random number generator Overview True random number generators generally have a limited source of entropy and therefore can fail...

Information leak through class cloning Overview Cloneable classes are effectively open classes since data cannot be hidden in...

Information leak through serialization Overview Serializable classes are effectively open classes since data cannot be hidden in...

Insecure Compiler Optimization Abstract Improperly scrubbing sensitive data from memory can compromise security. Description Compiler...

J2EE Misconfiguration: Insecure Transport Abstract The application configuration should ensure that SSL is used for all access controlled...

J2EE Misconfiguration: Missing Error Handling Abstract A web application must define a default error page for 404 errors, 500 errors and to catch...

J2EE Misconfiguration: Unsafe Bean Declaration Abstract Entity beans should not be declared remote. Description Entity beans that expose a...

J2EE Misconfiguration: Insufficient Session-ID Length Abstract Session identifiers should be at least 128 bits long to prevent brute-force session...