Search
Composite Recipes
Recipes that include further recipes, often including the individual recipes below.
- Find Expression Language injection vectors
- Find HTTP response splitting vectors
- Find XPath injection vectors
- Find process control vectors
- Find resource injection vectors
- Find vulnerable uses of Jackson
@JsonTypeInfo
Recipes
- Find Jackson default type mapping enablement
- Find OS command injection vectors
- Find RSA encryption without OAEP padding
- Find Spring Security configurations that disable session fixation protection
- Find
User.withDefaultPasswordEncoder()usage - Find hardcoded authentication credentials
- Find hardcoded initialization vectors
- Find inadequate cryptographic key sizes
- Find insecure Spring Security RememberMe configuration
- Find long or disabled HTTP session timeout
- Find permissive CORS configuration
- Find potential SQL injection
- Find predictable cryptographic salts
- Find script engine code injection vectors
- Find sensitive API endpoints
- Find unsafe reflection vectors
- Find unsigned JWT usage
- Find weak Spring Security password encoders
- Find weak cryptographic algorithms
- Find weak message digests used inside custom
PasswordEncoderimplementations - Find weak password encoder strength
- Find weak password hashing