Top "Veracode" questions

Veracode provides automated static and dynamic application security testing software and remediation services

How to fix Veracode CWE 117 (Improper Output Neutralization for Logs)

There is an Spring global @ExceptionHandler(Exception.class) method which logs exception like that: @ExceptionHandler(Exception.class) void handleException(Exception …

Read More
java spring logging esapi veracode
How to fix Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) with error message?

We use web control adapter in our login page. Recently we run VeraCode on our web application. In following function, …

Read More
veracode
How to fix Trust Boundary Violation flaw in Java Web application

I am receiving a Trust Boundary Violation from Veracode. My code is userName= req.getParameter(Constant.USERNAME); session.setAttribute(Constant.…

Read More
java security veracode
How to configure the XML parser to disable external entity resolution in c#

var xDoc = XDocument.Load(fileName); I am using above code in a function to load an XML file. Functionality wise …

Read More
c# veracode
How to fix "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')"

After running VeraCode, it reported a following error "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')" in …

Read More
c# cookies veracode
Veracode XML External Entity Reference (XXE)

I've got the next finding in my veracode report: Improper Restriction of XML External Entity Reference ('XXE') (CWE ID 611) referring …

Read More
java security veracode xxe
How to resolve External Control of File Name or Path (CWE ID 73)

I am working on fixing Veracode issues in my application. Veracode has highlighted the flaw "External Control of File Name …

Read More
java security esapi veracode
How to resolve CWE-259: Use of Hard-coded Password?

I submitted my application EAR to Veracode Security scanning tool and got this flaw in the below piece of code : …

Read More
java security veracode
What is the best way to fix "Improper Restriction of xml external entity reference"?

We recently run VeraCode that points out on the following method: public XmlElement RunProcedureXmlElement(string Procedure, List<SqlParameter> …

Read More
c# .net xml veracode
Prevent XSS in Spring MVC controller

Hi in my project Veracode reported a XSS issue CWE ID 80. Here in my request handler method: @RequestMapping(value = "/Update.…

Read More
spring spring-mvc veracode