Overview

Note

Our Java engines require byte-code to perform their security analysis. At the moment, GuardRails attempts to build Maven projects automatically. This only succeeds if no private registries are referenced. Support for gradle and sbt, as well as private repositories will be added in the future. The GuardRails CLI will also allow the integration of GuardRails as a build-step, so that the security analysis can be triggered against the already built artifacts.

Overview

This is the documentation for Java and Scala vulnerabilities that are detected by GuardRails. The documentation is grouped based on vulnerability category.

See the child pages for more information:

• Using Vulnerable Libraries
• Insecure Use of SQL Queries
• Insecure Use of Dangerous Function
• Insecure Use of Regular Expressions
• Hard-Coded Secrets
• Insecure Authentication
• Insecure Configuration
• Insecure File Management
• Insecure Use of Crypto
• Insecure Use of Language/Framework API
• Insecure Processing of Data
• Insecure Network Communication

Recommended Resources for Java:

• Awesome Java Security
• Secure Code Warrior - Free Secure Coding Training
  • Java Spring Training
  • Java EE Training
  • Java JSF Training
  • Java Struts Training
  • Scala Training