Java

Java

FortiCNAPP supports Java across all our integrations and all interfaces involving our scanners. FortiCNAPP Code Security does not require Java codebases to be compiled to run scans.

The following provides a list of CWEs that the SAST scanners detect for Java:

CWE	Weakness Name
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-276	Incorrect Permission Assignment for Critical Resource
CWE-295	Improper Certificate Validation
CWE-326	Inadequate Encryption Strength
CWE-327	Use of a Broken or Risky Cryptographic Algorithm
CWE-328	Use of Weak Hash
CWE-338	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE-345	Insufficient Verification of Data Authenticity
CWE-346	Origin Validation Error
CWE-352	Cross-Site Request Forgery (CSRF)
CWE-611	Improper Restriction of XML External Entity Reference
CWE-614	Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-776	Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-1004	Sensitive Cookie Without 'HttpOnly' Flag

Java

FortiCNAPP supports Java across all our integrations and all interfaces involving our scanners. FortiCNAPP Code Security does not require Java codebases to be compiled to run scans.

The following provides a list of CWEs that the SAST scanners detect for Java:

CWE

Weakness Name

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-276

Incorrect Permission Assignment for Critical Resource

CWE-295

Improper Certificate Validation

CWE-326

Inadequate Encryption Strength

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

CWE-328

Use of Weak Hash

CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE-345

Insufficient Verification of Data Authenticity

CWE-346

Origin Validation Error

CWE-352

Cross-Site Request Forgery (CSRF)

CWE-611

Improper Restriction of XML External Entity Reference

CWE-614

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CWE-1004

Sensitive Cookie Without 'HttpOnly' Flag

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

Administration Guide

Java

Java

Java