Stack Overflow
Stack Overflow

Questions tagged [bluemix-app-scan]

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance.

HCL AppScan on Cloud is a service by IBM for application security scan. It replaces earlier Application Security on Cloud by Bluemix and Appscan Dynamic Analyzer and also includes Mobile analyzer.

39 questions
0
votes
0 answers

IBM AppScan - Port Listener Command Injection - JSF 2.2 & Primefaces - JBOSS 7.2 EAP

Orginal Post IBM AppScan We recently received result from IBM AppScan DAST and some of the result don't make much senses. Parameter: **javax.faces.source** Risk(s): It is possible to run remote commands on the web server. This usually means complete…
Ravi
  • 391
  • 2
  • 18
0
votes
0 answers

IBM Cloud foundry java services app: Class Not found exception

I'm trying to run my java app on ibm bluemix. The app is deployed succesfully but it's unable to start. The logs contain an error message: Error: 2018-10-26T11:25:08.85+0530 [APP/PROC/WEB/0] ERR Error: Could not find or load main class…
Vikas Shinde
  • 1
  • 1
0
votes
2 answers

Validation Required issue by IBM AppScan

IBM AppScan has thrown the error Validation Required while scanning my app for the following code:- return Arrays.asList(System.getenv("PATH").split(":")); I am not sure why the error is thrown. Could it be a false positive ? Can I…
John
  • 740
  • 5
  • 13
  • 36
0
votes
1 answer

How to handle CWE-400-Resource exhaustion error

We are getting an IBM APPSCAN exception for the following code. { br = new BufferedReader(new InputStreamReader((conn.getInputStream()))); } StringBuilder sb = new StringBuilder(); String line; while ((line = br.readLine()) != null) { …
Subhranil Sengupta
  • 89
  • 1
  • 12
0
votes
1 answer

Solve "missing secure attribute in encrypted session (ssl) cookie" with Java

Recently, IBM Security AppScan found an issue that missing secure attribute in encrypted session (ssl) cookie. the report is below: this app is code by Java and i add a filter to set all cookies secure, code: public class BasicFilter implements…
Rollsbean
  • 715
  • 2
  • 11
  • 31
0
votes
0 answers

BufferedReader issue in IBM Application Scanner

I am parsing a huge XML file using BufferedReader in my application and while scanning it through IBM Appscan (which is a mandate in our organisation) it is showing High Vulnerability of Denial of Service (DoS) attack (Issue type AppDOS). I have…
Akki
  • 73
  • 1
  • 11
0
votes
2 answers

Issue while integration of IBM Application Security on Cloud (ASoC) with Jenkins

I am trying to integrate the IBM Application Security on Cloud (ASoC) with Jenkins by using the "IBM Application Security on Cloud Plugin". I have successfully installed Plugin in Jenkins and restarted Jenkins. While adding "Run Security Test" build…
rock
  • 25
  • 1
  • 1
  • 7
0
votes
0 answers

Another set-cookie attribute for secure flag

After adding the following tag in web.config I am getting "Set-Cookie:Secure" in every response header. But I can see there are duplicate "Set-Cookie" attributes in the headers as below IBM AppScan is raising…
Sachin Pakale
  • 292
  • 2
  • 4
  • 19
0
votes
0 answers

Use of method.invoke

I am new one for java. I am not able to understand the use of method.invoke. Please could you give me the more detail. Java Code: import java.util.Comparator; import java.lang.reflect.Method public class TestComparator implements Comparator…
Jack
  • 197
  • 1
  • 2
  • 11
0
votes
2 answers

Remote file inclusion by tampering POST payloads. Is it really possible over HTTPS?

Here is how my front-end application loads its required JS files: A page (on HTTPS) will send a POST request describing what JS files should be loaded from various servers. The payload will look roughly like this: { "1":…
rkrishnan
  • 776
  • 1
  • 9
  • 21
0
votes
3 answers

Application Security on Cloud static analysis not working for me

I need some help with using the Application Security on Cloud application. I am trying to use the free plan to do a static scan. I have installed the eclipse plugin and when attempting to scan a project I get this error: A connection to the Static…
RangerSSD
  • 1
0
votes
0 answers

Bluemix cloudant, when my project website started, it seems empty

I could deploy my project on bluemix successfully, but I am not able to see any images. and it shows nothing while I am entering data in the input fields. I took project from your github and followed your steps. What could I do wrong? I will thank…
Klod
  • 1
0
votes
1 answer

Validate an object

There are various places APPScan is throwing a Validation.required error in my code, where I am setting an object. Now object is set in two ways: A) ExceptionBldr excepBuilder = (ExceptionBldr) session.getAttribute(SN_EXCEPBLDR); this I am solving…
veraliesim
  • 31
  • 1
  • 5
0
votes
2 answers

Appscan Validation.Required issue in java

I ran appScan on my application. I can see most of the Validation.Required issues for String objects. But, not sure what validation the appscan is expecting here. we have tried with null and empty check still there is no use. Please any one let me…
Siddhu
  • 1
  • 1
  • 2
0
votes
1 answer

Application Security on Cloud Not checking for encryption

I have an android application which contains login authentication, I am not sending encrypted username and password to back-end for authentication. When I scan this application in "Application Security on Cloud" it is not showing any error, or any…
Rahul Kant
  • 33
  • 8
1
2
3