ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S2073/rule.adoc

24 lines
850 B
Plaintext
Raw Normal View History

RULEAPI-617: Add Jira closed RSPECs in Github repository
2021-06-08 14:23:48 +02:00
Optimal Asymmetric Encryption Padding adds an element of randomness to RSA encryption, and helps prevent partial decryption. Using RSA encryption with some other padding, or without padding yields an encrypted value that is easier for an attacker to decode.
== Noncompliant Code Example
----
Cipher cipher = Cipher.getInstance("RSA/None/NOPADDING"); // Noncompliant
----
== Compliant Solution
----
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");
----
== See
RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545)
2021-11-01 15:00:32 +01:00
* https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[OWASP Top 10 2021 Category A2] - Cryptographic Failures
Update CWE mapping (#534)
2021-10-28 10:07:16 +02:00
* https://cwe.mitre.org/data/definitions/780.html[MITRE, CWE-780] - Use of RSA Algorithm without OAEP
RULEAPI-617: Add Jira closed RSPECs in Github repository
2021-06-08 14:23:48 +02:00
* https://www.owasp.org/index.php/Top_10_2013-A5-Security_Misconfiguration[OWASP Top Ten 2013 Category A5] - Security Misconfiguration
Reference in New Issue Copy Permalink