96811524d7
* Modify JVM Crypto rules: Change title * changed names * Apply suggestions from code review * fixed includes
61 lines
1.4 KiB
Plaintext
61 lines
1.4 KiB
Plaintext
|
|
include::../summary.adoc[]
|
|
|
|
== Why is this an issue?
|
|
|
|
include::../rationale.adoc[]
|
|
|
|
include::../impact.adoc[]
|
|
|
|
// How to fix it section
|
|
|
|
include::how-to-fix-it/java-cryptography-extension.adoc[]
|
|
|
|
== Resources
|
|
|
|
include::../common/resources/docs.adoc[]
|
|
|
|
include::../common/resources/articles.adoc[]
|
|
|
|
include::../common/resources/presentations.adoc[]
|
|
|
|
include::../common/resources/standards.adoc[]
|
|
|
|
* OWASP - https://mobile-security.gitbook.io/masvs/security-requirements/0x08-v3-cryptography_verification_requirements[Mobile AppSec Verification Standard - Cryptography Requirements]
|
|
* OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
|
|
* CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm]
|
|
* https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
==== ECB
|
|
|
|
Use a secure cipher mode.
|
|
|
|
==== CBC
|
|
|
|
Use another cipher mode or disable padding.
|
|
|
|
==== RSA
|
|
|
|
Use a secure padding scheme.
|
|
|
|
|
|
=== Highlighting
|
|
|
|
javax.crypto.Cipher#Cipher.getInstance
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|