am working on a web application, which is getting deployed , tested and go live on client side.
Now appl. is in testing mode. Client has used Veracode Testing tool for Checking vulnarabilities.
We have found so many issue. Before that I would like to tell every one, I am new to this Veracode flaws fixing, I dont know much about these issues.I searched on the net but found very few information for some of these flaws.
Can u please drag me out of these flaws listed below.
1)Cryptographic Issues:Insufficient Entropy.
2)Cryptographic Issues:Use of Hard-coded Cryptographic Key.
3)Trust Boundary Violation
First flaw I m facing in this file
In RandomPwdGenerator.java file we are generating password .
Can u suggest me what exaclty expected here is.
Any help appriciated.Thanx in Advance.
I’m the Veracode product manager. Sorry if you are having challenges here. If your client has given you a login to the Veracode platform, you can use the Triage Flaws view to get an explanation of each flaw along with pointers to info about the flaw types in the CWE, the OWASP and WASC projects, and more.
If you only have the PDF report, there is some basic guidance on fixing flaws in each section of the report.
You can also contact Veracode support directly for more assistance.