Security Guidelines
Protect data, access, and integrity at every layer
Enforceable guidelines from our catalog
Cryptographic Operations Must Use SecureRandom
All cryptographic operations requiring randomness must use java.security.SecureRandom instead of java.util.Random to generate cryptographically secure random numbers for tokens, nonces, salt values, and other security-critical random values.
Communications Must Use Secure Protocols
All network communications must use secure protocols (HTTPS, TLS 1.2+, SFTP) instead of clear-text protocols (HTTP, FTP, Telnet) to prevent eavesdropping and man-in-the-middle attacks. Configure HttpClient, RestTemplate, or WebClient to enforce TLS.
Database Queries Must Use Parameterized Statements
All database operations must use parameterized queries with JPA @Query, Criteria API, or JDBC PreparedStatement instead of string concatenation to prevent SQL injection attacks. Never concatenate user input directly into SQL strings.
and get unlimited access to our guidelines catalog