integralzone

MuleSoft common coding mistakes #1 – Unsecured data storage

Written by:
Published on February 16, 2023

MuleSoft common coding mistakes #1 – Unsecured data storage

MuleSoft applications may store sensitive information in plain text or with weak encryption, which could result in data breaches. Below example code shows trust and key store

<http:listener-config name="HTTP_Listener" doc:name="HTTP Listener config" >
		<http:listener-connection host="localhost" port="8081" >
			<tls:context >
				<tls:trust-store password="test" type="jks" />
				<tls:key-store type="jks" keyPassword="test" password="test" />
			</tls:context>
      </http:listener-connection>
</http:listener-config>

Integral Zone’s static code analyis plugin, IZ Analyzer, provides two out-of-the-box rules to automatically identify such security issues. As an Anypoint Studio plugin, IZ Analyzer provides this feedback in real-time at the time of development so that the issues can be rectified even before the code is checked into the source code respository.

M00009 - HTTPS - TLS Trust Store Password is NOT externalized
M00010 - HTTPS - TLS Key Store Passwords is NOT externalized

Want to try this plugin?
✒️ https://integralzone.com/contact/ for a 30-day free trial.

More details:
🔎 https://docs.integralzone.com/iz-analyzer/1.0.0/about/about.html
🔎 https://analyzer.integralzone.com/

Leave a Reply

Your email address will not be published. Required fields are marked *

Other Blog Posts

Other Blog Posts

MuleSoft Runtime Code Scanning – Why Do You Need It?

One of the most frequently asked questions is if we have static code analysis and a well defined DevOps process, why would we need run time code analysis? In this article, let’s explore the differences between the two and why you might want to have runtime code analysis (and IZ Runtime Analyzer) even if you have …

Continue reading “MuleSoft Runtime Code Scanning – Why Do You Need It?”

Read more

Ensuring Software Quality in Healthcare: Leveraging IZ Analyzer for MuleSoft Code Scanning 🏥💻

Ensuring software quality in the healthcare industry is a top priority, with direct implications for patient safety, data security, and regulatory compliance. Healthcare software development requires adherence to specific rules and best practices to meet the unique challenges of the industry. In this blog post, we will explore essential software quality rules specific to healthcare …

Continue reading “Ensuring Software Quality in Healthcare: Leveraging IZ Analyzer for MuleSoft Code Scanning 🏥💻”

Read more

Mule OWASAP API Security Top 10 – Broken Object Level Authorization

In Mule, Object-Level Authorization refers to the process of controlling access to specific objects or resources within an application based on the permissions of the authenticated user. It ensures that users can only perform operations on objects for which they have appropriate authorization. To demonstrate a broken Object-Level Authorization example in Mule, let’s consider a …

Continue reading “Mule OWASAP API Security Top 10 – Broken Object Level Authorization”

Read more

How KongZap Revolutionises Kong Gateway Deployment

In a rapidly evolving digital landscape, businesses face numerous challenges. Faster time to market is the only option business can choose. When it comes end to end Kong Gateway life cycle from deploying to managing Kong Gateway, every one of these challenges is applicable. However, KongZap, a groundbreaking solution is a game-changer by addressing some …

Continue reading “How KongZap Revolutionises Kong Gateway Deployment”

Read more
  40, Caversham Rd,
      Reading RG1 7EB, UK
  +44 1183523962
  info@integralzone.com

Copyright 2018 Integral Zone | All Rights Reserved