This topic consists of following sub-topics:

• Injection
  Injection flaws occur when an application sends untrusted data to an interpreter. Injection flaws are very prevalent, particularly in legacy code. They are often found in SQL, LDAP, Xpath, or SQL queries; OS commands; XML parsers, SMTP Headers, program arguments, etc. Injection flaws are easy to discover when examining code.
• Cryptography Used
  
• Cross-Site Scripting (XSS)
  XSS for Oracle Banking Trade Finance Process Management handled by OJET. Hence application developer’s need not to handle specifically.
• Insecure Direct Object References
  
• Security Misconfiguration
  
• Sensitive Data Exposure
  
• Missing Function Level Access Control
  
• Cross-Site Request Forgery (CSRF)
  Oracle Banking Trade Finance Process Management services are stateless. Oracle Banking Trade Finance Process Management generates JWT upon successful authentication of the users. The generated token works to prevent CSRF.
• Using Components with Known Vulnerabilities
  Source code scanning done using the latest fortify to identify the sources code issue and will provide the proper fix for the reported issues.
• Unvalidated Redirects and Forwards Network Security
  Application uses 302 redirect wherever required. Oracle Banking Trade Finance Process Management uses response.sendRedirect(newURL);