SiteShadow
Back to vulnerability library
Detected bySecure-coding-practice checks (SCP)Pro

SCP06 Cryptographic Practices

What this means

SiteShadow flagged cryptographic practices that are weak, outdated, or misused (deprecated algorithms, weak key sizes, missing authentication, homebrew crypto, weak randomness).

Why it matters

Weak cryptography enables data exposure and tampering.

Safer examples

1) Use modern authenticated encryption (AEAD)

Prefer AES-GCM or ChaCha20-Poly1305 via vetted libraries (see CWE-326).

2) Use CSPRNG for tokens and keys

import secrets

token = secrets.token_urlsafe(32)

3) Don't roll your own crypto

Avoid custom ciphers/encodings; use standard libraries and managed key storage (see CWE-1240 / S01).

How SiteShadow detects it (high level)

References

---

← Back to Vulnerability Library

Catch this with SiteShadow Pro.

This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.