I have created a servlet whose both doGet and doPost method make call to a doProcess method. In this method i have fetched the parameters passed in URL and have even made checks for whether they are null or not. I have used a plugin of Lapse+ to determine vulnerability sources (security threats) as per java coding standards. While using the plugin it is showing PARAMETER TAMPERING for using request.getParameter(). Does anyone have a solution for it because as per java coding standards it is not a valid way to obtain values.
I'm not sure how you relate this with Java coding standards. Getting a parameter value using from request.getParameter(-) does not lead in any possibility of parameter tampering attack unless you use the obtained value in a vulnerable way - say, passing it to the 'sensitive' business without having proper validation. I'm not sure if that plugin performs some static validations or attempts to discover vulnerabilities at the runtime of the application. The best practice of using an analyzer should not be to make that tool happy - see what it reports and why so is reported.