diff --git a/rules/java/security/unencrypted-socket-java.yml b/rules/java/security/unencrypted-socket-java.yml
new file mode 100644
index 00000000..2b8540a5
--- /dev/null
+++ b/rules/java/security/unencrypted-socket-java.yml
@@ -0,0 +1,16 @@
+id: unencrypted-socket-java
+language: java
+severity: info
+message: >-
+  "Detected use of a Java socket that is not encrypted. As a result, the
+      traffic could be read by an attacker intercepting the network traffic. Use
+      an SSLSocket created by 'SSLSocketFactory' or 'SSLServerSocketFactory'
+      instead."
+note: >-
+  [CWE-319] Cleartext Transmission of Sensitive Information
+  [REFERENCES]
+      - https://owasp.org/Top10/A02_2021-Cryptographic_Failures
+rule:
+  any:
+    - pattern: new ServerSocket($$$)
+    - pattern: new Socket($$$)
diff --git a/rules/java/security/use-of-blowfish-java.yml b/rules/java/security/use-of-blowfish-java.yml
new file mode 100644
index 00000000..512745a2
--- /dev/null
+++ b/rules/java/security/use-of-blowfish-java.yml
@@ -0,0 +1,17 @@
+id: use-of-blowfish-java
+language: java
+severity: info
+message: >-
+  Use of Blowfish was detected. Blowfish uses a 64-bit block size
+      that  makes it vulnerable to birthday attacks, and is therefore considered
+      non-compliant.  Instead, use a strong, secure cipher:
+      Cipher.getInstance("AES/CBC/PKCS7PADDING"). See
+      https://owasp.org/www-community/Using_the_Java_Cryptographic_Extensions
+      for more information.
+note: >-
+  [CWE-327] Use of a Broken or Risky Cryptographic Algorithm
+  [REFERENCES]
+      - https://owasp.org/Top10/A02_2021-Cryptographic_Failures
+      - https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
+rule:
+  pattern: $CIPHER.getInstance("Blowfish")
diff --git a/rules/java/security/use-of-md5-digest-utils-java.yml b/rules/java/security/use-of-md5-digest-utils-java.yml
new file mode 100644
index 00000000..77778a46
--- /dev/null
+++ b/rules/java/security/use-of-md5-digest-utils-java.yml
@@ -0,0 +1,13 @@
+id: use-of-md5-digest-utils-java
+language: java
+severity: warning
+message: >-
+  'Detected MD5 hash algorithm which is considered insecure. MD5 is not
+      collision resistant and is therefore not suitable as a cryptographic
+      signature. Use HMAC instead.'
+note: >-
+  [CWE-328] Use of Weak Hash
+  [REFERENCES]
+      - https://owasp.org/Top10/A02_2021-Cryptographic_Failures
+rule:
+  pattern: DigestUtils.getMd5Digest($$$).digest($$$)
diff --git a/tests/__snapshots__/unencrypted-socket-java-snapshot.yml b/tests/__snapshots__/unencrypted-socket-java-snapshot.yml
new file mode 100644
index 00000000..e0becd2b
--- /dev/null
+++ b/tests/__snapshots__/unencrypted-socket-java-snapshot.yml
@@ -0,0 +1,58 @@
+id: unencrypted-socket-java
+snapshots:
+  ? |
+    ServerSocket ssoc = new ServerSocket(1234);
+  : labels:
+    - source: new ServerSocket(1234)
+      style: primary
+      start: 20
+      end: 42
+  ? |
+    ServerSocket ssoc1 = new ServerSocket();
+  : labels:
+    - source: new ServerSocket()
+      style: primary
+      start: 21
+      end: 39
+  ? |
+    ServerSocket ssoc2 = new ServerSocket(1234, 10);
+  : labels:
+    - source: new ServerSocket(1234, 10)
+      style: primary
+      start: 21
+      end: 47
+  ? |
+    ServerSocket ssoc3 = new ServerSocket(1234, 10, InetAddress.getByAddress(address));
+  : labels:
+    - source: new ServerSocket(1234, 10, InetAddress.getByAddress(address))
+      style: primary
+      start: 21
+      end: 82
+  ? |
+    Socket soc = new Socket("www.google.com", 80);
+  : labels:
+    - source: new Socket("www.google.com", 80)
+      style: primary
+      start: 13
+      end: 45
+  ? |
+    Socket soc1 = new Socket("www.google.com", 80, true);
+  : labels:
+    - source: new Socket("www.google.com", 80, true)
+      style: primary
+      start: 14
+      end: 52
+  ? |
+    Socket soc2 = new Socket("www.google.com", 80, InetAddress.getByAddress(address), 13337);
+  : labels:
+    - source: new Socket("www.google.com", 80, InetAddress.getByAddress(address), 13337)
+      style: primary
+      start: 14
+      end: 88
+  ? |
+    Socket soc3 = new Socket(InetAddress.getByAddress(remoteAddress), 80);
+  : labels:
+    - source: new Socket(InetAddress.getByAddress(remoteAddress), 80)
+      style: primary
+      start: 14
+      end: 69
diff --git a/tests/__snapshots__/use-of-blowfish-java-snapshot.yml b/tests/__snapshots__/use-of-blowfish-java-snapshot.yml
new file mode 100644
index 00000000..cc54e7fb
--- /dev/null
+++ b/tests/__snapshots__/use-of-blowfish-java-snapshot.yml
@@ -0,0 +1,16 @@
+id: use-of-blowfish-java
+snapshots:
+  ? |
+    Cipher.getInstance("Blowfish");
+  : labels:
+    - source: Cipher.getInstance("Blowfish")
+      style: primary
+      start: 0
+      end: 30
+  ? |
+    useCipher(Cipher.getInstance("Blowfish"));
+  : labels:
+    - source: Cipher.getInstance("Blowfish")
+      style: primary
+      start: 10
+      end: 40
diff --git a/tests/__snapshots__/use-of-md5-digest-utils-java-snapshot.yml b/tests/__snapshots__/use-of-md5-digest-utils-java-snapshot.yml
new file mode 100644
index 00000000..fe41e08d
--- /dev/null
+++ b/tests/__snapshots__/use-of-md5-digest-utils-java-snapshot.yml
@@ -0,0 +1,9 @@
+id: use-of-md5-digest-utils-java
+snapshots:
+  ? |
+    byte[] hashValue = DigestUtils.getMd5Digest().digest(password.getBytes());
+  : labels:
+    - source: DigestUtils.getMd5Digest().digest(password.getBytes())
+      style: primary
+      start: 19
+      end: 73
diff --git a/tests/java/unencrypted-socket-java-test.yml b/tests/java/unencrypted-socket-java-test.yml
new file mode 100644
index 00000000..d023debf
--- /dev/null
+++ b/tests/java/unencrypted-socket-java-test.yml
@@ -0,0 +1,23 @@
+id: unencrypted-socket-java
+valid:
+  - |
+    Socket soc = SSLSocketFactory.getDefault().createSocket("www.google.com", 443);
+  - |
+    ServerSocket ssoc = SSLServerSocketFactory.getDefault().createServerSocket(1234);
+invalid:
+  - |
+    Socket soc = new Socket("www.google.com", 80);
+  - |
+    Socket soc1 = new Socket("www.google.com", 80, true);
+  - |
+    Socket soc2 = new Socket("www.google.com", 80, InetAddress.getByAddress(address), 13337);
+  - |
+    Socket soc3 = new Socket(InetAddress.getByAddress(remoteAddress), 80);
+  - |
+    ServerSocket ssoc = new ServerSocket(1234);
+  - |
+    ServerSocket ssoc1 = new ServerSocket();
+  - |
+    ServerSocket ssoc2 = new ServerSocket(1234, 10);
+  - |
+    ServerSocket ssoc3 = new ServerSocket(1234, 10, InetAddress.getByAddress(address));
diff --git a/tests/java/use-of-blowfish-java-test.yml b/tests/java/use-of-blowfish-java-test.yml
new file mode 100644
index 00000000..c4a43b2d
--- /dev/null
+++ b/tests/java/use-of-blowfish-java-test.yml
@@ -0,0 +1,9 @@
+id: use-of-blowfish-java
+valid:
+  - |
+    Cipher.getInstance("AES/CBC/PKCS7PADDING");
+invalid:
+  - |
+    Cipher.getInstance("Blowfish");
+  - |
+    useCipher(Cipher.getInstance("Blowfish"));
diff --git a/tests/java/use-of-md5-digest-utils-java-test.yml b/tests/java/use-of-md5-digest-utils-java-test.yml
new file mode 100644
index 00000000..f6bc228d
--- /dev/null
+++ b/tests/java/use-of-md5-digest-utils-java-test.yml
@@ -0,0 +1,9 @@
+id: use-of-md5-digest-utils-java
+valid:
+  - |
+    MessageDigest md5Digest = MessageDigest.getInstance("MD5");
+  - |
+    byte[] hashValue = DigestUtils.getSha512Digest().digest(password.getBytes());
+invalid:
+  - |
+    byte[] hashValue = DigestUtils.getMd5Digest().digest(password.getBytes());