CAST Rules

CAST

Rules Documentation

Health Factors

indexes

Standards

technologies

extensions

com.castsoftware.android
com.castsoftware.angularjs
com.castsoftware.cfamily
com.castsoftware.cpp
com.castsoftware.dotnet
com.castsoftware.dotnetweb
com.castsoftware.egl
com.castsoftware.entity
com.castsoftware.flex
com.castsoftware.formsreport
com.castsoftware.fortran
com.castsoftware.go
com.castsoftware.html5
com.castsoftware.ibatis
com.castsoftware.java.hibernate
com.castsoftware.java.sql
com.castsoftware.jee
com.castsoftware.jeerules
com.castsoftware.jquery
com.castsoftware.kotlin
com.castsoftware.nodejs
com.castsoftware.nosqldotnet
com.castsoftware.nosqljava
com.castsoftware.peoplesoft
com.castsoftware.php
com.castsoftware.php.security
com.castsoftware.pl1
com.castsoftware.python
com.castsoftware.reactjs
com.castsoftware.rpg
com.castsoftware.sap
com.castsoftware.sapui5
com.castsoftware.securityanalyzer
- 1.1.7-funcrel
- 1.1.6-funcrel
- 1.1.5-funcrel
- 1.1.4-funcrel
- 1.1.3-funcrel
- 1.1.2-funcrel
- 1.1.1-funcrel
- 1.1.0-funcrel
- 1.1.0-beta1
- 1.0.12-funcrel
- 1.0.11-funcrel
- 1.0.10-funcrel
- 1.0.9-funcrel
- 1.0.8-funcrel
- 1.0.7-funcrel
- 1.0.6-funcrel
- 1.0.5-funcrel
- 1.0.4-funcrel
- 1.0.3-funcrel
- 1.0.2-funcrel
- 1.0.1-funcrel
- 1.0.0-funcrel
com.castsoftware.shell
com.castsoftware.siebel
com.castsoftware.springsecurity
com.castsoftware.sql.movetocloud
com.castsoftware.sqlanalyzer
com.castsoftware.struts
com.castsoftware.swift
com.castsoftware.systemlevelrules
com.castsoftware.tibco
com.castsoftware.typescript
com.castsoftware.vuejs
com.castsoftware.wbslinker
com.castsoftware.wcf

22 Rules

ID	Name	Severity
8240	Avoid using unsecured cookie	critical
1025000	Avoid second order OS command injection	critical
1025002	Avoid second order XPath injection	critical
1025004	Avoid second order URL redirection to untrusted site	critical
1025010	Avoid second order LDAP injection	critical
1025016	Avoid using cookie without the HttpOnly flag	critical
1025018	Avoid cookie injection	critical
1025020	Avoid data filter injection	critical
1025022	Avoid data filter injection through API requests	critical
1025024	Avoid disabling the expiration time validation of a JWT token	critical
1025026	Avoid disabling the expiration time requirement of a JWT token	critical
1025028	Avoid disabling the signature requirement of a JWT token	critical
1025030	Avoid hard-coded JWT secret keys	critical
1025032	Avoid insecure parameters for PBKDF2 password encoder	critical
1025034	Avoid insecure parameters for BCrypt password encoder	critical
1025036	Avoid insecure parameters for Argon2 password encoder	critical
1025038	Avoid insecure parameters for SCrypt password encoder	critical
1025040	Avoid external control of system or configuration setting	critical
1025042	Avoid external control of system or configuration setting through API requests	critical
1025044	Avoid MVC injection	critical
1025046	Avoid MVC injection through AIP requests	critical
1025048	Avoid hard-coded password in connection string	critical

Sign In

Using your CAST Extend will allow you to gain access to additional rule information