40 Rules
| ID | Name | Severity |
|---|---|---|
| 1043006 | Avoid disabling ValidateInput on ASP.NET Http Post/Put Request |
high
|
| 1043008 | Avoid disabling ValidateInput on controller |
high
|
| 1043010 | Avoid creating cookie without setting httpOnly option (C#) |
high
|
| 1043012 | Avoid creating cookie without setting httpOnly option in Config file (ASP.NET) |
high
|
| 1043014 | Avoid disabling ValidateRequest in Config file (ASP.NET) |
high
|
| 1043016 | Avoid disabling ValidateRequest in ASPX page |
high
|
| 1043018 | Avoid storing passwords in the config files |
high
|
| 1043020 | Avoid having applications with the debug mode activated |
medium
|
| 1043022 | Avoid using unsecured cookie (C#) |
medium
|
| 1043024 | Always enable RequireSSL attribute for cookies in Config file (ASP.NET) |
medium
|
| 1043026 | Avoid disabling EnableViewStateMac in Config file (ASP.NET) |
medium
|
| 1043028 | Avoid disabling EnableViewStateMac in ASPX page |
medium
|
| 1043030 | Ensure the X-Frame-Options header is setup (ASP.NET) |
high
|
| 1043032 | Avoid having ASPX pages with tracing activated |
medium
|
| 1043034 | Avoid having applications with the tracing activated in the web config file |
medium
|
| 1043036 | Avoid using Impersonate identity (ASP.NET) |
medium
|
| 1043038 | Avoid having applications with the tracing activated in the source code |
medium
|
| 1043044 | Avoid disabling the XSRF/CSRF Protection (ASP.NET MVC) |
critical
|
| 1043046 | Avoid creating cookie with overly broad path (C#) |
critical
|
| 1043048 | Avoid having cookie with an overly broad domain (C#) |
critical
|
| 1043050 | Avoid having long timeout for HttpCookie (> 5 mn) |
medium
|
| 1043052 | Ensure aspnet:UseLegacyFormsAuthenticationTicketCompatibility is set to true |
medium
|
| 1043054 | Avoid overly permissive Cross-Origin Resource Sharing (CORS) policy |
medium
|
| 1043058 | Avoid disabling Header Checking flag in config file |
medium
|
| 1043060 | Avoid disabling HMAC signature verification (C#) |
high
|
| 1043062 | Avoid having all users accessing resources (.NET) |
medium
|
| 1043074 | Avoid creating unsecured HTTPS GET metadata endpoint in configuration |
high
|
| 1043076 | Avoid disabling custom errors mode to prevent exposure of exceptions and error data |
medium
|
| 1043078 | Avoid debug binaries that include detailed debug information |
medium
|
| 1043080 | Avoid disabling OR not defining encryption behavior for encryption when connecting with Database |
high
|
| 1043082 | Avoid client provided dictionaries to have high request sizes |
medium
|
| 1043084 | Avoid XML schemas with unbounded occurrences |
medium
|
| 1043086 | Avoid using Html.Raw() or HtmlHelper.Raw() |
high
|
| 1101958 | Avoid artifacts having db.collection.ensureIndex() to create new indexes |
medium
|
| 1101962 | Avoid using explain() in production code |
medium
|
| 1101964 | When using compound indexes, avoid having different index ordering in collection access |
medium
|
| 1101968 | Avoid having multiple Artifacts updating data on the same NoSQL Collection |
medium
|
| 1101970 | Avoid having multiple Artifacts inserting data on the same NoSQL Collection |
medium
|
| 1101972 | Avoid having multiple artifacts deleting data on the same NoSQL collection |
medium
|
| 2121112 | Ensure Back-end REST APIs are all accessed by Front-end Web App functions |
medium
|
