|
Scanner method name
|
Related security requirement verified
|
|
CS_ASPNET_ALLOWINSECUREHTTP_TRUE
|
|
|
CS_ASPNET_COOKIE_SAMESITE_NONE
|
|
|
CS_ASPNET_INSECURE_CORS_WITH_WILDCARDS
|
|
|
CS_ASPN_DIRECTORYBROWSING_ENABLED
|
|
|
CS_CERT_VALIDATION_DISABLED
|
|
|
CS_CHECK_HASHES_SALT
|
|
|
CS_COMMAND_INJECTION_VIA_PROCESS_START
|
|
|
CS_CONFLICTING_ANNOTATIONS
|
|
|
CS_CREATE_TEMP_FILE
|
|
|
CS_DIR_ENTRY_HARDCODED_SECRET
|
|
|
CS_DIRECTORY_LISTING_EXPOSURE
|
|
|
CS_DISABLED_HTTP_HEADER_CHECK
|
|
|
CS_DISABLED_STRONG_CRYPTO
|
|
|
CS_HARDCODED_INIT_VECTOR
|
|
|
CS_HARDCODED_SYMMETRIC_KEY
|
|
|
CS_HAS_PUBLIC_CACHE_HEADER
|
|
|
CS_HTTP_LISTENER_WILDCARD
|
|
|
CS_HTTP_ONLY_COOKIE
|
|
|
CS_HTTPCLIENT_NO_REVOCATION_LIST
|
|
|
CS_INFO_LEAK_ERRORS
|
|
|
CS_INSECURE_ASSEMBLY_LOAD
|
|
|
CS_INSECURE_AUTHENTICATION
|
|
|
CS_INSECURE_CBC_IV
|
|
|
CS_INSECURE_CERTIFICATE_VALIDATION
|
|
|
CS_INSECURE_CHANNEL
|
|
|
CS_INSECURE_CIPHER
|
|
|
CS_INSECURE_COOKIE_SECURE_FLAG_FALSE
|
|
|
CS_INSECURE_CORS
|
|
|
CS_INSECURE_CORS_HTTPWEBREQUEST
|
|
|
CS_INSECURE_CORS_ORIGIN
|
|
|
CS_INSECURE_DESERIAL
|
|
|
CS_INSECURE_ECB_MODE
|
|
|
CS_INSECURE_ELLIPTIC_CURVE
|
|
|
CS_INSECURE_HASH
|
|
|
CS_INSECURE_KEYS
|
|
|
CS_INSECURE_LOGGING
|
|
|
CS_INSECURE_RANDOM_KEY_GENERATION
|
|
|
CS_INSECURE_SHARED_ACCESS_PROTOCOL
|
|
|
CS_INSECURE_X509_CERT_2
|
|
|
CS_INSEC_ADDHEADER_WRITE
|
|
|
CS_INSEC_COOKIES
|
|
|
CS_INSEC_CREATE
|
|
|
CS_INSEC_DIRECT_WRITE
|
|
|
CS_INSECURE_FASTJSON_DES
|
|
|
CS_INSECURE_FSPICKLER_DES
|
|
|
CS_JS_DESERIALIZATION
|
|
|
CS_JWT_SIGNED
|
|
|
CS_LDAP_CONN_AUTH
|
|
|
CS_LDAP_INJECTION
|
|
|
CS_LOG_INJECTION
|
|
|
CS_MANAGED_SECURE_MODE
|
|
|
CS_MEMORY_MARSHAL_CREATE_SPAN
|
|
|
CS_OBSOLETE_KEY_DERIVATION
|
|
|
CS_OPEN_REDIRECT
|
|
|
CS_OVERRIDE_AUTH_MODIFIER
|
|
|
CS_PATH_INJECTION
|
|
|
CS_REGEX_INJECTION
|
|
|
CS_REMOTE_COMMAND_EXECUTION
|
|
|
CS_RSA_SECURE_MODE
|
|
|
CS_SCHEMA_BY_URL
|
|
|
CS_SERVER_SIDE_TEMPLATE_INJECTION
|
|
|
CS_SERVICE_POINT_MANAGER_DISABLED
|
|
| CS_SQL_CONN_HARDCODED_SECRET | |
|
CS_SQL_INJECTION
|
|
|
CS_SQL_INJECTION_REQUEST
|
|
|
CS_SQL_USER_PARAMS
|
|
|
CS_STACKTRACE_DISCLOSURE
|
|
|
CS_STORED_PASSWORD
|
|
|
CS_TRUST_BOUNDARY_VIOLATION_READXML
|
|
|
CS_TYPE_NAME_HANDLING
|
|
|
CS_UNSAFE_EXCEPTION_HANDLING
|
|
|
CS_UNSAFE_PATH_TRAVERSAL
|
|
|
CS_UNSAFE_SQL_STATEMENT
|
|
|
CS_UNSAFE_SERIALIZATION_POINTER_FIELDS
|
|
|
CS_UNSAFE_TOKEN_VALIDATION_DELEGATE
|
|
|
CS_UNTRUSTED_DLL_SEARCH_PATH
|
|
|
CS_UNTRUSTED_ROOT_CERTIFICATE_ADDITION
|
|
|
CS_VERIFY_DECODER
|
|
|
CS_VULN_REGEX
|
|
|
CS_WEAK_CREDENTIAL
|
|
|
CS_WEAK_PROTOCOL
|
|
|
CS_WEAK_RSA_ENCRYPT_PADDING
|
|
|
CS_XAML_INJECTION
|
|
|
CS_XML_SERIAL
|
|
|
CS_XPATH_INJECTION
|
|
|
CS_XPATH_INJECTION_EVALUATE
|
|
|
CS_XPATH_INJECTION_NODE
|
|
|
CS_XSL_TRANSFORM_OBJECT
|
|
|
CS_XXE_RESOLVER
|
|
|
C_SHARP_ACCEPTS_ANY_MIME_TYPE_CHAIN
|
|
|
C_SHARP_PLAIN_TEXT_KEYS
|
| Scanner method name | Related security requirement verified |
| CFN_ADMIN_POLICY_ATTACHED | |
| CFN_ALLOWS_PRIV_ESCALATION_ATTACH_POLICY | 035. Manage privilege modifications |
| CFN_ALLOWS_PRIV_ESCALATION_BY_POLICIES_VERSIONS | 035. Manage privilege modifications |
| CFN_ANYONE_ADMIN_PORTS | 255. Allow access only to the necessary ports |
| CFN_API_GATEWAY_LOGGING_DISABLED | |
| CFN_AWS_EBS_VOLUMES_UNENCRYPTED | |
| CFN_AWS_EFS_UNENCRYPTED | |
| CFN_AWS_ELB_LISTENER_ON_HTTP | 181. Transmit data using secure protocols |
|
CFN_AWS_INSECURE_CORS_HEADER
|
|
|
CFN_AWS_SAM_INSECURE_CORS
|
|
| CFN_AWS_SEC_GROUP_USING_TCP | 181. Transmit data using secure protocols |
| CFN_BUCKET_ALLOWS_PUBLIC | |
| CFN_BUCKET_HAS_LOGGING_CONF_DISABLED | |
| CFN_BUCKET_POLICY_SEC_TRANSPORT | 181. Transmit data using secure protocols |
| CFN_CF_DISTR_LOG_DISABLED | |
| CFN_COGNITO_HAS_MFA_DISABLED | |
| CFN_CONTENT_HTTP | 181. Transmit data using secure protocols |
| CFN_DYNAMO_NOT_DEL_PROTEC | |
| CFN_EC2_ASSOC_PUB_IP | 266. Disable insecure functionalities |
| CFN_EC2_DEFAULT_SEC_GROUP | 266. Disable insecure functionalities |
| CFN_EC2_NOT_TERMINATION_PROTEC | |
| CFN_EC2_NO_IAM | 266. Disable insecure functionalities |
| CFN_EC2_OPEN_ALL_PORTS_PUBLIC | 255. Allow access only to the necessary ports |
| CFN_EC2_SEC_GROUPS_RFC1918 | 255. Allow access only to the necessary ports |
| CFN_EC2_TERMINATE_SHUTDOWN_BEHAVIOR | 266. Disable insecure functionalities |
| CFN_EC2_UNENCRYPTED_BLOCK_DEVICES | 266. Disable insecure functionalities |
| CFN_EC2_UNENCRYPTED_VOLUMES | 266. Disable insecure functionalities |
| CFN_EC2_UNRESTRICTED_DNS | 255. Allow access only to the necessary ports |
| CFN_EC2_UNRESTRICTED_FTP | 255. Allow access only to the necessary ports |
| CFN_EC2_UNRESTRICTED_PORTS | 255. Allow access only to the necessary ports |
| CFN_EKS_HAS_ENDPOINTS_PUBLICLY_ACCESSIBLE | |
| CFN_ELASTICACHE_TRANSIT_ENCRYPTION_DISABLED | |
| CFN_ELASTICACHE_USES_DEFAULT_PORT | |
| CFN_ELB2_INSECURE_SEC_POLICY | 266. Disable insecure functionalities |
| CFN_ELB2_INSEC_PROTO | 181. Transmit data using secure protocols |
| CFN_ELB2_LOGS_S3_DISABLED | |
| CFN_ELB2_NOT_DELETION_PROTEC | |
|
CFN_ELB2_USES_INSECURE_PROTOCOL
|
|
| CFN_ELB_ACCESS_LOG_DISABLED | |
| CFN_ELB_WITHOUT_SSLPOLICY | |
| CFN_GROUPS_WITHOUT_EGRESS | 255. Allow access only to the necessary ports |
| CFN_HTTP_METHODS_ENABLED | 266. Disable insecure functionalities |
| CFN_IAM_EXCESSIVE_PRIVILEGES | |
| CFN_IAM_EXCESSIVE_ROLE_POLICY | |
| CFN_IAM_FULL_ACCESS_SSM | |
| CFN_IAM_MISSING_SECURITY | |
| CFN_IAM_PERMISSIONS_POLICY_NOT_ACTION | |
| CFN_IAM_PERMISSIONS_POLICY_NOT_RESOURCE | |
| CFN_IAM_PERMISSIONS_POLICY_WILDCARD_ACTIONS | |
| CFN_IAM_PERMISSIONS_POLICY_WILDCARD_RESOURCES | |
| CFN_IAM_POLICY_APPLY_TO_USERS | |
| CFN_IAM_TRUST_POLICY_NOT_ACTION | |
| CFN_IAM_TRUST_POLICY_NOT_PRINCIPAL | |
| CFN_IAM_TRUST_POLICY_WILDCARD_ACTION | |
| CFN_IAM_WILDCARD_WRITE | |
| CFN_INSECURE_CERTIFICATE | 266. Disable insecure functionalities |
| CFN_INSEC_GEN_SECRET | |
| CFN_INSEC_PROTO | |
| CFN_INST_WITHOUT_PROFILE | 255. Allow access only to the necessary ports |
| CFN_KMS_KEY_ROTATION_DISABLED | 266. Disable insecure functionalities |
| CFN_KMS_MASTER_KEYS_EXPOSED | |
| CFN_LOG_CONF_DISABLED | |
| CFN_LOG_NOT_VALIDATED | 080. Prevent log modification |
| CFN_NEGATIVE_STATEMENT | |
| CFN_NOT_POINT_TIME_RECOVERY | |
| CFN_PERMISSIVE_POLICY | |
| CFN_POLICY_SERVER_ENCRYP_DISABLED | |
| CFN_RDS_NOT_AUTO_BACKUPS | |
| CFN_RDS_NOT_INSIDE_DB_SUBNET | 255. Allow access only to the necessary ports |
| CFN_RDS_NOT_TERMINATION_PROTECTION | |
| CFN_RDS_NOT_USES_IAM_AUTHENTICATION | |
| CFN_RDS_PUB_ACCESSIBLE | |
| CFN_RDS_UNENCRYPTED_STORAGE | |
| CFN_REDSHIFT_HAS_AUDIT_LOGS_DISABLED | |
| CFN_REDSHIFT_HAS_ENCRYPTION_DISABLED | |
| CFN_REDSHIFT_HAS_PUBLIC_CLUSTERS | |
| CFN_REDSHIFT_HAS_USER_ACTIVITY_LOG_DISABLED | |
| CFN_REDSHIFT_NOT_REQUIRES_SSL | |
| CFN_S3_BUCKETS_ALLOW_UNAUTHORIZED_PUBLIC_ACCESS | |
| CFN_S3_VERSIONING_DISABLED | 266. Disable insecure functionalities |
| CFN_SERVER_SSL_DISABLED | 181. Transmit data using secure protocols |
|
CFN_SERVES_CONTENT_OVER_INSECURE_PROTOCOLS
|
|
| CFN_SNS_IS_SERVER_SIDE_ENCRYPTION_DISABLED | |
| CFN_SQS_IS_ENCRYPTION_DISABLED | |
| CFN_SQS_IS_PUBLIC | |
| CFN_TRAILS_NOT_MULTIREGION | |
| CFN_UNRESTRICTED_CIDRS | 255. Allow access only to the necessary ports |
| CFN_UNRESTRICTED_IP_PROTO | 255. Allow access only to the necessary ports |
|
CFN_UNSAFE_CERTIFICATE
|
|
| CFN_WILDCARD_IN_ALLOWED_ORIGINS | |
|
CFN_YAML_SPRING_INSECURE_CORS_WILDCARD
|
|
| YML_SERVERLESS_CORS |
|
Scanner method name
|
Related security requirement verified
|
|
CONF_FILES_CREDENTIALS_EXPOSED_IN_CODE
|
|
| HELM_INSECURE_INGRESS_EGRESS | |
|
JMX_HEADER_BASIC
|
|
|
JSON_ALLOWED_HOSTS
|
|
|
JSON_ANON_CONNECTION_CONFIG
|
|
|
JSON_API_MGMT_BACK_MINIMUM_TLS_VERSION
|
|
|
JSON_API_MGMT_FRONT_MINIMUM_TLS_VERSION
|
|
|
JSON_DB_CREDENTIALS_EXPOSED_IN_CODE
|
|
|
JSON_DISABLE_HOST_CHECK
|
|
|
JSON_HTTPS_FLAG_MISSING
|
|
|
JSON_PRINCIPAL_WILDCARD
|
|
|
JSON_SSL_PORT_MISSING
|
|
|
JWT_TOKEN
|
|
|
NGINX_INSECURE_CORS_HEADER
|
|
|
NGINX_INSECURE_CSP_INLINE_SCRIPT
|
|
|
NGINX_INSECURE_SSL_PROTOCOLS
|
|
|
PACKAGEJSON_NODEJS_GIT_CREDENTIALS
|
|
|
SONAR_CREDENTIALS_EXPOSED
|
|
|
SENSITIVE_INFO_DOTNET_JSON
|
|
|
SENSITIVE_INFO_JSON
|
|
|
SENSITIVE_KEY_JSON
|
|
|
TSCONFIG_SOURCEMAP_ENABLED
|
|
|
WEB_DB_CONN
|
|
|
WEB_USER_PASS
|
|
|
XML_ACCEPT_HEADER
|
|
|
XML_ALLOWS_ALL_DOMAINS
|
|
|
XML_BASIC_AUTH_METHOD
|
|
|
XML_HAS_X_XSS_PROTECTION_HEADER
|
|
|
XML_HEADER_ALLOW_ALL_METHODS
|
|
|
XML_HEADER_ALLOW_DANGER_METHODS
|
|
|
XML_INSECURE_CONFIGURATION
|
|
|
XML_NETWORK_SSL_DISABLED
|
|
|
XML_X_FRAME_OPTIONS
|
|
| YAML_INSECURE_CHMOD_OTHER_WRITE_EXECUTE |
|
Scanner method name
|
Related security requirement verified
|
|
DART_INSECURE_LOGGING
|
|
|
DART_SALT_IS_HARDCODED
|
|
|
DART_SHELF_INSECURE_CORS_HEADER
|
|
Scanner method name
|
Related security requirement verified
|
|
CONTAINER_DISABLED_SSL
|
|
|
CONTAINER_USING_SSHPASS
|
|
|
CONTAINER_WITHOUT_USER
|
|
|
CONTAINER_WITH_USER_ROOT
|
|
|
DOCKER_CURL_NO_CHECKSUM
|
|
|
DOCKER_DEBUGGING_ENABLED
|
|
|
DOCKER_DOWNGRADE_PROTOCOL
|
|
|
DOCKER_ENV_SECRETS
|
|
|
DOCKER_HARDCODED_CREDENTIALS
|
|
|
DOCKER_INSECURE_BUILDER_SANDBOX
|
|
|
DOCKER_INSECURE_CLEARTEXT_PROTOCOL
|
|
|
DOCKER_INSECURE_CONTEXT_DIRECTORY
|
|
|
DOCKER_INSECURE_NETWORK_HOST
|
|
|
DOCKER_PORT_EXPOSED
|
|
|
DOCKER_SENSITIVE_MOUNT
|
|
|
DOCKER_SOCKET_MOUNT
|
|
|
DOCKER_USING_ADD_COMMAND
|
|
|
DOCKER_WEAK_HASH_ALGORITHM
|
|
|
DOCKER_WEAK_SSL_TLS
|
|
|
DOCKER_WGET_NO_CHECKSUM
|
|
|
DOCKERFILE_HARDCODED_CREDENTIALS_CHPASSWD
|
|
|
UNPINNED_DOCKER_IMAGE
|
|
Scanner method name
|
Related security requirement verified
|
|
DOCKER_COMPOSE_ENV_SECRETS
|
|
|
DOCKER_COMPOSE_IMAGE_HAS_DIGEST
|
|
|
DOCKER_COMPOSE_READ_ONLY
|
|
|
DOCKER_COMPOSE_SSH_PASS
|
|
Scanner method name
|
Related security requirement verified
|
|
GO_ACCEPTS_ANY_MIME_TYPE
|
|
|
GO_GIN_INSECURE_CORS
|
|
|
GO_GIN_INSECURE_CORS_HEADER
|
|
|
GO_HARDCODED_SYMMETRIC_KEY
|
|
|
GO_INSECURE_CIPHER
|
|
|
GO_INSECURE_HASH
|
|
|
GO_INSECURE_QUERY
|
|
|
GO_SALT_IS_HARDCODED
|
|
Scanner method name
|
Related security requirement verified
|
|
HTML_HAS_AUTOCOMPLETE
|
|
|
HTML_HAS_NOT_SUB_RESOURCE_INTEGRITY
|
|
|
HTML_HAS_REVERSE_TABNABBING
|
|
Machine method name
|
Related security requirement verified
|
|
GRADLE_CREDENTIALS_PASSWORD_HARDCODED
|
|
|
GRADLE_MISSING_CHECKSUM_VERIFICATION
|
|
|
JAVA_ACCEPTS_ANY_MIME_TYPE_CHAIN
|
|
|
JAVA_ACCEPTS_ANY_MIME_TYPE_OBJ
|
|
|
JAVA_ALLOWED_EXTERNAL_ENTITIES
|
|
|
JAVA_ANONYMOUS_LDAP_BIND
|
|
|
JAVA_BASIC_AUTHENTICATION
|
|
|
JAVA_COOKIE_MISSING_SECURE
|
|
|
JAVA_COOKIE_SERIALIZER_SECURE_FALSE
|
|
|
JAVA_CREATE_TEMP_FILE
|
|
|
JAVA_CREDENTIALS_EXPOSED_IN_CODE
|
|
|
JAVA_CSRF_HANDLER_HARDCODED_PASSWORD
|
|
|
JAVA_CSRF_PROTECTIONS_DISABLED
|
|
| JAVA_DANGEROUS_PERMISSION_COMBINATION | |
|
JAVA_DATANUCLEUS_HARDCODED_CONNECT_PASSWORD
|
|
|
JAVA_DATASOURCE_NO_ENCRYPTION_PROPERTIES
|
|
|
JAVA_DECLARE_INSECURE_TRUST_MANAGER
|
|
|
JAVA_DRIVERMANAGER_HARDCODED_SECRET
|
|
|
JAVA_HARDCODED_AUTH0_JWT_SIGN_KEY
|
|
|
JAVA_HARDCODED_INIT_VECTOR
|
|
|
JAVA_HARDCODED_INIT_VECTOR_BASE64
|
|
|
JAVA_HARDCODED_JWT_SECRET
|
|
|
JAVA_HOST_KEY_CHECKING
|
|
|
JAVA_HOSTNAME_VERIFICATION_OFF
|
|
|
JAVA_HTTP_ONLY_COOKIE
|
|
|
JAVA_HTTP_REQ_ACCEPTS_ANY_MIMETYPE
|
|
|
JAVA_IGNORE_SSL_CERTIFICATE_ERRORS
|
|
|
JAVA_INSECURE_AUTHENTICATION
|
|
|
JAVA_INSECURE_CHANNEL
|
|
|
JAVA_INSECURE_CIPHER
|
|
|
JAVA_INSECURE_CIPHER_JMQI
|
|
|
JAVA_INSECURE_CIPHER_MODE
|
|
|
JAVA_INSECURE_HTTP_COMPONENTS
|
|
|
JAVA_INSECURE_HTTP_OPEN_CONNECTION
|
|
|
JAVA_INSECURE_SPRING_HTTP_REQUEST
|
|
|
JAVA_INSECURE_HTTP_COMPONENTS
|
|
|
JAVA_INSECURE_SSLCONTEXT_TLS
|
|
|
JAVA_INSECURE_CIPHER_SSL
|
|
|
JAVA_INSECURE_CONNECTION
|
|
|
JAVA_INSECURE_CORS_ORIGIN
|
|
|
JAVA_INSECURE_CORS_WEB_VIEW
|
|
|
JAVA_INSECURE_CSP_INLINE_SCRIPT
|
|
|
JAVA_INSECURE_ENGINE_CIPHER_SSL
|
|
|
JAVA_INSECURE_FTP_CLIENT
|
|
|
JAVA_INSECURE_FTP_SESSION_FACTORY
|
|
|
JAVA_INSECURE_FTP_URL
|
|
|
JAVA_INSECURE_HASH
|
|
|
JAVA_INSECURE_KEY
|
|
|
JAVA_INSECURE_KEY_EC
|
|
|
JAVA_INSECURE_KEY_RSA
|
|
|
JAVA_INSECURE_KEY_SECRET
|
|
|
JAVA_INSECURE_PASS
|
|
|
JAVA_INSECURE_SMTP_CONNECTION
|
|
|
JAVA_INSECURE_SMTP_SSL
|
|
|
JAVA_INSECURE_TRUST_MANAGER
|
|
|
JAVA_INSEC_SIGN_ALGORITHM
|
|
|
JAVA_JAX_RS_PATH_TRAVERSAL
|
|
|
JAVA_JEDIS_HARDCODED_CREDENTIALS
|
|
|
JAVA_JEDIS_HARDCODED_SECRET
|
|
|
JAVA_JEDIS_HARDCODED_SECRET_AUTH
|
|
|
JAVA_JPA_LIKE
|
|
|
JAVA_JSCH_HARDCODED_SECRET
|
|
|
JAVA_JSCH_STRICTHOSTKEYCHECKING_DISABLED
|
|
|
JAVA_JWT_UNSAFE_DECODE
|
|
|
JAVA_JWT_WITHOUT_PROPER_SIGN
|
|
|
JAVA_KEY_MANAGER_FACTORY_HARDCODED_PASSWORDS
|
|
|
JAVA_KEYSTORE_HARDCODED_PASSWORDS
|
|
|
JAVA_LDAP_INJECTION
|
|
|
JAVA_MONGO_HOSTNAME_VERIFICATION_DISABLED
|
|
|
JAVA_MONGODB_HARDCODED_SECRET
|
|
|
JAVA_MYSQL_JDBC_HARDCODED_SECRET
|
|
|
JAVA_NONE_ALG_AUTH0_JWT_SIGN_KEY
|
|
|
JAVA_NOOPHOSTNAMEVERIFIER_USE
|
|
| JAVA_NULL_CIPHER | |
|
JAVA_NULL_POINTER_EXCEPTION
|
|
|
JAVA_OKHTTP_HARDCODED_SECRET
|
|
|
JAVA_PASSWORD_AUTHENTICATION_HARDCODED_SECRET
|
|
|
JAVA_PBEKEYSPEC_KERBEROS_HARDCODED_SECRET
|
|
|
JAVA_PROP_MISSING_SSL
|
|
|
JAVA_PROP_SENSITIVE_DATA
|
|
|
JAVA_PROP_UNENCRYPTED_TRANSPORT
|
|
|
JAVA_PROP_WEAK_CIPHER
|
|
|
JAVA_PROPERTIES_HARDCODED_SECRET
|
|
|
JAVA_PROPERTIES_SPRING_COOKIE_SAMESITE_NONE
|
|
|
JAVA_PROPERTIES_SPRING_INSECURE_CORS_WILDCARD
|
|
|
JAVA_PROPERTIES_SPRING_INSECURE_SMTP
|
|
|
JAVA_REMOTE_COMMAND_EXECUTION
|
|
|
JAVA_RPC_ENABLED_EXTENSIONS
|
|
|
JAVA_SALT_IS_HARDCODED
|
|
|
JAVA_SALT_IS_HARDCODED_BYTES
|
|
|
JAVA_SAML_IGNORE_COMMENTS
|
|
|
JAVA_SCRIPT_ENGINE_CODE_INJECTION
|
|
|
JAVA_SECURE_COOKIE
|
|
|
JAVA_SPRING_CONCURRENT_SESSIONS
|
|
|
JAVA_SPRING_COOKIE_SAMESITE_NONE
|
|
|
JAVA_SPRING_COOKIEGENERATOR_SECURE_FALSE
|
|
|
JAVA_SPRING_DATASOURCE_NO_ENCRYPTION
|
|
|
JAVA_SPRING_INSECURE_CORS
|
|
|
JAVA_SPRING_WEAK_CBC_CIPHER_SUITES
|
|
|
JAVA_SQL_INJECTION
|
|
|
JAVA_SYSTEM_SETPROPERTY_HARDCODED_SECRET
|
|
|
JAVA_TELNET_REQUEST
|
|
|
JAVA_TRUST_BOUNDARY_VIOLATION
|
|
|
JAVA_UNENCRYPTED_SOCKET
|
|
|
JAVA_UNSAFE_DEFAULT_HTTP_CLIENT
|
|
|
JAVA_UNSAFE_HOSTNAME_VERIFIER
|
|
|
JAVA_UNSAFE_PATH_TRAVERSAL
|
|
|
JAVA_UNSAFE_SSL_TLS_PROTOCOL
|
|
|
JAVA_UNSAFE_TLS_RENEGOTIATION
|
|
|
JAVA_UNSAFE_XSS_CONTENT
|
|
|
JAVA_UPLOAD_SIZE_LIMIT
|
|
|
JAVA_USES_SYSTEM_EXIT
|
|
|
JAVA_VULN_REGEX
|
|
|
JAVA_WEAK_CRYPTO_IN_SECRETKEYFACTORY
|
|
|
JAVA_WEAK_RANDOM_COOKIE
|
|
|
JAVA_WEAK_RSA_KEY
|
|
|
JAVA_WEBVIEW_DEBUG_MODE_ENABLED
|
|
|
JAVA_WICKET_STRING_ESCAPING_DISABLED
|
|
|
JAVA_XML_PARSER
|
|
|
JAVA_XMLINPUTFACTORY_EXTERNAL_ENTITIES
|
|
|
JAVA_XPATH_INJECTION_EVALUATE
|
|
|
JAVA_YAML_SPRING_PROMETHEUS_EXPOSURE
|
|
|
JAVA_YML_SPRING_INSECURE_SMTP
|
|
|
JAVA_ZIP_SLIP_INJECTION
|
|
|
XML_JAVA_EE_INSECURE_CORS_WILDCARD
|
|
Scanner method name
|
Related security requirement verified
|
|
JAVASCRIPT_ACCEPTS_ANY_MIME_DEFAULT
|
|
|
JAVASCRIPT_ACCEPTS_ANY_MIME_METHOD
|
|
|
JAVASCRIPT_EXPRESS_ACCEPTS_ANY_MIME
|
|
|
JAVASCRIPT_INSECURE_CORS_ORIGIN
|
|
|
JSX_LACK_OF_VALIDATION_EVENT_LISTENER
|
|
|
JS_AJV_ALLERRORS_UNCONTROLLED
|
|
|
JS_CLIENT_STORAGE
|
|
|
JS_COOKIE_SERVICE_SENSITIVE_INFO
|
|
|
JS_CREDENTIALS_EXPOSED_IN_CODE
|
|
|
JS_CRYPTO_CREDENTIALS
|
|
|
JS_CRYPTOJS_INSECURE_USE_OF_CBC_MODE
|
|
|
JS_CSP_UNSAFE_INLINE_SCRIPT
|
|
|
JS_DEBUGGER_ENABLED
|
|
|
JS_DETECT_ANGULAR_INNER_HTML
|
|
|
JS_DECODE_INSECURE_JWT_TOKEN
|
|
|
JS_DYNAMIC_X_PATH
|
|
|
JS_EXPOSED_PRIVATE_KEY
|
|
|
JS_EXPRESS_COOKIE_SAMESITE_NONE
|
|
|
JS_EXPRESS_COOKIE_SECURE
|
|
|
JS_EXPRESS_DEBUG_MODE_ENABLED
|
|
|
JS_EXPRESS_INSEC_HTTPONLY
|
|
|
JS_EXPRESS_INSECURE_CORS
|
|
|
JS_EXPRESS_SSRF
|
|
|
JS_EXPRESSJS_HARDCODED_SESS_SECRET
|
|
|
JS_FILE_CREATE_TEMP_FILE
|
|
|
JS_FILE_SIZE_LIMIT_MISSING
|
|
|
JS_GRPC_INSECURE_CONNECTION_ANONYMOUS_ACCESS
|
|
|
JS_HARDCODED_CREDENTIALS_IN_TEST
|
|
|
JS_HARDCODED_JWT_SECRET
|
|
|
JS_HARDCODED_KEY_HMAC
|
|
|
JS_HARDCODED_PASSWORD
|
|
|
JS_HAS_REVERSE_TABNABBING
|
|
|
JS_HTML_CODE_INJECTION_VIA_INPUT
|
|
|
JS_IMPROPER_CSRF_MIDDLEWARE_ORDER
|
|
|
JS_INSECURE_COMPRESSION_ALGORITHM
|
|
|
JS_INSECURE_COOKIE
|
|
|
JS_INSECURE_CREATE_CIPHER
|
|
|
JS_INSECURE_ECDH_KEY
|
|
|
JS_INSECURE_EC_KEYPAIR
|
|
|
JS_INSECURE_ENCRYPT
|
|
|
JS_INSECURE_HASH
|
|
|
JS_INSECURE_HASH_LIBRARY
|
|
|
JS_INSECURE_JWT_TOKEN
|
|
|
JS_INSECURE_RSA_KEYPAIR
|
|
|
JS_INSEC_COOKIES
|
|
|
JS_INSEC_MSG_AUTH_MECHANISM
|
|
|
JS_JSON_PARSE_UNVALIDATED_DATA
|
|
|
JS_JWT_INSEC_SIGN_ALGORITHM
|
|
|
JS_JWT_INSEC_SIGN_ALGO_ASYNC
|
|
|
JS_JWT_NONE_ALGORITHM_TOKEN_FORGERY
|
|
|
JS_KOA_INSECURE_CORS
|
|
|
JS_LAMBDA_INSECURE_CORS
|
|
|
JS_LOCAL_STORAGE_SENS_DATA_ASSIGNMENT
|
|
|
JS_LOCAL_STORAGE_SENSITIVE_DATA_ASYNC
|
|
|
JS_LOCAL_STORAGE_WITH_SENSITIVE_DATA
|
|
|
JS_NESTJS_INSECURE_CORS
|
|
|
JS_NEXTJS_REVERSE_TABNABBING
|
|
|
JS_NON_SECURE_CONSTRUCTION_OF_COOKIES
|
|
|
JS_INSECURE_PATH_TRAVERSAL
|
|
|
JS_JQUERY_REVERSE_TABNABBING
|
|
|
JS_NOSQL_INJECTION
|
|
|
JS_NOSQL_INJECTION_TERNARY
|
|
|
JS_PATH_UNDEFINED_IN_SESSION_COOKIE
|
|
|
JS_REGEX_INJECTION
|
|
|
JS_REMOTE_COMMAND_EXECUTION
|
|
|
JS_SALT_IS_HARDCODED
|
|
|
JS_SQL_API_INJECTION
|
|
|
JS_SQL_INJECTION
|
|
|
JS_SSH2SFTPCLIENT_CBC_CIPHER
|
|
|
JS_TLS_REJECT_UNAUTHORIZED_FALSE
|
|
|
JS_UNSAFE_HTTP_XSS_PROTECTION
|
|
|
JS_UNSAFE_HTTP_XFRAME_OPTIONS
|
|
|
JS_UNSAFE_ORIGIN
|
|
|
JS_UNSAFE_XSS_CONTENT
|
|
|
JS_USES_BYPASS_SECURITY_TRUST_URL
|
|
|
JS_USES_DANGEROUSLY_SET_HTML
|
|
|
JS_USES_EVAL
|
|
|
JS_USES_INNERHTML
|
|
|
JS_WEAK_RANDOM
|
|
|
JS_WEAK_SSL_TLS_PROTOCOL
|
|
|
JS_XML_PARSER
|
|
|
JS_ZIP_SLIP
|
|
Scanner method name
|
Related security requirement verified
|
|
KOTLIN_ACCEPTS_ANY_MIME_TYPE
|
|
|
KOTLIN_CREDENTIALS_EXPOSED_IN_CODE
|
|
|
KOTLIN_HTTP_ONLY_COOKIE
|
|
|
KOTLIN_SALT_IS_HARDCODED
|
|
|
KOTLIN_SALT_IS_HARDCODED_BYTES
|
|
|
KOTLIN_SECURE_COOKIE
|
|
|
KOTLIN_VULN_REGEX
|
|
|
KT_ANONYMOUS_LDAP
|
|
|
KT_DEFAULT_HTTP_CLIENT_DEPRECATED
|
|
|
KT_HARDCODED_INIT_VECTOR
|
|
|
KT_HC_SECRET_ALG_INSTANCE
|
|
|
KT_INSECURE_CERTIFICATE_VALIDATION
|
|
|
KT_INSECURE_CIPHER
|
|
|
KT_INSECURE_CIPHER_HTTP
|
|
|
KT_INSECURE_CIPHER_MODE
|
|
|
KT_INSECURE_CIPHER_SSL
|
|
|
KT_INSECURE_CSP_INLINE_SCRIPT
|
|
|
KT_INSECURE_ENCRYPTION_KEY
|
|
|
KT_INSECURE_HASH
|
|
|
KT_INSECURE_HOST_VERIFICATION
|
|
|
KT_INSECURE_INIT_VECTOR
|
|
|
KT_INSECURE_KEY
|
|
|
KT_INSECURE_KEY_EC
|
|
|
KT_INSECURE_KEY_GEN
|
|
|
KT_INSECURE_KEY_PAIR_GEN
|
|
|
KT_INSECURE_PARAMETER_SPEC
|
|
|
KT_REMOTE_COMMAND_EXECUTION
|
|
|
KT_UNENCRYPTED_CHANNEL
|
|
|
KT_WEAK_RANDOM
|
|
|
KT_XML_PARSER
|
|
Scanner method name
|
Related security requirement verified
|
|
K8S_CHECK_ADD_CAPABILITY
|
|
|
K8S_CHECK_DROP_CAPABILITY
|
|
|
K8S_CHECK_HOST_PID
|
|
|
K8S_CHECK_IF_CAPABILITY_EXISTS
|
|
|
K8S_CHECK_IF_SYS_ADMIN_EXISTS
|
|
|
K8S_CHECK_PRIVILEGED_USED
|
|
|
K8S_CHECK_RUN_AS_USER
|
|
|
K8S_CHECK_SECCOMP_PROFILE
|
|
|
K8S_CONTAINER_WITHOUT_SECURITYCONTEXT
|
|
|
K8S_HOST_IPC_ENABLED
|
|
|
K8S_HOST_NETWORK_ENABLED
|
|
|
K8S_HOST_PATH_VOLUMES
|
|
|
K8S_HOST_PROCESS_ENABLED
|
|
|
K8S_HOSTPID_ENABLED
|
|
|
K8S_IMAGE_HAS_DIGEST
|
|
|
K8S_PRIVILEGE_ESCALATION_ENABLED
|
|
|
K8S_ROOT_CONTAINER
|
|
|
K8S_ROOT_FILESYSTEM_READ_ONLY
|
|
|
K8S_SA_TOKEN_ENABLED
|
|
|
KUBERNETES_INSECURE_PORT
|
|
|
KUBERNETES_USES_HTTP
|
|
|
KUBERNETES_USES_HTTP_SERVER
|
|
Scanner method name
|
Related security requirement verified
|
|
PHP_BASIC_AUTHENTICATION
|
|
|
PHP_DISCLOSES_SERVER_VERSION
|
|
| PHP_EXCESSIVE_ACCESS_MODE | |
|
PHP_GENERATES_INSECURE_TOKEN
|
|
|
PHP_HARDCODED_INIT_VECTOR
|
|
|
PHP_HARDCODED_PASSWORD
|
|
|
PHP_HTTP_ONLY_DISABLED
|
|
|
PHP_INSECURE_ELLIPTIC_CURVE
|
|
|
PHP_INSECURE_HASH
|
|
|
PHP_INSECURE_CORS
|
|
|
PHP_INSECURE_DESERIALIZATION
|
|
|
PHP_INSECURE_EXPIRATION_TIME
|
|
|
PHP_INSECURE_MCRYPT
|
|
|
PHP_INSECURE_OPENSSL
|
|
|
PHP_INSECURE_REFERRER_POLICY
|
|
|
PHP_INSECURE_SSL_TLS_HTTP
|
|
|
PHP_INSECURE_SSL_TLS_STREAM
|
|
|
PHP_INFO_LEAK_ERRORS
|
|
|
PHP_INSECURE_CONTENT_SECURITY_POLICY
|
|
|
PHP_INSECURE_ENCRYPT_AES
|
|
|
PHP_LARAVEL_COOKIE_SECURE
|
|
|
PHP_LARAVEL_INSECURE_CORS_CONFIG
|
|
|
PHP_LARAVEL_XSS
|
|
|
PHP_MYSQL_QUERY_INJECTION
|
|
|
PHP_REMOTE_COMMAND_EXECUTION
|
|
|
PHP_SENSITIVE_HTTP_SENT
|
|
|
PHP_SERVER_LEAKS_ERRORS
|
|
|
PHP_SQL_LEAK_ERRORS
|
|
|
PHP_TECHNICAL_INFO_LEAK
|
|
|
PHP_UNSAFE_PATH_TRAVERSAL
|
|
|
PHP_UNSAFE_XSS_CONTENT
|
|
|
PHP_USES_EVAL
|
|
|
PHP_USES_SHA1_IN_QUERY
|
|
|
PHP_WEAK_RANDOM
|
|
|
PHP_XML_PARSER
|
|
Scanner method name
|
Related security requirement verified
|
|
PYTHON_ACCEPTS_ANY_MIME
|
|
| PYTHON_AWS_HARDCODED_CREDENTIALS | |
|
PYTHON_CREDENTIALS_EXPOSED_IN_CODE
|
|
|
PYTHON_DESERIALIZATION_INJECTION
|
|
|
PYTHON_DJANGO_DEBUG_MODE_ENABLED
|
|
|
PYTHON_DJANGO_HARDCODED_CREDS
|
|
|
PYTHON_DJANGO_INSECURE_CORS
|
|
|
PYTHON_DJANGO_SQL_INJECTION
|
|
|
PYTHON_EXPOSED_AUTH_TOKEN
|
|
|
PYTHON_FASTAPI_INSECURE_CORS
|
|
|
PYTHON_FASTAPI_STARLETTE_DEBUG_ON
|
|
|
PYTHON_FLASK_COOKIE_SAMESITE_NONE
|
|
|
PYTHON_FLASK_DEBUG_MODE_ENABLED
|
|
|
PYTHON_FLASK_HARDCODED_SECRET_KEY
|
|
|
PYTHON_FLASK_INSECURE_CORS
|
|
|
PYTHON_FLASK_LOG_INJECTION
|
|
|
PYTHON_HARDCODED_CREDENTIALS_PYMYSQL
|
|
|
PYTHON_HC_AES_KEY
|
|
|
PYTHON_HTTP_ONLY_COOKIE
|
|
|
PYTHON_INSECURE_AUTHENTICATION
|
|
|
PYTHON_INSECURE_CIPHER_MODE
|
|
|
PYTHON_INSECURE_JWT_KEY
|
|
|
PYTHON_INSECURE_REDIRECT
|
|
|
PYTHON_INSEC_HASH_LIBRARY
|
|
|
PYTHON_IO_PATH_TRAVERSAL
|
|
|
PYTHON_LDAP_CONN_AUTH
|
|
|
PYTHON_LDAP_INJECTION
|
|
|
PYTHON_REGEX_DOS
|
|
|
PYTHON_REGEX_INJECTION
|
|
|
PYTHON_REMOTE_COMMAND_EXECUTION
|
|
|
PYTHON_SECURE_COOKIE
|
|
|
PYTHON_SESSION_FIXATION
|
|
|
PYTHON_STARLETTE_INSECURE_CORS
|
|
|
PYTHON_UNSAFE_CERTIFICATE_VALIDATION
|
|
|
PYTHON_UNSAFE_CIPHER
|
|
|
PYTHON_UNSAFE_LDAP_CONNECTIONS
|
|
|
PYTHON_UNSAFE_SSL_HOSTNAME
|
|
|
PYTHON_UNSAFE_TEMP_FILE
|
|
|
PYTHON_XML_PARSER
|
|
Scanner method name
|
Related security requirement verified
|
|
RUBY_HTTP_CLIENT_REQUESTS
|
|
|
RUBY_JWT_DECODE_WITHOUT_VERIFY
|
|
|
RUBY_NET_FTP_REQUEST
|
|
|
RUBY_NET_HTTP_CLIENT_REQUESTS
|
|
|
RUBY_NET_TELNET_REQUEST
|
|
|
RUBY_ON_RAILS_INSECURE_CORS
|
|
|
RUBY_OPENURI_REQUEST
|
|
Scanner method name
|
Related security requirement verified
|
|
SCALA_INSECURE_CIPHER_MODE
|
|
|
SCALA_INSECURE_HASH_ARGUMENT
|
|
|
SCALA_INSECURE_KEY_EC
|
|
|
SCALA_INSECURE_PASS
|
|
|
SCALA_JWT_WITHOUT_PROPER_SIGN
|
|
|
SCALA_PLAY_INSECURE_CORS_HEADER
|
|
Scanner method name
|
Related security requirement verified
|
|
SWIFT_CREDENTIALS_EXPOSED_IN_CODE
|
|
|
SWIFT_HC_SECRET_JWT
|
|
|
SWIFT_INSECURE_CIPHER
|
|
|
SWIFT_INSECURE_CRYPTOR
|
|
|
SWIFT_INSECURE_HTTP
|
|
|
SWIFT_NETWORK_INSECURE_TCP_CONNECTION
|
|
|
SWIFT_VAPOR_INSECURE_CORS_HEADER
|
|
|
SWIFT_WEBKIT_UNSAFE_LOCAL_FILE_ACCESS
|
| Scanner technique name | Related security requirement verified |
| CHECK_REQUIRED_VERSION | 266. Disable insecure functionalities |
| EC2_DEFAULT_SEC_GROUP | 266. Disable insecure functionalities |
| EC2_NOT_TERMINATION_PROTEC | |
| EC2_TERMINATE_SHUTDOWN_BEHAVIOR | 266. Disable insecure functionalities |
| TFM_ADMIN_MANAGED_POLICIES | |
| TFM_ADMIN_POLICY | |
| TFM_ALLOWS_PRIV_ESCALATION_ATTACH_POLICY | 035. Manage privilege modifications |
| TFM_ALLOWS_PRIV_ESCALATION_BY_POLICIES_VERSIONS | 035. Manage privilege modifications |
| TFM_ANYONE_ADMIN_PORTS | 255. Allow access only to the necessary ports |
| TFM_API_ALL_HTTP_METHODS_ENABLED | 266. Disable insecure functionalities |
| TFM_API_GATEWAY_LOGGING_DISABLED | |
| TFM_AWS_ACL_BROAD_NETWORK_ACCESS | 255. Allow access only to the necessary ports |
| TFM_AWS_EBS_VOLUMES_UNENCRYPTED | |
| TFM_AWS_EC2_ALL_TRAFFIC | 255. Allow access only to the necessary ports |
| TFM_AWS_EC2_CFN_UNRESTR_IP_PROT | 255. Allow access only to the necessary ports |
| TFM_AWS_EC2_UNRESTRICTED_CIDRS | 255. Allow access only to the necessary ports |
| TFM_AWS_EFS_UNENCRYPTED | |
| TFM_AWS_ELB_LISTENER_ON_HTTP | 181. Transmit data using secure protocols |
| TFM_AWS_ELB_WITHOUT_SSLPOLICY | |
| TFM_AWS_INSEC_PROTO | |
|
TFM_AWS_S3_VERSIONING_DISABLED
|
|
| TFM_AWS_SEC_GROUP_USING_TCP | 181. Transmit data using secure protocols |
|
TFM_AZURE_API_MGMT_BACK_MINIMUM_TLS_VERSION
|
|
|
TFM_AZURE_API_MGMT_FRONT_MINIMUM_TLS_VERSION
|
|
| TFM_AZURE_APP_LOG_DISABLED | |
|
TFM_AZURE_APP_SERVICE_FTP_DEPLOYMENTS_ENABLED
|
|
| TFM_AZURE_APP_SERVICE_LOGGING_DISABLED | |
|
TFM_AZURE_APP_SERVICE_MINIMUM_TLS_VERSION
|
|
| TFM_AZURE_APP_SERVICE_AUTHENTICATION_IS_NOT_ENABLED | |
| TFM_AZURE_CLIENT_CERT_ENABLED | |
|
TFM_AZURE_DB_MYSQL_SSL_DISABLED
|
|
|
TFM_AZURE_DB_POSTGRESQL_INSECURE_LOG_RETENTION_DAYS
|
|
|
TFM_AZURE_DB_POSTGRESQL_SSL_DISABLED
|
|
| TFM_AZURE_DEV_PORTAL_HAS_AUTH_METHODS_INACTIVE | |
| TFM_AZURE_INSEC_PROTO | |
| TFM_AZURE_KEY_VAULT_NOT_RECOVER | |
|
TFM_AZURE_KEY_VAULT_PURGE_PROTECTION_DISABLED
|
|
| TFM_AZURE_KV_DANGER_BYPASS | 255. Allow access only to the necessary ports |
| TFM_AZURE_KV_DEFAULT_NETWORK_ACCESS | 255. Allow access only to the necessary ports |
| TFM_AZURE_KV_ONLY_ACCESS_HTTPS | 181. Transmit data using secure protocols |
| TFM_AZURE_KV_SECRET_NO_EXPIRATION | |
| TFM_AZURE_LNX_VM_INSEC_AUTH | |
| TFM_AZURE_NSG_UNRESTRICTED_MONGODB_ACCESS | |
| TFM_AZURE_NSG_UNRESTRICTED_MSQL_ACCESS | |
| TFM_AZURE_NSG_UNRESTRICTED_NETBIOS_ACCESS | |
| TFM_AZURE_NSG_UNRESTRICTED_ORACLE_ACCESS | |
| TFM_AZURE_NSG_POSTGRESQL_PUBLIC_ACCESS | 255. Allow access only to the necessary ports |
| TFM_AZURE_NSG_UNRESTRICTED_RPC_ACCESS | 255. Allow access only to the necessary ports |
| TFM_AZURE_NSG_UNRESTRICTED_SMTP_ACCESS | 255. Allow access only to the necessary ports |
| TFM_AZURE_NSG_UNRESTRICTED_SSH_ACCESS | 255. Allow access only to the necessary ports |
|
TFM_AZURE_POSTGRESQL_MINIMUM_TLS_VERSION
|
|
|
TFM_AZURE_REDIS_FRONT_INSECURE_PORT_SSL
|
|
|
TFM_AZURE_REDIS_MINIMUM_TLS_VERSION
|
|
| TFM_AZURE_SA_DEFAULT_NETWORK_ACCESS | 255. Allow access only to the necessary ports |
| TFM_AZURE_SA_INSEC_TRANSFER | 181. Transmit data using secure protocols |
| TFM_AZURE_SQL_LOG_RETENT | |
| TFM_AZURE_SQL_SERVER_AUDIT_LOG_RETENTION | |
|
TFM_AZURE_STORAGE_ACCOUNT_BLOB_SOFT_DELETE_DISABLED
|
|
|
TFM_AZURE_STORAGE_ACCOUNT_GEO_REPLICATION_DISABLED
|
|
| TFM_AZURE_STORAGE_LOG_DISABLED | |
| TFM_AZURE_UNRESTRICTED_ACCESS_NETWORK_SEGMENTS | 255. Allow access only to the necessary ports |
| TFM_AZURE_VM_INSEC_AUTH | |
| TFM_BUCKET_ALLOWS_PUBLIC | |
| TFM_BUCKET_POLICY_SEC_TRANSPORT | 181. Transmit data using secure protocols |
| TFM_CF_DISTR_LOG_DISABLED | |
| TFM_COGNITO_HAS_MFA_DISABLED | |
| TFM_CONTENT_HTTP | 181. Transmit data using secure protocols |
| TFM_CTRAIL_LOG_NOT_VALIDATED | 080. Prevent log modification |
| TFM_DB_INSTANCE_PUBLICLY_ACCESSIBLE | |
| TFM_DB_NO_POINT_TIME_RECOVERY | |
| TFM_DISTRIBUTION_HAS_LOGGING_DISABLED | |
| TFM_DYNAMO_NOT_DEL_PROTEC | |
| TFM_EBS_UNENCRYPTED_DEFAULT | 266. Disable insecure functionalities |
| TFM_EBS_UNENCRYPTED_VOLUMES | 266. Disable insecure functionalities |
| TFM_EC2_ASSOC_PUB_IP | 266. Disable insecure functionalities |
| TFM_EC2_INSTANCE_UNENCRYPTED_EBS_BLOCK_DEVICES | 266. Disable insecure functionalities |
| TFM_EC2_NO_IAM | 266. Disable insecure functionalities |
| TFM_EC2_OPEN_ALL_PORTS_PUBLIC | 255. Allow access only to the necessary ports |
| TFM_EC2_SEC_GROUPS_RFC1918 | 255. Allow access only to the necessary ports |
| TFM_EC2_UNENCRYPTED_BLOCK_DEVICES | 266. Disable insecure functionalities |
| TFM_EC2_UNRESTRICTED_DNS | 255. Allow access only to the necessary ports |
| TFM_EC2_UNRESTRICTED_FTP | 255. Allow access only to the necessary ports |
| TFM_EC2_UNRESTRICTED_PORTS | 255. Allow access only to the necessary ports |
| TFM_EKS_HAS_ENDPOINTS_PUBLICLY_ACCESSIBLE | |
| TFM_ELASTICACHE_TRANSIT_ENCRYPTION_DISABLED | |
| TFM_ELASTICACHE_USES_DEFAULT_PORT | |
| TFM_ELB2_INSECURE_SEC_POLICY | 266. Disable insecure functionalities |
| TFM_ELB2_INSEC_PROTO | 181. Transmit data using secure protocols |
| TFM_ELB2_NOT_DELETION_PROTEC | |
|
TFM_ELB2_USES_INSECURE_PROTOCOL
|
|
| TFM_ELB_LOGGING_DISABLED | |
| TFM_HTTP_METHODS_ENABLED | 266. Disable insecure functionalities |
| TFM_IAM_EXCESSIVE_PRIVILEGES | |
| TFM_IAM_EXCESSIVE_ROLE_POLICY | |
| TFM_IAM_FULL_ACCESS_SSM | |
| TFM_IAM_MISSING_SECURITY | |
| TFM_IAM_PERMISSIONS_POLICY_NOT_ACTION | |
| TFM_IAM_PERMISSIONS_POLICY_NOT_RESOURCE | |
| TFM_IAM_POLICY_APPLY_TO_USERS | |
| TFM_IAM_ROLE_IS_OVER_PRIVILEGED | |
| TFM_IAM_TRUST_POLICY_NOT_ACTION | |
| TFM_IAM_TRUST_POLICY_NOT_PRINCIPAL | |
| TFM_IAM_TRUST_POLICY_WILDCARD_ACTION | |
| TFM_IAM_WILDCARD_WRITE | |
| TFM_INST_WITHOUT_PROFILE | 255. Allow access only to the necessary ports |
|
TFM_K8S_ALLOW_PRIVILEGE_ESCALATION_ENABLED
|
|
|
TFM_K8S_CHECK_DROP_CAPABILITY
|
|
|
TFM_K8S_CHECK_IF_CAPABILITY_EXISTS
|
|
|
TFM_K8S_CHECK_IF_SYS_ADMIN_EXISTS
|
|
|
TFM_K8S_CHECK_PRIVILEGED_USED
|
|
|
TFM_K8S_CHECK_RUN_AS_USER
|
|
|
TFM_K8S_CHECK_SECCOMP_PROFILE
|
|
|
TFM_K8S_CONTAINER_WITHOUT_SECURITYCONTEXT
|
|
|
TFM_K8S_HOST_IPC_ENABLED
|
|
|
TFM_K8S_HOST_NETWORK_ENABLED
|
|
|
TFM_K8S_HOST_PATH_VOLUMES
|
|
|
TFM_K8S_HOST_PROCESS_ENABLED
|
|
|
TFM_K8S_HOSTPID_ENABLED
|
|
| TFM_K8S_IMAGE_HAS_DIGEST | |
|
TFM_K8S_ROOT_CONTAINER
|
|
|
TFM_K8S_ROOT_FILESYSTEM_READ_ONLY
|
|
|
TFM_K8S_SA_TOKEN_ENABLED
|
|
| TFM_KMS_KEY_ROTATION_DISABLED | 266. Disable insecure functionalities |
| TFM_KMS_MASTER_KEYS_EXPOSED | |
|
TFM_KUBERNETES_INSECURE_PORT
|
|
| TFM_NEGATIVE_STATEMENT | |
| TFM_PERMISSIVE_POLICY | |
| TFM_POLICY_SERVER_ENCRYP_DISABLED | |
| TFM_PUBLIC_BUCKETS_ACL | |
| TFM_RDS_INSIDE_SUBNET | 255. Allow access only to the necessary ports |
| TFM_RDS_NO_DELETION_PROTECTION | |
| TFM_RDS_NOT_AUTO_BACKUPS | |
| TFM_RDS_NOT_USES_IAM_AUTHENTICATION | |
| TFM_RDS_IS_PUBLICLY_ACCESSIBLE | |
| TFM_RDS_UNENCRYPTED_STORAGE | |
| TFM_REDIS_CACHE_AUTHNOTREQUIRED_ENABLED | |
| TFM_REDSHIFT_HAS_AUDIT_LOGS_DISABLED | |
| TFM_REDSHIFT_HAS_ENCRYPTION_DISABLED | |
| TFM_REDSHIFT_HAS_PUBLIC_CLUSTERS | |
| TFM_REDSHIFT_HAS_USER_ACTIVITY_LOG_DISABLED | |
| TFM_REDSHIFT_NOT_REQUIRES_SSL | |
| TFM_S3_BUCKETS_ALLOW_UNAUTHORIZED_PUBLIC_ACCESS | |
| TFM_S3_VERSIONING_DISABLED | 266. Disable insecure functionalities |
| TFM_SNS_IS_SERVER_SIDE_ENCRYPTION_DISABLED | |
| TFM_SQS_IS_ENCRYPTION_DISABLED | |
| TFM_SQS_IS_PUBLIC | |
| TFM_TRAILS_NOT_MULTIREGION |
|
Scanner method name
|
Related security requirement verified
|
|
TSX_LACK_OF_VALIDATION_EVENT_LISTENER
|
|
|
TS_AJV_ALLERRORS_UNCONTROLLED
|
|
|
TS_CLIENT_STORAGE
|
|
|
TS_COOKIE_SERVICE_SENSITIVE_INFO
|
|
|
TS_CRYPTO_CREDENTIALS
|
|
|
TS_CRYPTOJS_INSECURE_USE_OF_CBC_MODE
|
|
|
TS_DEBUGGER_ENABLED
|
|
|
TS_DETECT_ANGULAR_INNER_HTML
|
|
|
TS_DECODE_INSECURE_JWT_TOKEN
|
|
|
TS_DYNAMIC_X_PATH
|
|
|
TS_EXPOSED_PRIVATE_KEY
|
|
|
TS_EXPRESS_COOKIE_SAMESITE_NONE
|
|
|
TS_EXPRESS_COOKIE_SECURE
|
|
|
TS_EXPRESS_DEBUG_MODE_ENABLED
|
|
|
TS_EXPRESS_HARDCODED_SESS_SECRET
|
|
|
TS_EXPRESS_INSEC_HTTPONLY
|
|
|
TS_EXPRESS_INSECURE_CORS
|
|
|
TS_EXPRESS_INSECURE_RATE_LIMIT
|
|
|
TS_EXPRESS_SSRF
|
|
|
TS_FILE_SIZE_LIMIT_MISSING
|
|
|
TS_FILE_UNAUTHORIZED_ACCESS
|
|
|
TS_GRPC_INSECURE_CONNECTION_ANONYMOUS_ACCESS
|
|
|
TS_HARDCODED_CREDENTIALS_IN_TEST
|
|
|
TS_HARDCODED_JWT_SECRET
|
|
|
TS_HARDCODED_KEY_HMAC
|
|
|
TS_HARDCODED_PASSWORD
|
|
|
TS_HAS_REVERSE_TABNABBING
|
|
|
TS_HTML_CODE_INJECTION_VIA_INPUT
|
|
|
TS_IMPROPER_CSRF_MIDDLEWARE_ORDER
|
|
|
TS_INSECURE_COMPRESSION_ALGORITHM
|
|
|
TS_INSECURE_COOKIE
|
|
|
TS_INSECURE_CORS_ORIGIN
|
|
|
TS_INSECURE_CREATE_CIPHER
|
|
|
TS_INSECURE_ECDH_KEY
|
|
|
TS_INSECURE_EC_KEYPAIR
|
|
|
TS_INSECURE_ENCRYPT
|
|
|
TS_INSECURE_HASH
|
|
|
TS_INSECURE_JWT_TOKEN
|
|
|
TS_INSECURE_LOGGING
|
|
|
TS_INSECURE_RSA_KEYPAIR
|
|
|
TS_INSEC_COOKIES
|
|
|
TS_INSEC_MSG_AUTH_MECHANISM
|
|
|
TS_JSON_PARSE_UNVALIDATED_DATA
|
|
|
TS_JWT_INSEC_SIGN_ALGORITHM
|
|
|
TS_JWT_INSEC_SIGN_ALGO_ASYNC
|
|
|
TS_JWT_NONE_ALGORITHM_TOKEN_FORGERY
|
|
|
TS_KOA_INSECURE_CORS
|
|
|
TS_LAMBDA_INSECURE_CORS
|
|
|
TS_LOCAL_STORAGE_SENS_DATA_ASSIGNMENT
|
|
|
TS_NESTJS_INSECURE_CORS
|
|
|
TS_NEXTJS_REVERSE_TABNABBING
|
|
|
TS_NON_SECURE_CONSTRUCTION_OF_COOKIES
|
|
|
TS_INSECURE_PATH_TRAVERSAL
|
|
|
TS_JQUERY_REVERSE_TABNABBING
|
|
|
TS_NOSQL_INJECTION
|
|
|
TS_NOSQL_INJECTION_TERNARY
|
|
|
TS_PATH_UNDEFINED_IN_SESSION_COOKIE
|
|
|
TS_REGEX_INJECTION
|
|
|
TS_REMOTE_COMMAND_EXECUTION
|
|
|
TS_SALT_IS_HARDCODED
|
|
|
TS_SEQUELIZE_INJECTION
|
|
|
TS_SQL_API_INJECTION
|
|
|
TS_SQL_INJECTION
|
|
|
TS_SSH2SFTPCLIENT_CBC_CIPHER
|
|
|
TS_TLS_REJECT_UNAUTHORIZED_FALSE
|
|
|
TS_UNNECESSARY_IMPORTS
|
|
|
TS_UNSAFE_HTTP_XSS_PROTECTION
|
|
|
TS_UNSAFE_HTTP_XFRAME_OPTIONS
|
|
|
TS_UNSAFE_ORIGIN
|
|
|
TS_UNSAFE_XSS_CONTENT
|
|
|
TS_UNVALIDATED_XML_PARSED_IN_VM
|
|
|
TS_USES_BYPASS_SECURITY_TRUST_URL
|
|
|
TS_USES_DANGEROUSLY_SET_HTML
|
|
|
TS_USES_EVAL
|
|
|
TS_USES_INNERHTML
|
|
|
TS_WEAK_RANDOM
|
|
|
TS_WEAK_SSL_TLS_PROTOCOL
|
|
|
TS_XML_PARSER
|
|
|
TS_XML_PARSER_INSIDE_CONTEXT
|
|
|
TS_ZIP_SLIP
|
|
|
TYPESCRIPT_ACCEPTS_ANY_MIME_DEFAULT
|
|
|
TYPESCRIPT_ACCEPTS_ANY_MIME_METHOD
|
|
|
TYPESCRIPT_EXPRESS_ACCEPTS_ANY_MIME
|
|
Scanner method name
|
Related security requirement verified
|
|
CS_ASPNET_COOKIE_SAMESITE_NONE_CF
|
|
|
DOTNETCONFIG_ANON_AUTH_ENABLED
|
|
|
DOTNETCONFIG_ASP_VERSION_ENABLED
|
|
|
DOTNETCONFIG_EXCESSIVE_AUTH_PRIVILEGES
|
|
|
DOTNETCONFIG_HAS_DEBUG_ENABLED
|
|
|
DOTNETCONFIG_HAS_SSL_DISABLED
|
|
|
DOTNETCONFIG_NOT_CUSTOM_ERRORS
|
|
|
DOTNETCONFIG_NOT_SUPPRESS_VULN_HEADER
|
|
|
XML_DOTNET_WEAK_ENCRYPTION_ALGORITHM
|
|
Scanner method name
|
Related security requirement verified
|
|
NON_UPGRADEABLE_DEPS
|
|
|
UNVERIFIABLE_FILES
|