Security requirements by language

In this page, you can see the security requirements assessed by Fluid Attacks' static application security testing (SAST) differentiating by the programming language in which the source code is written and by the scanner method that automates the check. To learn about support information, read the article Supported languages, frameworks and files in SAST.

Android

Scanner method name	Related security requirement verified
DANGEROUS_PERMISSIONS	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
PATH_APK_BACKUPS_ENABLED	185. Encrypt sensitive information 266. Disable insecure functionalities
PATH_APK_DEBUGGING_ENABLED	077. Avoid disclosing technical information 078. Disable debugging events
PATH_APK_EXPORTED_CP	096. Set user's required privileges 176. Restrict system objects 264. Request authentication 320. Avoid client-side control enforcement

Bash

Scanner method name	Related security requirement verified
BASH_IMAGE_HAS_DIGEST	266. Disable insecure functionalities
BASH_USING_SSHPASS	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
BASH_EXCESSIVE_PRIVILEGES_FOR_OTHERS	033. Restrict administrative access 176. Restrict system objects 265. Restrict access to critical processes 280. Restrict service root directory

C#

Scanner method name	Related security requirement verified
CS_CERT_VALIDATION_DISABLED	158. Use a secure programming language
CS_CHECK_HASHES_SALT	266. Disable insecure functionalities
CS_CONFLICTING_ANNOTATIONS	158. Use a secure programming language
CS_CREATE_TEMP_FILE	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
CS_DISABLED_HTTP_HEADER_CHECK	266. Disable insecure functionalities
CS_DISABLED_STRONG_CRYPTO	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
CS_HARDCODED_SYMMETRIC_KEY	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
CS_HAS_PUBLIC_CACHE_HEADER	062. Define standard configurations 177. Avoid caching and temporary files 266. Disable insecure functionalities 349. Include HTTP security headers
CS_HTTPCLIENT_NO_REVOCATION_LIST	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
CS_INFO_LEAK_ERRORS	077. Avoid disclosing technical information 176. Restrict system objects
CS_INSECURE_ASSEMBLY_LOAD	040. Compare file format and extension 041. Scan files for malicious code
CS_INSECURE_AUTHENTICATION	030. Avoid object reutilization 228. Authenticate using standard protocols 319. Make authentication options equally secure
CS_INSECURE_CERTIFICATE_VALIDATION	266. Disable insecure functionalities
CS_INSECURE_CHANNEL	181. Transmit data using secure protocols
CS_INSECURE_CIPHER	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
CS_INSECURE_CORS	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
CS_INSECURE_CORS_ORIGIN	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
CS_INSECURE_DESERIAL	173. Discard unsafe inputs 321. Avoid deserializing untrusted data
CS_INSECURE_HASH	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
CS_INSECURE_KEYS	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
CS_INSECURE_LOGGING	080. Prevent log modification 173. Discard unsafe inputs
CS_INSECURE_SHARED_ACCESS_PROTOCOL	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
CS_INSEC_ADDHEADER_WRITE	029. Cookies with security attributes 173. Discard unsafe inputs
CS_INSEC_COOKIES	029. Cookies with security attributes
CS_INSEC_CREATE	173. Discard unsafe inputs 324. Control redirects
CS_JS_DESERIALIZATION	173. Discard unsafe inputs 321. Avoid deserializing untrusted data
CS_JWT_SIGNED	032. Avoid session ID leakages 181. Transmit data using secure protocols
CS_LDAP_CONN_AUTH	266. Disable insecure functionalities
CS_LDAP_INJECTION	173. Discard unsafe inputs
CS_MANAGED_SECURE_MODE	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
CS_OBSOLETE_KEY_DERIVATION	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
CS_OPEN_REDIRECT	173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters
CS_OVERRIDE_AUTH_MODIFIER	142. Change system default credentials 264. Request authentication 265. Restrict access to critical processes 266. Disable insecure functionalities 319. Make authentication options equally secure
CS_PATH_INJECTION	037. Parameters without sensitive data 320. Avoid client-side control enforcement
CS_REGEX_INJECTION	072. Set maximum response time 327. Set a rate limit
CS_REMOTE_COMMAND_EXECUTION	173. Discard unsafe inputs 265. Restrict access to critical processes 266. Disable insecure functionalities
CS_RSA_SECURE_MODE	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
CS_SCHEMA_BY_URL	262. Verify third-party components
CS_SERVICE_POINT_MANAGER_DISABLED	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
CS_SQL_INJECTION	169. Use parameterized queries 173. Discard unsafe inputs
CS_STORED_PASSWORD	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
CS_TYPE_NAME_HANDLING	173. Discard unsafe inputs 321. Avoid deserializing untrusted data
CS_UNSAFE_PATH_TRAVERSAL	173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters
CS_UNSAFE_SQL_STATEMENT	169. Use parameterized queries 173. Discard unsafe inputs
CS_VERIFY_DECODER	032. Avoid session ID leakages 181. Transmit data using secure protocols
CS_VULN_REGEX	072. Set maximum response time 327. Set a rate limit
CS_WEAK_CREDENTIAL	130. Limit password lifespan 132. Passphrases with at least 4 words 133. Passwords with at least 20 characters 139. Set minimum OTP length 332. Prevent the use of breached passwords
CS_WEAK_PROTOCOL	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
CS_XAML_INJECTION	173. Discard unsafe inputs
CS_XML_SERIAL	173. Discard unsafe inputs 321. Avoid deserializing untrusted data
CS_XPATH_INJECTION	173. Discard unsafe inputs
CS_XPATH_INJECTION_EVALUATE	173. Discard unsafe inputs
CS_XSL_TRANSFORM_OBJECT	262. Verify third-party components
C_SHARP_ACCEPTS_ANY_MIMETYPE	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
C_SHARP_PLAIN_TEXT_KEYS	145. Protect system cryptographic keys

CloudFormation

Scanner method name	Related security requirement verified
CFN_ADMIN_POLICY_ATTACHED	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
CFN_ALLOWS_PRIV_ESCALATION_BY_ATTACH_POLICY	035. Manage privilege modifications
CFN_ALLOWS_PRIV_ESCALATION_BY_POLICIES_VERSIONS	035. Manage privilege modifications
CFN_ANYONE_ADMIN_PORTS	255. Allow access only to the necessary ports
CFN_API_GATEWAY_LOGGING_DISABLED	075. Record exceptional events in logs 079. Record exact occurrence time of events 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system
CFN_AWS_EBS_VOLUMES_UNENCRYPTED	185. Encrypt sensitive information 300. Mask sensitive data
CFN_AWS_EFS_UNENCRYPTED	185. Encrypt sensitive information 300. Mask sensitive data
CFN_AWS_ELB_LISTENER_ON_HTTP	181. Transmit data using secure protocols
CFN_AWS_SEC_GROUP_USING_TCP	181. Transmit data using secure protocols
CFN_BUCKET_ALLOWS_PUBLIC	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
CFN_BUCKET_POLICY_SEC_TRANSPORT	181. Transmit data using secure protocols
CFN_CF_DISTR_LOG_DISABLED	075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system
CFN_COGNITO_HAS_MFA_DISABLED	229. Request access credentials 231. Implement a biometric verification component 264. Request authentication 319. Make authentication options equally secure 328. Request MFA for critical systems
CFN_CONTENT_HTTP	181. Transmit data using secure protocols
CFN_DYNAMO_NOT_DEL_PROTEC	186. Use the principle of least privilege 265. Restrict access to critical processes
CFN_EC2_ASSOC_PUB_IP	266. Disable insecure functionalities
CFN_EC2_DEFAULT_SEC_GROUP	266. Disable insecure functionalities
CFN_EC2_NOT_TERMINATION_PROTEC	186. Use the principle of least privilege 265. Restrict access to critical processes
CFN_EC2_NO_IAM	266. Disable insecure functionalities
CFN_EC2_OPEN_ALL_PORTS_PUBLIC	255. Allow access only to the necessary ports
CFN_EC2_SEC_GROUPS_RFC1918	255. Allow access only to the necessary ports
CFN_EC2_TERMINATE_SHUTDOWN_BEHAVIOR	266. Disable insecure functionalities
CFN_EC2_UNENCRYPTED_BLOCK_DEVICES	266. Disable insecure functionalities
CFN_EC2_UNENCRYPTED_VOLUMES	266. Disable insecure functionalities
CFN_EC2_UNRESTRICTED_DNS	255. Allow access only to the necessary ports
CFN_EC2_UNRESTRICTED_FTP	255. Allow access only to the necessary ports
CFN_EC2_UNRESTRICTED_PORTS	255. Allow access only to the necessary ports
CFN_EKS_HAS_ENDPOINTS_PUBLICLY_ACCESSIBLE	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
CFN_ELASTICACHE_TRANSIT_ENCRYPTION_DISABLED	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
CFN_ELASTICACHE_USES_DEFAULT_PORT	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
CFN_ELB2_INSECURE_SEC_POLICY	266. Disable insecure functionalities
CFN_ELB2_INSEC_PROTO	181. Transmit data using secure protocols
CFN_ELB2_LOGS_S3_DISABLED	075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system
CFN_ELB2_NOT_DELETION_PROTEC	186. Use the principle of least privilege 265. Restrict access to critical processes
CFN_ELB_ACCESS_LOG_DISABLED	075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system
CFN_ELB_WITHOUT_SSLPOLICY	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
CFN_GROUPS_WITHOUT_EGRESS	255. Allow access only to the necessary ports
CFN_HTTP_METHODS_ENABLED	266. Disable insecure functionalities
CFN_IAM_EXCESSIVE_ROLE_POLICY	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
CFN_IAM_FULL_ACCESS_SSM	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
CFN_IAM_MISSING_SECURITY	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
CFN_IAM_PERMISSIONS_POLICY_NOT_ACTION	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
CFN_IAM_PERMISSIONS_POLICY_NOT_RESOURCE	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
CFN_IAM_PERMISSIONS_POLICY_WILDCARD_ACTIONS	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
CFN_IAM_PERMISSIONS_POLICY_WILDCARD_RESOURCES	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
CFN_IAM_POLICY_APPLY_TO_USERS	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
CFN_IAM_TRUST_POLICY_NOT_ACTION	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
CFN_IAM_TRUST_POLICY_NOT_PRINCIPAL	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
CFN_IAM_TRUST_POLICY_WILDCARD_ACTION	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
CFN_IAM_WILDCARD_WRITE	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
CFN_INSECURE_CERTIFICATE	266. Disable insecure functionalities
CFN_INSEC_GEN_SECRET	130. Limit password lifespan 132. Passphrases with at least 4 words 133. Passwords with at least 20 characters 139. Set minimum OTP length 332. Prevent the use of breached passwords
CFN_INSEC_PROTO	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
CFN_INST_WITHOUT_PROFILE	255. Allow access only to the necessary ports
CFN_KMS_KEY_ROTATION_DISABLED	266. Disable insecure functionalities
CFN_KMS_MASTER_KEYS_EXPOSED	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
CFN_LOG_CONF_DISABLED	075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system
CFN_LOG_NOT_VALIDATED	080. Prevent log modification
CFN_NEGATIVE_STATEMENT	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
CFN_NOT_POINT_TIME_RECOVERY	186. Use the principle of least privilege 265. Restrict access to critical processes
CFN_PERMISSIVE_POLICY	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
CFN_POLICY_SERVER_ENCRYP_DISABLED	134. Store passwords with salt 135. Passwords with random salt 185. Encrypt sensitive information 227. Display access notification 229. Request access credentials 264. Request authentication 300. Mask sensitive data
CFN_RDS_NOT_AUTO_BACKUPS	186. Use the principle of least privilege 265. Restrict access to critical processes
CFN_RDS_NOT_INSIDE_DB_SUBNET	255. Allow access only to the necessary ports
CFN_RDS_NOT_TERMINATION_PROTEC	186. Use the principle of least privilege 265. Restrict access to critical processes
CFN_RDS_NOT_USES_IAM_AUTHENTICATION	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
CFN_RDS_PUB_ACCESSIBLE	096. Set user's required privileges 176. Restrict system objects 265. Restrict access to critical processes
CFN_RDS_UNENCRYPTED_STORAGE	134. Store passwords with salt 135. Passwords with random salt 185. Encrypt sensitive information 229. Request access credentials 264. Request authentication 300. Mask sensitive data
CFN_REDSHIFT_HAS_AUDIT_LOGS_DISABLED	075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system
CFN_REDSHIFT_HAS_ENCRYPTION_DISABLED	185. Encrypt sensitive information 300. Mask sensitive data
CFN_REDSHIFT_HAS_PUBLIC_CLUSTERS	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
CFN_REDSHIFT_HAS_USER_ACTIVITY_LOG_DISABLED	075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system
CFN_REDSHIFT_NOT_REQUIRES_SSL	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
CFN_S3_BUCKETS_ALLOW_UNAUTHORIZED_PUBLIC_ACCESS	096. Set user's required privileges 176. Restrict system objects 264. Request authentication 320. Avoid client-side control enforcement
CFN_S3_VERSIONING_DISABLED	266. Disable insecure functionalities
CFN_SERVER_SSL_DISABLED	181. Transmit data using secure protocols
CFN_SNS_HAS_SERVER_SIDE_ENCRYPTION_DISABLED	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
CFN_SQS_HAS_ENCRYPTION_DISABLED	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
CFN_SQS_IS_PUBLIC	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
CFN_TRAILS_NOT_MULTIREGION	075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system
CFN_UNRESTRICTED_CIDRS	255. Allow access only to the necessary ports
CFN_UNRESTRICTED_IP_PROTO	255. Allow access only to the necessary ports
CFN_WILDCARD_IN_ALLOWED_ORIGINS	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
YML_SERVERLESS_CORS	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers

Configuration files

Scanner method name	Related security requirement verified
CONF_FILES_CREDENTIALS_EXPOSED_IN_CODE	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
JMX_HEADER_BASIC	030. Avoid object reutilization 228. Authenticate using standard protocols 319. Make authentication options equally secure
JSON_ALLOWED_HOSTS	266. Disable insecure functionalities
JSON_ANON_CONNECTION_CONFIG	142. Change system default credentials 264. Request authentication 265. Restrict access to critical processes 266. Disable insecure functionalities 319. Make authentication options equally secure
JSON_DB_CREDENTIALS_EXPOSED_IN_CODE	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
JSON_DISABLE_HOST_CHECK	266. Disable insecure functionalities
JSON_HTTPS_FLAG_MISSING	181. Transmit data using secure protocols
JSON_PRINCIPAL_WILDCARD	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
JSON_SSL_PORT_MISSING	185. Encrypt sensitive information 266. Disable insecure functionalities
JWT_TOKEN	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
SONAR_CREDENTIALS_EXPOSED	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
SENSITIVE_INFO_DOTNET_JSON	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
SENSITIVE_INFO_JSON	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
SENSITIVE_KEY_JSON	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
TSCONFIG_SOURCEMAP_ENABLED	077. Avoid disclosing technical information 176. Restrict system objects
WEB_DB_CONN	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
WEB_USER_PASS	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
XML_ACCEPT_HEADER	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
XML_ALLOWS_ALL_DOMAINS	266. Disable insecure functionalities
XML_BASIC_AUTH_METHOD	030. Avoid object reutilization 228. Authenticate using standard protocols 319. Make authentication options equally secure
XML_HAS_X_XSS_PROTECTION_HEADER	062. Define standard configurations 175. Protect pages from clickjacking 266. Disable insecure functionalities 349. Include HTTP security headers
XML_HEADER_ALLOW_ALL_METHODS	266. Disable insecure functionalities
XML_HEADER_ALLOW_DANGER_METHODS	266. Disable insecure functionalities
XML_INSECURE_CONFIGURATION	130. Limit password lifespan 138. Define lifespan for temporary passwords 140. Define OTP lifespan
XML_NETWORK_SSL_DISABLED	181. Transmit data using secure protocols
XML_X_FRAME_OPTIONS	062. Define standard configurations 175. Protect pages from clickjacking 266. Disable insecure functionalities 349. Include HTTP security headers

Dart

Scanner method name	Related security requirement verified
DART_INSECURE_LOGGING	080. Prevent log modification 173. Discard unsafe inputs
DART_SALT_IS_HARDCODED	266. Disable insecure functionalities

Docker

Scanner method name	Related security requirement verified
CONTAINER_DISABLED_SSL	181. Transmit data using secure protocols
CONTAINER_USING_SSHPASS	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
CONTAINER_WITHOUT_USER	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
CONTAINER_WITH_USER_ROOT	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
DOCKER_ENV_SECRETS	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
DOCKER_PORT_EXPOSED	181. Transmit data using secure protocols
DOCKER_USING_ADD_COMMAND	266. Disable insecure functionalities
UNPINNED_DOCKER_IMAGE	266. Disable insecure functionalities

Docker Compose

Scanner method name	Related security requirement verified
DOCKER_COMPOSE_ENV_SECRETS	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
DOCKER_COMPOSE_IMAGE_HAS_DIGEST	266. Disable insecure functionalities
DOCKER_COMPOSE_READ_ONLY	266. Disable insecure functionalities
DOCKER_COMPOSE_SSH_PASS	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities

Go

Scanner method name	Related security requirement verified
GO_ACCEPTS_ANY_MIME_TYPE	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
GO_HARDCODED_SYMMETRIC_KEY	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
GO_INSECURE_CIPHER	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
GO_INSECURE_HASH	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
GO_INSECURE_QUERY	169. Use parameterized queries 173. Discard unsafe inputs
GO_SALT_IS_HARDCODED	266. Disable insecure functionalities

HTML

Scanner method name	Related security requirement verified
HTML_HAS_AUTOCOMPLETE	177. Avoid caching and temporary files
HTML_HAS_NOT_SUB_RESOURCE_INTEGRITY	178. Use digital signatures 262. Verify third-party components 330. Verify Subresource Integrity
HTML_HAS_REVERSE_TABNABBING	173. Discard unsafe inputs 324. Control redirects

Java

Machine method name	Related security requirement verified
JAVA_ACCEPTS_ANY_MIMETYPE_CHAIN	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
JAVA_ACCEPTS_ANY_MIMETYPE_OBJ	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
JAVA_BASIC_AUTHENTICATION	030. Avoid object reutilization 228. Authenticate using standard protocols 319. Make authentication options equally secure
JAVA_CREATE_TEMP_FILE	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
JAVA_CREDENTIALS_EXPOSED_IN_CODE	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
JAVA_CSRF_PROTECTIONS_DISABLED	029. Cookies with security attributes 174. Transactions without a distinguishable pattern
JAVA_HOSTNAME_VERIFICATION_OFF	088. Request client certificates 089. Limit validity of certificates 090. Use valid certificates 091. Use internally signed certificates 092. Use externally signed certificates 093. Use consistent certificates
JAVA_HOST_KEY_CHECKING	255. Allow access only to the necessary ports
JAVA_HTTP_ONLY_COOKIE	029. Cookies with security attributes
JAVA_HTTP_REQ_ACCEPTS_ANY_MIMETYPE	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
JAVA_INSECURE_AUTHENTICATION	030. Avoid object reutilization 228. Authenticate using standard protocols 319. Make authentication options equally secure
JAVA_INSECURE_CIPHER	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JAVA_INSECURE_CIPHER_JMQI	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JAVA_INSECURE_CIPHER_MODE	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JAVA_INSECURE_CIPHER_SSL	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JAVA_INSECURE_CONNECTION	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JAVA_INSECURE_CORS_ORIGIN	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
JAVA_INSECURE_ENGINE_CIPHER_SSL	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JAVA_INSECURE_HASH	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JAVA_INSECURE_KEY	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JAVA_INSECURE_KEY_EC	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
AVA_INSECURE_KEY_RSA	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JAVA_INSECURE_KEY_SECRET	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JAVA_INSECURE_PASS	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JAVA_INSECURE_TRUST_MANAGER	088. Request client certificates 089. Limit validity of certificates 090. Use valid certificates 091. Use internally signed certificates 092. Use externally signed certificates 093. Use consistent certificates
JAVA_INSEC_SIGN_ALGORITHM	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JAVA_JPA_LIKE	169. Use parameterized queries 173. Discard unsafe inputs
JAVA_JWT_UNSAFE_DECODE	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JAVA_JWT_WITHOUT_PROPER_SIGN	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JAVA_LDAP_INJECTION	173. Discard unsafe inputs
JAVA_PROP_MISSING_SSL	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JAVA_PROP_SENSITIVE	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
JAVA_PROP_UNENCRYPTED_TRANSPORT	181. Transmit data using secure protocols
JAVA_PROP_WEAK_CIPHER	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JAVA_REMOTE_COMMAND_EXECUTION	173. Discard unsafe inputs 265. Restrict access to critical processes 266. Disable insecure functionalities
JAVA_SALT_IS_HARDCODED	266. Disable insecure functionalities
JAVA_SECURE_COOKIE	029. Cookies with security attributes
JAVA_SQL_INJECTION	169. Use parameterized queries 173. Discard unsafe inputs
JAVA_TRUST_BOUNDARY_VIOLATION	173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters
JAVA_UNSAFE_PATH_TRAVERSAL	173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters
JAVA_UNSAFE_XSS_CONTENT	029. Cookies with security attributes 173. Discard unsafe inputs
JAVA_UPLOAD_SIZE_LIMIT	040. Compare file format and extension 041. Scan files for malicious code
JAVA_USES_SYSTEM_EXIT	164. Use optimized structures 167. Close unused resources 072. Set maximum response time 327. Set a rate limit
JAVA_VULN_REGEX	072. Set maximum response time 327. Set a rate limit
JAVA_WEAK_RANDOM_COOKIE	223. Uniform distribution in random numbers 224. Use secure cryptographic mechanisms
JAVA_XML_PARSER	173. Discard unsafe inputs
JAVA_XPATH_INJECTION_EVALUATE	173. Discard unsafe inputs
JAVA_ZIP_SLIP_PATH_INJECTION	173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters

JavaScript

Scanner method name	Related security requirement verified
JAVASCRIPT_ACCEPTS_ANY_MIME_DEFAULT	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
JAVASCRIPT_ACCEPTS_ANY_MIME_METHOD	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
JAVASCRIPT_EXPRESS_ACCEPTS_ANY_MIME	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
JAVASCRIPT_INSECURE_CORS_ORIGIN	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
JSX_LACK_OF_VALIDATION_EVENT_LISTENER	173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters
JS_CLIENT_STORAGE	177. Avoid caching and temporary files 329. Keep client-side storage without sensitive data
JS_CREDENTIALS_EXPOSED_IN_CODE	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
JS_CRYPTO_CREDENTIALS	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
JS_DEBUGGER_ENABLED	077. Avoid disclosing technical information 078. Disable debugging events
JS_DECODE_INSECURE_JWT_TOKEN	173. Discard unsafe inputs 320. Avoid client-side control enforcement 357. Use stateless session tokens
JS_DYNAMIC_X_PATH	173. Discard unsafe inputs
JS_HAS_REVERSE_TABNABBING	173. Discard unsafe inputs 324. Control redirects
JS_INSECURE_COMPRESSION_ALGORITHM	266. Disable insecure functionalities
JS_INSECURE_COOKIE	029. Cookies with security attributes
JS_INSECURE_CREATE_CIPHER	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JS_INSECURE_ECDH_KEY	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JS_INSECURE_EC_KEYPAIR	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JS_INSECURE_ENCRYPT	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JS_INSECURE_HASH	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JS_INSECURE_HASH_LIBRARY	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JS_INSECURE_JWT_TOKEN	228. Authenticate using standard protocols
JS_INSECURE_RSA_KEYPAIR	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JS_INSEC_COOKIES	029. Cookies with security attributes
JS_INSEC_MSG_AUTH_MECHANISM	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JS_JSON_PARSE_UNVALIDATED_DATA	173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters
JS_JWT_INSEC_SIGN_ALGORITHM	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JS_JWT_INSEC_SIGN_ALGO_ASYNC	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
JS_LOCAL_STORAGE_SENS_DATA_ASSIGNMENT	173. Discard unsafe inputs 320. Avoid client-side control enforcement 357. Use stateless session tokens
JS_LOCAL_STORAGE_WITH_SENSITIVE_DATA	173. Discard unsafe inputs 320. Avoid client-side control enforcement 357. Use stateless session tokens
JS_NON_SECURE_CONSTRUCTION_OF_COOKIES	030. Avoid object reutilization
JS_PATH_TRAVERSAL	173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters
JS_REGEX_INJECTION	072. Set maximum response time 327. Set a rate limit
JS_REMOTE_COMMAND_EXECUTION	173. Discard unsafe inputs 265. Restrict access to critical processes 266. Disable insecure functionalities
JS_SALT_IS_HARDCODED	266. Disable insecure functionalities
JS_SQL_API_INJECTION	169. Use parameterized queries 173. Discard unsafe inputs
JS_SQL_INJECTION	169. Use parameterized queries 173. Discard unsafe inputs
JS_UNSAFE_HTTP_XSS_PROTECTION	062. Define standard configurations 175. Protect pages from clickjacking 266. Disable insecure functionalities 349. Include HTTP security headers
JS_UNSAFE_HTTP_X_FRAME_OPTIONS	062. Define standard configurations 175. Protect pages from clickjacking 266. Disable insecure functionalities 349. Include HTTP security headers
JS_UNSAFE_ORIGIN	266. Disable insecure functionalities
JS_UNSAFE_XSS_CONTENT	029. Cookies with security attributes 173. Discard unsafe inputs
JS_USES_BYPASS_SECURITY_TRUST_URL	173. Discard unsafe inputs
JS_USES_DANGEROUSLY_SET_HTML	173. Discard unsafe inputs
JS_USES_EVAL	266. Disable insecure functionalities
JS_USES_INNERHTML	173. Discard unsafe inputs
JS_WEAK_RANDOM	223. Uniform distribution in random numbers 224. Use secure cryptographic mechanisms
JS_XML_PARSER	173. Discard unsafe inputs
JS_ZIP_SLIP	173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters

Kotlin

Scanner method name	Related security requirement verified
KOTLIN_ACCEPTS_ANY_MIME_TYPE	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
KOTLIN_CREDENTIALS_EXPOSED_IN_CODE	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
KOTLIN_HTTP_ONLY_COOKIE	029. Cookies with security attributes
KOTLIN_SALT_IS_HARDCODED	266. Disable insecure functionalities
KOTLIN_SECURE_COOKIE	029. Cookies with security attributes
KOTLIN_VULN_REGEX	072. Set maximum response time 327. Set a rate limit
KT_ANONYMOUS_LDAP	173. Discard unsafe inputs
KT_DEFAULT_HTTP_CLIENT_DEPRECATED	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
KT_HC_SECRET_ALG_INSTANCE	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
KT_INSECURE_CERTIFICATE_VALIDATION	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
KT_INSECURE_CIPHER	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
KT_INSECURE_CIPHER_HTTP	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
KT_INSECURE_CIPHER_MODE	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
KT_INSECURE_CIPHER_SSL	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
KT_INSECURE_ENCRYPTION_KEY	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
KT_INSECURE_HASH	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
KT_INSECURE_HOST_VERIFICATION	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
KT_INSECURE_INIT_VECTOR	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
KT_INSECURE_KEY	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
KT_INSECURE_KEY_EC	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
KT_INSECURE_KEY_GEN	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
KT_INSECURE_KEY_PAIR_GEN	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
KT_INSECURE_PARAMETER_SPEC	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
KT_REMOTE_COMMAND_EXECUTION	173. Discard unsafe inputs 265. Restrict access to critical processes 266. Disable insecure functionalities
KT_UNENCRYPTED_CHANNEL	181. Transmit data using secure protocols
KT_WEAK_RANDOM	223. Uniform distribution in random numbers 224. Use secure cryptographic mechanisms
KT_XML_PARSER	173. Discard unsafe inputs

Kubernetes

Scanner method name	Related security requirement verified
K8S_CHECK_ADD_CAPABILITY	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
K8S_CHECK_DROP_CAPABILITY	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
K8S_CHECK_HOST_PID	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
K8S_CHECK_IF_CAPABILITY_EXISTS	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
K8S_CHECK_IF_SYS_ADMIN_EXISTS	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
K8S_CHECK_PRIVILEGED_USED	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
K8S_CHECK_RUN_AS_USER	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
K8S_CHECK_SECCOMP_PROFILE	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
K8S_CONTAINER_WITHOUT_SECURITYCONTEXT	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
K8S_IMAGE_HAS_DIGEST	266. Disable insecure functionalities
K8S_PRIVILEGE_ESCALATION_ENABLED	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
K8S_ROOT_CONTAINER	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
K8S_ROOT_FILESYSTEM_READ_ONLY	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
KUBERNETES_INSECURE_PORT	181. Transmit data using secure protocols
KUBERNETES_USES_HTTP	181. Transmit data using secure protocols
KUBERNETES_USES_HTTP_SERVER	181. Transmit data using secure protocols

PHP

Scanner method name	Related security requirement verified
PHP_REMOTE_COMMAND_EXECUTION	173. Discard unsafe inputs 265. Restrict access to critical processes 266. Disable insecure functionalities
PHP_UNSAFE_XSS_CONTENT	029. Cookies with security attributes 173. Discard unsafe inputs
PHP_BASIC_AUTHENTICATION	030. Avoid object reutilization 228. Authenticate using standard protocols 319. Make authentication options equally secure
PHP_INSECURE_HASH	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
PHP_INSECURE_CORS	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
PHP_INFO_LEAK_ERRORS	077. Avoid disclosing technical information 176. Restrict system objects
PHP_INSECURE_ENCRYPT_AES	148. Set minimum size of asymmetric encryption 150. Set minimum size for hash functions

Python

Scanner method name	Related security requirement verified
PYTHON_ACCEPTS_ANY_MIME	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
PYTHON_CREDENTIALS_EXPOSED_IN_CODE	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
PYTHON_DESERIALIZATION_INJECTION	173. Discard unsafe inputs 321. Avoid deserializing untrusted data
PYTHON_EXPOSED_AUTH_TOKEN	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
PYTHON_HTTP_ONLY_COOKIE	029. Cookies with security attributes
PYTHON_INSECURE_AUTHENTICATION	030. Avoid object reutilization 228. Authenticate using standard protocols 319. Make authentication options equally secure
PYTHON_INSECURE_CIPHER_MODE	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
PYTHON_INSECURE_JWT_KEY	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
PYTHON_INSEC_HASH_LIBRARY	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
PYTHON_IO_PATH_TRAVERSAL	173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters
PYTHON_LDAP_CONN_AUTH	266. Disable insecure functionalities
PYTHON_LDAP_INJECTION	173. Discard unsafe inputs
PYTHON_REGEX_DOS	072. Set maximum response time 327. Set a rate limit
PYTHON_REGEX_INJECTION	072. Set maximum response time 327. Set a rate limit
PYTHON_REMOTE_COMMAND_EXECUTION	173. Discard unsafe inputs 265. Restrict access to critical processes 266. Disable insecure functionalities
PYTHON_SECURE_COOKIE	029. Cookies with security attributes
PYTHON_SESSION_FIXATION	030. Avoid object reutilization
PYTHON_UNSAFE_CERTIFICATE_VALIDATION	266. Disable insecure functionalities
PYTHON_UNSAFE_CIPHER	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
PYTHON_UNSAFE_SSL_HOSTNAME	266. Disable insecure functionalities
PYTHON_UNSAFE_TEMP_FILE	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
PYTHON_XML_PARSER	173. Discard unsafe inputs

Swift

Scanner method name	Related security requirement verified
SWIFT_CREDENTIALS_EXPOSED_IN_CODE	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
SWIFT_HC_SECRET_JWT	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
SWIFT_INSECURE_CIPHER	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
SWIFT_INSECURE_CRYPTOR	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions

Terraform

Scanner technique name	Related security requirement verified
CHECK_REQUIRED_VERSION	266. Disable insecure functionalities
EC2_DEFAULT_SEC_GROUP	266. Disable insecure functionalities
EC2_NOT_TERMINATION_PROTEC	186. Use the principle of least privilege 265. Restrict access to critical processes
EC2_TERMINATE_SHUTDOWN_BEHAVIOR	266. Disable insecure functionalities
TFM_ADMIN_MANAGED_POLICIES	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
TFM_ADMIN_POLICY	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
TFM_ALLOWS_PRIV_ESCALATION_BY_ATTACH_POLICY	035. Manage privilege modifications
TFM_ALLOWS_PRIV_ESCALATION_BY_POLICIES_VERSIONS	035. Manage privilege modifications
TFM_ANYONE_ADMIN_PORTS	255. Allow access only to the necessary ports
TFM_API_ALL_HTTP_METHODS_ENABLED	266. Disable insecure functionalities
TFM_API_GATEWAY_LOGGING_DISABLED	075. Record exceptional events in logs 079. Record exact occurrence time of events 376. Register severity level
TFM_AWS_ACL_BROAD_NETWORK_ACCESS	255. Allow access only to the necessary ports
TFM_AWS_EBS_VOLUMES_UNENCRYPTED	185. Encrypt sensitive information 300. Mask sensitive data
TFM_AWS_EC2_ALL_TRAFFIC	255. Allow access only to the necessary ports
TFM_AWS_EC2_CFN_UNRESTR_IP_PROT	255. Allow access only to the necessary ports
TFM_AWS_EC2_UNRESTRICTED_CIDRS	255. Allow access only to the necessary ports
TFM_AWS_EFS_UNENCRYPTED	185. Encrypt sensitive information 300. Mask sensitive data
TFM_AWS_ELB_LISTENER_ON_HTTP	181. Transmit data using secure protocols
TFM_AWS_ELB_WITHOUT_SSLPOLICY	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
TFM_AWS_INSEC_PROTO	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
TFM_AWS_SEC_GROUP_USING_TCP	181. Transmit data using secure protocols
TFM_AZURE_APP_LOG_DISABLED	075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system
TFM_AZURE_CLIENT_CERT_ENABLED	227. Display access notification 228. Authenticate using standard protocols 229. Request access credentials 231. Implement a biometric verification component 235. Define credential interface 264. Request authentication 323. Exclude unverifiable files
TFM_AZURE_INSEC_PROTO	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
TFM_AZURE_KEY_VAULT_NOT_RECOVER	186. Use the principle of least privilege 265. Restrict access to critical processes
TFM_AZURE_KV_DANGER_BYPASS	255. Allow access only to the necessary ports
TFM_AZURE_KV_DEFAULT_ACCESS	255. Allow access only to the necessary ports
TFM_AZURE_KV_ONLY_ACCESS_HTTPS	181. Transmit data using secure protocols
TFM_AZURE_KV_SECRET_NO_EXPIRATION	130. Limit password lifespan 138. Define lifespan for temporary passwords 140. Define OTP lifespan
TFM_AZURE_LNX_VM_INSEC_AUTH	030. Avoid object reutilization 228. Authenticate using standard protocols 319. Make authentication options equally secure
TFM_AZURE_SA_DEFAULT_ACCESS	255. Allow access only to the necessary ports
TFM_AZURE_SA_INSEC_TRANSFER	181. Transmit data using secure protocols
TFM_AZURE_SQL_LOG_RETENT	075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system
TFM_AZURE_STORAGE_LOG_DISABLED	075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system
TFM_AZURE_UNRESTRICTED_ACCESS	255. Allow access only to the necessary ports
TFM_AZURE_VM_INSEC_AUTH	030. Avoid object reutilization 228. Authenticate using standard protocols 319. Make authentication options equally secure
TFM_BUCKET_ALLOWS_PUBLIC	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
TFM_BUCKET_POLICY_SEC_TRANSPORT	181. Transmit data using secure protocols
TFM_CF_DISTR_LOG_DISABLED	075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system
TFM_COGNITO_HAS_MFA_DISABLED	229. Request access credentials 231. Implement a biometric verification component 264. Request authentication 319. Make authentication options equally secure 328. Request MFA for critical systems
TFM_CONTENT_HTTP	181. Transmit data using secure protocols
TFM_CTRAIL_LOG_NOT_VALIDATED	080. Prevent log modification
TFM_DB_NO_POINT_TIME_RECOVERY	186. Use the principle of least privilege 265. Restrict access to critical processes
TFM_DYNAMO_NOT_DEL_PROTEC	186. Use the principle of least privilege 265. Restrict access to critical processes
TFM_EBS_UNENCRYPTED_DEFAULT	266. Disable insecure functionalities
TFM_EBS_UNENCRYPTED_VOLUMES	266. Disable insecure functionalities
TFM_EC2_ASSOC_PUB_IP	266. Disable insecure functionalities
TFM_EC2_NO_IAM	266. Disable insecure functionalities
TFM_EC2_OPEN_ALL_PORTS_PUBLIC	255. Allow access only to the necessary ports
TFM_EC2_SEC_GROUPS_RFC1918	255. Allow access only to the necessary ports
TFM_EC2_UNENCRYPTED_BLOCK_DEVICES	266. Disable insecure functionalities
TFM_EC2_UNRESTRICTED_DNS	255. Allow access only to the necessary ports
TFM_EC2_UNRESTRICTED_FTP	255. Allow access only to the necessary ports
TFM_EC2_UNRESTRICTED_PORTS	255. Allow access only to the necessary ports
TFM_EKS_HAS_ENDPOINTS_PUBLICLY_ACCESSIBLE	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
TFM_ELASTICACHE_TRANSIT_ENCRYPTION_DISABLED	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
TFM_ELASTICACHE_USES_DEFAULT_PORT	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
TFM_ELB2_INSECURE_SEC_POLICY	266. Disable insecure functionalities
TFM_ELB2_INSEC_PROTO	181. Transmit data using secure protocols
TFM_ELB2_NOT_DELETION_PROTEC	186. Use the principle of least privilege 265. Restrict access to critical processes
TFM_ELB_LOGGING_DISABLED	075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system
TFM_HTTP_METHODS_ENABLED	266. Disable insecure functionalities
TFM_IAM_EXCESSIVE_ROLE_POLICY	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
TFM_IAM_FULL_ACCESS_SSM	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
TFM_IAM_MISSING_SECURITY	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
TFM_IAM_PERMISSIONS_POLICY_NOT_ACTION	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
TFM_IAM_PERMISSIONS_POLICY_NOT_RESOURCE	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
TFM_IAM_POLICY_APPLY_TO_USERS	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
TFM_IAM_TRUST_POLICY_NOT_ACTION	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
TFM_IAM_TRUST_POLICY_NOT_PRINCIPAL	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
TFM_IAM_TRUST_POLICY_WILDCARD_ACTION	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
TFM_IAM_WILDCARD_WRITE	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
TFM_INST_WITHOUT_PROFILE	255. Allow access only to the necessary ports
TFM_KMS_KEY_ROTATION_DISABLED	266. Disable insecure functionalities
TFM_KMS_MASTER_KEYS_EXPOSED	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
TFM_NEGATIVE_STATEMENT	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
TFM_PERMISSIVE_POLICY	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
TFM_POLICY_SERVER_ENCRYP_DISABLED	134. Store passwords with salt 135. Passwords with random salt 185. Encrypt sensitive information 227. Display access notification 229. Request access credentials 264. Request authentication 300. Mask sensitive data
TFM_PUBLIC_BUCKETS_ACL	096. Set user's required privileges 176. Restrict system objects 264. Request authentication 320. Avoid client-side control enforcement
TFM_RDS_INSIDE_SUBNET	255. Allow access only to the necessary ports
TFM_RDS_NOT_AUTO_BACKUPS	186. Use the principle of least privilege 265. Restrict access to critical processes
TFM_RDS_NOT_USES_IAM_AUTHENTICATION	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
TFM_RDS_NO_DELETION_PROTEC	186. Use the principle of least privilege 265. Restrict access to critical processes
TFM_RDS_PUB_ACCESSIBLE	096. Set user's required privileges 176. Restrict system objects 265. Restrict access to critical processes
TFM_RDS_UNENCRYPTED_STORAGE	134. Store passwords with salt 135. Passwords with random salt 185. Encrypt sensitive information 229. Request access credentials 264. Request authentication 300. Mask sensitive data
TFM_REDSHIFT_HAS_AUDIT_LOGS_DISABLED	075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system
TFM_REDSHIFT_HAS_ENCRYPTION_DISABLED	185. Encrypt sensitive information 300. Mask sensitive data
TFM_REDSHIFT_HAS_PUBLIC_CLUSTERS	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
TFM_REDSHIFT_HAS_USER_ACTIVITY_LOG_DISABLED	075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system
TFM_REDSHIFT_NOT_REQUIRES_SSL	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
TFM_S3_BUCKETS_ALLOW_UNAUTHORIZED_PUBLIC_ACCESS	096. Set user's required privileges 176. Restrict system objects 264. Request authentication 320. Avoid client-side control enforcement
TFM_S3_VERSIONING_DISABLED	266. Disable insecure functionalities
TFM_SNS_HAS_SERVER_SIDE_ENCRYPTION_DISABLED	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
TFM_SQS_HAS_ENCRYPTION_DISABLED	185. Encrypt sensitive information 265. Restrict access to critical processes 266. Disable insecure functionalities
TFM_SQS_IS_PUBLIC	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
TFM_TRAILS_NOT_MULTIREGION	075. Record exceptional events in logs 376. Register severity level 377. Store logs based on valid regulation 378. Use of log management system

TypeScript

Scanner method name	Related security requirement verified
TSX_LACK_OF_VALIDATION_EVENT_LISTENER	173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters
TS_CLIENT_STORAGE	177. Avoid caching and temporary files 329. Keep client-side storage without sensitive data
TS_CRYPTO_CREDENTIALS	145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities
TS_DEBUGGER_ENABLED	077. Avoid disclosing technical information 078. Disable debugging events
TS_DECODE_INSECURE_JWT_TOKEN	173. Discard unsafe inputs 320. Avoid client-side control enforcement 357. Use stateless session tokens
TS_DYNAMIC_X_PATH	173. Discard unsafe inputs
TS_HAS_REVERSE_TABNABBING	173. Discard unsafe inputs 324. Control redirects
TS_INSECURE_COMPRESSION_ALGORITHM	266. Disable insecure functionalities
TS_INSECURE_COOKIE	029. Cookies with security attributes
TS_INSECURE_CREATE_CIPHER	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
TS_INSECURE_ECDH_KEY	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
TS_INSECURE_EC_KEYPAIR	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
TS_INSECURE_ENCRYPT	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
TS_INSECURE_HASH	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
TS_INSECURE_JWT_TOKEN	228. Authenticate using standard protocols
TS_INSECURE_LOGGING	080. Prevent log modification 173. Discard unsafe inputs
TS_INSECURE_RSA_KEYPAIR	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
TS_INSEC_COOKIES	029. Cookies with security attributes
TS_INSEC_MSG_AUTH_MECHANISM	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
TS_JSON_PARSE_UNVALIDATED_DATA	173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters
TS_JWT_INSEC_SIGN_ALGORITHM	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
TS_JWT_INSEC_SIGN_ALGO_ASYNC	148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions
TS_LOCAL_STORAGE_SENS_DATA_ASSIGNMENT	173. Discard unsafe inputs 320. Avoid client-side control enforcement 357. Use stateless session tokens
TS_NON_SECURE_CONSTRUCTION_OF_COOKIES	030. Avoid object reutilization
TS_PATH_TRAVERSAL	173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters
TS_REGEX_INJECTION	072. Set maximum response time 327. Set a rate limit
TS_REMOTE_COMMAND_EXECUTION	173. Discard unsafe inputs 265. Restrict access to critical processes 266. Disable insecure functionalities
TS_SALT_IS_HARDCODED	266. Disable insecure functionalities
TS_SQL_API_INJECTION	169. Use parameterized queries 173. Discard unsafe inputs
TS_SQL_INJECTION	169. Use parameterized queries 173. Discard unsafe inputs
TS_UNNECESSARY_IMPORTS	158. Use a secure programming language
TS_UNSAFE_HTTP_XSS_PROTECTION	062. Define standard configurations 175. Protect pages from clickjacking 266. Disable insecure functionalities 349. Include HTTP security headers
TS_UNSAFE_HTTP_X_FRAME_OPTIONS	062. Define standard configurations 175. Protect pages from clickjacking 266. Disable insecure functionalities 349. Include HTTP security headers
TS_UNSAFE_ORIGIN	266. Disable insecure functionalities
TS_UNSAFE_XSS_CONTENT	029. Cookies with security attributes 173. Discard unsafe inputs
TS_USES_BYPASS_SECURITY_TRUST_URL	173. Discard unsafe inputs
TS_USES_DANGEROUSLY_SET_HTML	173. Discard unsafe inputs
TS_USES_EVAL	266. Disable insecure functionalities
TS_USES_INNERHTML	173. Discard unsafe inputs
TS_WEAK_RANDOM	223. Uniform distribution in random numbers 224. Use secure cryptographic mechanisms
TS_XML_PARSER	173. Discard unsafe inputs
TS_ZIP_SLIP	173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters
TYPESCRIPT_ACCEPTS_ANY_MIME_DEFAULT	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers
TYPESCRIPT_ACCEPTS_ANY_MIME_METHOD	062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers

.NET

Scanner method name	Related security requirement verified
DOTNETCONFIG_ANON_AUTH_ENABLED	142. Change system default credentials 264. Request authentication 265. Restrict access to critical processes 266. Disable insecure functionalities 319. Make authentication options equally secure
DOTNETCONFIG_ASP_VERSION_ENABLED	077. Avoid disclosing technical information 176. Restrict system objects
DOTNETCONFIG_EXCESSIVE_AUTH_PRIVILEGES	095. Define users with privileges 096. Set user's required privileges 186. Use the principle of least privilege
DOTNETCONFIG_HAS_DEBUG_ENABLED	077. Avoid disclosing technical information 078. Disable debugging events
DOTNETCONFIG_HAS_SSL_DISABLED	266. Disable insecure functionalities
DOTNETCONFIG_NOT_CUSTOM_ERRORS	077. Avoid disclosing technical information 176. Restrict system objects
DOTNETCONFIG_NOT_SUPPRESS_VULN_HEADER	077. Avoid disclosing technical information 176. Restrict system objects

General

Scanner method name	Related security requirement verified
NON_UPGRADEABLE_DEPS	302. Declare dependencies explicitly
UNVERIFIABLE_FILES	323. Exclude unverifiable files

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.

Security requirements by language | Fluid Attacks Help