...
Info |
---|
Main features of this release are:
|
...
- OPT.VBNET.CodeInjection
- OPT.VBNET.CodeInjectionWithDeserialization
- OPT.VBNET.CommandInjection
- OPT.VBNET.CrossSiteRequestForgery
- OPT.VBNET.CrossSiteScripting
- OPT.VBNET.DoSRegexp
- OPT.VBNET.InsecureRandomness
- OPT.VBNET.JSONInjection
- OPT.VBNET.LdapInjection
- OPT.VBNET.MVCNonActionPublicMethods
- OPT.VBNET.MVCPostInControllers
- OPT.VBNET.MVCPreventOverpostingModelDefinition
- OPT.VBNET.MVCPreventUnderpostingModelComposition
- OPT.VBNET.MVCPreventUnderpostingModelDefinition
- OPT.VBNET.MVCRemoveVersionHeader
- OPT.VBNET.OpenRedirect
- OPT.VBNET.PathTraversal
- OPT.VBNET.PotentialInfiniteLoop
- OPT.VBNET.ResourceLeakDatabase
- OPT.VBNET.ResourceLeakLdap
- OPT.VBNET.ResourceLeakStream
- OPT.VBNET.ResourceLeakUnmanaged
- OPT.VBNET.SEC.AccessibilitySubversionRule
- OPT.VBNET.SEC.AnonymousLdapBind
- OPT.VBNET.SEC.AvoidHostNameChecks
- OPT.VBNET.SEC.ConnectionStringParameterPollution
- OPT.VBNET.SEC.CookiesInSecurityDecision
- OPT.VBNET.SEC.CrossSiteHistoryManipulation
- OPT.VBNET.SEC.DangerousFileUpload
- OPT.VBNET.SEC.HardcodedCredential
- OPT.VBNET.SEC.HardcodedCryptoKey
- OPT.VBNET.SEC.HardcodedNetworkAddress
- OPT.VBNET.SEC.HardcodedSalt
- OPT.VBNET.SEC.HttpParameterPollution
- OPT.VBNET.SEC.HttpRequestValueShadowing
- OPT.VBNET.SEC.HttpSplittingRule
- OPT.VBNET.SEC.ImproperAuthentication
- OPT.VBNET.SEC.InformationExposureThroughDebugLog
- OPT.VBNET.SEC.InformationExposureThroughErrorMessage
- OPT.VBNET.SEC.InsecureEmailTransport
- OPT.VBNET.SEC.InsecureTransport
- OPT.VBNET.SEC.LogForging
- OPT.VBNET.SEC.MailCommandInjection
- OPT.VBNET.SEC.MainMethodInWebApplication
- OPT.VBNET.SEC.MissingStandardErrorHandling
- OPT.VBNET.SEC.NoSQLInjection
- OPT.VBNET.SEC.PlaintextStorageOfPassword
- OPT.VBNET.SEC.ProcessControl
- OPT.VBNET.SEC.ProperPaddingWithPublicKeyCrypto
- OPT.VBNET.SEC.RegistryManipulation
- OPT.VBNET.SEC.ResourceInjection
- OPT.VBNET.SEC.SerializableClassContainingSensitiveData
- OPT.VBNET.SEC.ServerInsecureTransport
- OPT.VBNET.SEC.SettingManipulation
- OPT.VBNET.SEC.StaticDatabaseConnection
- OPT.VBNET.SEC.TemporaryFilesLeft
- OPT.VBNET.SEC.TrustBoundaryViolation
- OPT.VBNET.SEC.UnsafeCookieRule
- OPT.VBNET.SEC.UnsafeReflection
- OPT.VBNET.SEC.UnvalidatedAspNetModel
- OPT.VBNET.SEC.UserControlledSQLPrimaryKey
- OPT.VBNET.SEC.XMLEntityInjection
- OPT.VBNET.ServerSideRequestForgery
- OPT.VBNET.SqlInjection
- OPT.VBNET.StoredCrossSiteScripting
- OPT.VBNET.SystemInformationLeak
- OPT.VBNET.TooMuchOriginsAllowed
- OPT.VBNET.UncheckedInputInLoopCondition
- OPT.VBNET.UncheckedReturnValue
- OPT.VBNET.WeakCryptographicHash
- OPT.VBNET.WeakEncryption
- OPT.VBNET.WeakKeySize
- OPT.VBNET.WeakSymmetricEncryptionAlgorithm
- OPT.VBNET.WeakSymmetricEncryptionModeOfOperation
- OPT.VBNET.XMLInjection
- OPT.VBNET.XPathInjection
- OPT.VBNET.XQueryInjection
- OPT.VBNET.XSLTInjection
New Objective-C security rules
- OPT.OBJECTIVEC.SECURITY.AvoidSMS
- OPT.OBJECTIVEC.SECURITY.BiometricWithoutMessage
- OPT.OBJECTIVEC.SECURITY.CommandInjectionRule
- OPT.OBJECTIVEC.SECURITY.ConnectionStringParameterPollution
- OPT.OBJECTIVEC.SECURITY.ExecutionAfterRedirect
- OPT.OBJECTIVEC.SECURITY.HardcodedCryptoKey
- OPT.OBJECTIVEC.SECURITY.HardcodedIp
- OPT.OBJECTIVEC.SECURITY.HardcodedUsernamePassword
- OPT.OBJECTIVEC.SECURITY.HttpParameterPollutionRule
- OPT.OBJECTIVEC.SECURITY.HttpResponseCachingLeak
- OPT.OBJECTIVEC.SECURITY.HttpSplittingRule
- OPT.OBJECTIVEC.SECURITY.InformationExposureThroughErrorMessage
- OPT.OBJECTIVEC.SECURITY.InsecureTemporaryFile
- OPT.OBJECTIVEC.SECURITY.KeyboardCachingLeak
- OPT.OBJECTIVEC.SECURITY.MailCommandInjection
- OPT.OBJECTIVEC.SECURITY.MissingContentValidation
- OPT.OBJECTIVEC.SECURITY.MissingPasswordFieldMasking
- OPT.OBJECTIVEC.SECURITY.NoSQLInjection
- OPT.OBJECTIVEC.SECURITY.LogForging
- OPT.OBJECTIVEC.SECURITY.PasswordInCommentRule
- OPT.OBJECTIVEC.SECURITY.PasswordInConfigurationFile
- OPT.OBJECTIVEC.SECURITY.PasteboardCachingLeak
- OPT.OBJECTIVEC.SECURITY.PlaintextStorageInACookieRule
- OPT.OBJECTIVEC.SECURITY.PotentialInfiniteLoop
- OPT.OBJECTIVEC.SECURITY.PrivacyViolation
- OPT.OBJECTIVEC.SECURITY.ResourceInjection
- OPT.OBJECTIVEC.SECURITY.ScreenCachingLeak
- OPT.OBJECTIVEC.SECURITY.SensitiveCoreData
- OPT.OBJECTIVEC.SECURITY.SensitiveDataAccessedFromItunes
- OPT.OBJECTIVEC.SECURITY.SensitiveNoSQL
- OPT.OBJECTIVEC.SECURITY.SensitiveSQL
- OPT.OBJECTIVEC.SECURITY.SensitiveUserDefaults
- OPT.OBJECTIVEC.SECURITY.SerializableClassContainingSensitiveData
- OPT.OBJECTIVEC.SECURITY.SerializationInjection
- OPT.OBJECTIVEC.SECURITY.ServerTrustCredentialCheck
- OPT.OBJECTIVEC.SECURITY.ThirdPartyKeyboardAllowed
- OPT.OBJECTIVEC.SECURITY.UncheckedInputInLoopCondition
- OPT.OBJECTIVEC.SECURITY.UnsafeCookie
- OPT.OBJECTIVEC.SECURITY.URLSchemeHijacking
- OPT.OBJECTIVEC.SECURITY.UserControlledSQLPrimaryKey
- OPT.OBJECTIVEC.SECURITY.WeakKeyDerivationIteration
- OPT.OBJECTIVEC.SECURITY.WeakKeyDerivationPassword
- OPT.OBJECTIVEC.SECURITY.XMLInjection
(*) You can find new rules by comparing this release of CQM against previous version.
...