| JMX_HEADER_BASIC | 030. Avoid object reutilization
228. Authenticate using standard protocols
319. Make authentication options equally secure |
| JSON_ALLOWED_HOSTS | 266. Disable insecure functionalities |
| JSON_ANON_CONNECTION_CONFIG | 142. Change system default credentials
264. Request authentication
265. Restrict access to critical processes
266. Disable insecure functionalities
319. Make authentication options equally secure |
| JSON_DISABLE_HOST_CHECK | 266. Disable insecure functionalities |
| JSON_HTTPS_FLAG_MISSING | 181. Transmit data using secure protocols |
| JSON_PRINCIPAL_WILDCARD | 095. Define users with privileges
096. Set user's required privileges
186. Use the principle of least privilege |
| JSON_SSL_PORT_MISSING | 185. Encrypt sensitive information
266. Disable insecure functionalities |
| JWT_TOKEN | 145. Protect system cryptographic keys
156. Source code without sensitive information
266. Disable insecure functionalities |
| SENSITIVE_INFO_DOTNET_JSON | 145. Protect system cryptographic keys
156. Source code without sensitive information
266. Disable insecure functionalities |
| SENSITIVE_INFO_JSON | 145. Protect system cryptographic keys
156. Source code without sensitive information
266. Disable insecure functionalities |
| SENSITIVE_KEY_JSON | 145. Protect system cryptographic keys
156. Source code without sensitive information
266. Disable insecure functionalities |
| TSCONFIG_SOURCEMAP_ENABLED | 077. Avoid disclosing technical information
176. Restrict system objects |
| WEB_DB_CONN | 145. Protect system cryptographic keys
156. Source code without sensitive information
266. Disable insecure functionalities |
| WEB_USER_PASS | 145. Protect system cryptographic keys
156. Source code without sensitive information
266. Disable insecure functionalities |
| XML_ACCEPT_HEADER | 062. Define standard configurations
266. Disable insecure functionalities
349. Include HTTP security headers |
| XML_ALLOWS_ALL_DOMAINS | 266. Disable insecure functionalities |
| XML_BASIC_AUTH_METHOD | 030. Avoid object reutilization
228. Authenticate using standard protocols
319. Make authentication options equally secure |
| XML_HAS_X_XSS_PROTECTION_HEADER | 062. Define standard configurations
175. Protect pages from clickjacking
266. Disable insecure functionalities
349. Include HTTP security headers |
| XML_HEADER_ALLOW_ALL_METHODS | 266. Disable insecure functionalities |
| XML_HEADER_ALLOW_DANGER_METHODS | 266. Disable insecure functionalities |
| XML_INSECURE_CONFIGURATION | 130. Limit password lifespan
138. Define lifespan for temporary passwords
140. Define OTP lifespan |
| XML_NETWORK_SSL_DISABLED | 181. Transmit data using secure protocols |
| XML_X_FRAME_OPTIONS | 062. Define standard configurations
175. Protect pages from clickjacking
266. Disable insecure functionalities
349. Include HTTP security headers |