JAVASCRIPT_ACCEPTS_ANY_MIME_DEFAULT | 062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers |
JAVASCRIPT_ACCEPTS_ANY_MIME_METHOD | 062. Define standard configurations 266. Disable insecure functionalities 349. Include HTTP security headers |
JSX_LACK_OF_VALIDATION_EVENT_LISTENER | 173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters |
JS_CLIENT_STORAGE | 177. Avoid caching and temporary files 329. Keep client-side storage without sensitive data |
JS_CRYPTO_CREDENTIALS | 145. Protect system cryptographic keys 156. Source code without sensitive information 266. Disable insecure functionalities |
JS_DEBUGGER_ENABLED | 077. Avoid disclosing technical information 078. Disable debugging events |
JS_DECODE_INSECURE_JWT_TOKEN | 173. Discard unsafe inputs 320. Avoid client-side control enforcement 357. Use stateless session tokens |
JS_DYNAMIC_X_PATH | 173. Discard unsafe inputs |
JS_HAS_REVERSE_TABNABBING | 173. Discard unsafe inputs 324. Control redirects |
JS_INSECURE_COMPRESSION_ALGORITHM | 266. Disable insecure functionalities |
JS_INSECURE_COOKIE | 029. Cookies with security attributes |
JS_INSECURE_CREATE_CIPHER | 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions |
JS_INSECURE_ECDH_KEY | 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions |
JS_INSECURE_EC_KEYPAIR | 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions |
JS_INSECURE_ENCRYPT | 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions |
JS_INSECURE_HASH | 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions |
JS_INSECURE_HASH_LIBRARY | 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions |
JS_INSECURE_JWT_TOKEN | 228. Authenticate using standard protocols |
JS_INSECURE_LOGGING | 080. Prevent log modification 173. Discard unsafe inputs |
JS_INSECURE_RSA_KEYPAIR | 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions |
JS_INSEC_COOKIES | 029. Cookies with security attributes |
JS_INSEC_MSG_AUTH_MECHANISM | 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions |
JS_JSON_PARSE_UNVALIDATED_DATA | 173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters |
JS_JWT_INSEC_SIGN_ALGORITHM | 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions |
JS_JWT_INSEC_SIGN_ALGO_ASYNC | 148. Set minimum size of asymmetric encryption 149. Set minimum size of symmetric encryption 150. Set minimum size for hash functions 181. Transmit data using secure protocols 336. Disable insecure TLS versions |
JS_LOCAL_STORAGE_SENS_DATA_ASSIGNMENT | 173. Discard unsafe inputs 320. Avoid client-side control enforcement 357. Use stateless session tokens |
JS_LOCAL_STORAGE_WITH_SENSITIVE_DATA | 173. Discard unsafe inputs 320. Avoid client-side control enforcement 357. Use stateless session tokens |
JS_NON_SECURE_CONSTRUCTION_OF_COOKIES | 030. Avoid object reutilization |
JS_PATH_TRAVERSAL | 173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters |
JS_REGEX_INJECTION | 072. Set maximum response time 327. Set a rate limit |
JS_REMOTE_COMMAND_EXECUTION | 173. Discard unsafe inputs 265. Restrict access to critical processes 266. Disable insecure functionalities |
JS_SALT_IS_HARDCODED | 266. Disable insecure functionalities |
JS_SQL_API_INJECTION | 169. Use parameterized queries 173. Discard unsafe inputs |
JS_SQL_INJECTION | 169. Use parameterized queries 173. Discard unsafe inputs |
JS_UNNECESSARY_IMPORTS | 158. Use a secure programming language |
JS_UNSAFE_HTTP_XSS_PROTECTION | 062. Define standard configurations 175. Protect pages from clickjacking 266. Disable insecure functionalities 349. Include HTTP security headers |
JS_UNSAFE_HTTP_X_FRAME_OPTIONS | 062. Define standard configurations 175. Protect pages from clickjacking 266. Disable insecure functionalities 349. Include HTTP security headers |
JS_UNSAFE_ORIGIN | 266. Disable insecure functionalities |
JS_UNSAFE_XSS_CONTENT | 029. Cookies with security attributes 173. Discard unsafe inputs |
JS_USES_BYPASS_SECURITY_TRUST_URL | 173. Discard unsafe inputs |
JS_USES_DANGEROUSLY_SET_HTML | 173. Discard unsafe inputs |
JS_USES_EVAL | 266. Disable insecure functionalities |
JS_USES_INNERHTML | 173. Discard unsafe inputs |
JS_WEAK_RANDOM | 223. Uniform distribution in random numbers 224. Use secure cryptographic mechanisms |
JS_XML_PARSER | 173. Discard unsafe inputs |
JS_ZIP_SLIP | 173. Discard unsafe inputs 320. Avoid client-side control enforcement 342. Validate request parameters |