On this page:
1.0.0-beta4
Updates
One new rule has been added, see https://technologies.castsoftware.com/rules?sec=srs_springsecurity&ref=||1.0.0-beta4:
- 1040034 "StrictHttpFirewall" should be set default HttpFirewall
Resolved issues
Internal bug fixes.
1.0.0-beta3
Updates
Newly added Spring Security rules, see https://technologies.castsoftware.com/rules?sec=srs_springsecurity&ref=||1.0.0-beta3
- 1040030 Avoid Using Generic Authentication Exception Class
- 1040032 Avoid Using ControllerAdvice And HandlerExceptionResolver Simultaneously
Resolved issues
Internal bug fixes.
1.0.0-beta2
Updates
Newly added Spring Security rules, see https://technologies.castsoftware.com/rules?sec=srs_springsecurity&ref=||1.0.0-beta2
- 1040020 Ensure to enable Spring Boot Actuator Endpoint
- 1040022 Ensure to enable Spring Boot Admin MBean
- 1040026 Ensure To Specify Http Methods In RequestMapping
1.0.0-beta1
Updates
Internal bug fixes.
1.0.0-alpha4
Updates
Newly added Spring Security rules, see https://technologies.castsoftware.com/rules?sec=srs_springsecurity&ref=||1.0.0-beta1:
- 1040014 CWE-439:Avoid using Spring Security's debug mode
- 1040016 PermitAll or user role should be specified to access URL(s) of the application
- 1040018 X-Frame-Option should be correctly set to avoid Clickjacking attack
1.0.0-alpha3
Updates
Improvements in Masterfiles for rules.
1.0.0-alpha1 and 1.0.0-alpha2
Updates
Implementation of a set of rules to check Spring Security aspects such as Authentication, CSRF protection and others. These rules are Compliant with CWE and OWASP T0P 10 Standards for security. Newly added Spring Security rules:
- 1040002 Spring Security CSRF Protection must not be disabled
- 1040004 Ensure that any application request uses basic HTTP authentication
- 1040006 Ensure that Content-Security-Policy is set for Spring Application
- 1040008 Ensure that form login is declared after requesting authorization and authentication
- 1040010 Cookies must be deleted during the logout
- 1040012 Ensure that HTTP Session has been Invalidating during logout