CAST AIP Technologies

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »


On this page:

1.0.0-beta4

Updates

One new rule has been added, see https://technologies.castsoftware.com/rules?sec=srs_springsecurity&ref=||1.0.0-beta4:

  • 1040034 "StrictHttpFirewall" should be set default HttpFirewall

Resolved issues

Internal bug fixes.

1.0.0-beta3

Updates

Newly added Spring Security rules, see https://technologies.castsoftware.com/rules?sec=srs_springsecurity&ref=||1.0.0-beta3

  • 1040030 Avoid Using Generic Authentication Exception Class
  • 1040032 Avoid Using ControllerAdvice And HandlerExceptionResolver Simultaneously

Resolved issues

Internal bug fixes.

1.0.0-beta2

Updates

Newly added Spring Security rules, see https://technologies.castsoftware.com/rules?sec=srs_springsecurity&ref=||1.0.0-beta2

  • 1040020 Ensure to enable Spring Boot Actuator Endpoint
  • 1040022 Ensure to enable Spring Boot Admin MBean
  • 1040026 Ensure To Specify Http Methods In RequestMapping

1.0.0-beta1

Updates

Internal bug fixes.

1.0.0-alpha4

Updates

Newly added Spring Security rules, see https://technologies.castsoftware.com/rules?sec=srs_springsecurity&ref=||1.0.0-beta1:

  • 1040014 CWE-439:Avoid using Spring Security's debug mode
  • 1040016 PermitAll or user role should be specified to access URL(s) of the application
  • 1040018 X-Frame-Option should be correctly set to avoid Clickjacking attack

1.0.0-alpha3

Updates

Improvements in Masterfiles for rules.

1.0.0-alpha1 and 1.0.0-alpha2

Updates

Implementation of a set of rules to check Spring Security aspects such as Authentication, CSRF protection and others. These rules are Compliant with CWE and OWASP T0P 10 Standards for security. Newly added Spring Security rules:

  • 1040002 Spring Security CSRF Protection must not be disabled
  • 1040004 Ensure that any application request uses basic HTTP authentication
  • 1040006 Ensure that Content-Security-Policy is set for Spring Application
  • 1040008 Ensure that form login is declared after requesting authorization and authentication
  • 1040010 Cookies must be deleted during the logout
  • 1040012 Ensure that HTTP Session has been Invalidating during logout
  • No labels