Audit - Rules - JSPDescriptionThis group contains audit rules that check the content of JSP files. |
Rules: |
Summary
JSP pages should not allow temporary sessions.
Description
This audit rule checks for JSP files that do not contain a page directive that explicitly disallows temporary sessions.
Summary
JSP pages should not use HTML comments.
Description
This audit rule looks for uses of HTML comments within JSP pages. HTML comments should not be used because they end up being sent to the client, increasing network traffic and potentially making internal implementation details visible.
Example
The following uses of an HTML comment would be flagged as a violation:
<!-- Backdoor hack -->
Summary
JSP pages should specify an error page.
Description
This audit rule finds JSP files that do not contain a page directive that specifies the error page to use.