• Home
• org.sonarsource.java
• java-checks
• 3.13
• source code
• S3369.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.java.rules.squid.S3369.html Maven / Gradle / Ivy

Websphere, Tomcat, and JBoss web servers allow the definition of role-based access to servlets. It may not be granular enough for your purposes, but it's a start, and should be used at least as a base.
This rule raises an issue when a web.xml file has no <security-contraint> elements.

See

 MITRE, CWE-284 - Improper Access Control
 OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control