Tag: access-control
Manually creating text-based IAM policies is error-prone.
Rule to detect lack of authorization check when using address ID.
Find usages of not recommended classes for AWS Credentials and suggest replacing them with something else.
JWTs should not be parsed using the parse
method.
Comment parsing for OpenSAML2 might enable an attacker to bypass authentication.
Unauthenticated LDAP requests can allow untrusted access to LDAP servers.
Credentials that are stored in clear text can be intercepted by a malicious actor.
Session fixation might allow an attacker to steal authenticated session IDs.
Weak file permissions can lead to privilege escalation.