CodeSent Rules - Comprehensive API Security & Static Analysis

ServiceCallout BasicAuthentication JavaScript OAuthV2

Name	Severity	Scopes	Tags	Links
Connection to the system is not encrypted	Critical	ServiceCallout MessageLogging Target	Data in Transit	CWE-319
Lack of certificate validation	Critical	ServiceCallout MessageLogging Target	Data in Transit	CWE-295
No TLS protocol specified in connection definition	High	ServiceCallout MessageLogging Target	Data in Transit	CWE-327
Use of weak hash algorithms	High	AssignMessage HMAC JavaScript	Secure Configuration	CWE-327
Insecure token expiration configuration	Medium	OAuthV2	Secure Configuration	CWE-613
ServiceCallout policy uses default message object as a request	Medium	ServiceCallout	Code Quality	CWE-200
ServiceCallout policy uses default message object as a response	Medium	ServiceCallout	Code Quality	CWE-200