Veracode Greenlight detects coding best practices in which the code has protected the application against specific Common Weakness Enumerations (CWEs).
The Best Practices link opens a list of the coding best practices detected during the Veracode for VS Code scan and the CWEs avoided.
- Taint-based CWEs
- CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
- CWE-93: Improper Neutralization of CRLF Sequences (CRLF Injection)
- CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Response Splitting)
- CWE-117: Improper Output Neutralization for Logs
- CWE-201: Information Exposure Through Sent Data
- CWE-611: Improper Restriction of XML External Entity Reference (XXE)
- Non-taint based CWEs
- CWE-326: Inadequate Encryption Strength
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
- CWE-329: Not Using a Random IV with CBC Mode
- CWE-331: Insufficient Entropy
- CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
- CWE-780: Use of RSA Algorithm without OAEP