Best Practices


Veracode for VS Code detects coding best practices in which the code has protected the application against specific Common Weakness Enumerations (CWEs). The Best Practices link opens a list of the coding best practices detected during the Veracode for VS Code scan and the CWEs avoided.

Veracode for VS Code can detect when a coding best practice is present against the following CWEs:
  • Taint-based CWEs
    • CWE 80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    • CWE 93: Improper Neutralization of CRLF Sequences (CRLF Injection)
    • CWE 113: Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Response Splitting)
    • CWE 117: Improper Output Neutralization for Logs
    • CWE 201: Information Exposure Through Sent Data
    • CWE 611: Improper Restriction of XML External Entity Reference (XXE)
  • Non-taint based CWEs
    • CWE 326: Inadequate Encryption Strength
    • CWE 327: Use of a Broken or Risky Cryptographic Algorithm
    • CWE 329: Not Using a Random IV with CBC Mode
    • CWE 331: Insufficient Entropy
    • CWE 338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
    • CWE 780: Use of RSA Algorithm without OAEP