Java Developer Tools

Audit - Rules - JSP

Description
This group contains audit rules that check the content of JSP files.

Rules:

Details

Disallow Temporary Sessions

Summary
JSP pages should not allow temporary sessions.

Description
This audit rule checks for JSP files that do not contain a page directive that explicitly disallows temporary sessions.

Don't use HTML Comments

Summary
JSP pages should not use HTML comments.

Description
This audit rule looks for uses of HTML comments within JSP pages. HTML comments should not be used because they end up being sent to the client, increasing network traffic and potentially making internal implementation details visible.

Example
The following uses of an HTML comment would be flagged as a violation:

    <!-- Backdoor hack -->

Specify an Error Page

Authentication required

You need to be signed in with Google+ to do that.

Signing you in...

Google Developers needs your permission to do that.