This group contains audit rules that check the content of JSP files.
JSP pages should not allow temporary sessions.
This audit rule checks for JSP files that do not contain a page directive that explicitly disallows temporary sessions.
JSP pages should not use HTML comments.
This audit rule looks for uses of HTML comments within JSP pages. HTML comments should not be used because they end up being sent to the client, increasing network traffic and potentially making internal implementation details visible.
The following uses of an HTML comment would be flagged as a violation:
<!-- Backdoor hack -->