File or directory created with insecure permissions RS-A1001
Security
Excessive permissions are granted to a file or directory. This issue is raised
when a permission mode greater than 0o755 is given.
Audit required: Sensitive cookie without secure attribute RS-A1002
Security
Cookies set without the secure flag can cause the user agent to send those
cookies in plaintext over an HTTP session with the same server. This can lead
to man-in-the-middle
attacks.
Audit required: Sensitive cookie without HttpOnly attribute RS-A1003
Security
Cookies set without the HttpOnly flag can be read by a client-side script,
leading to cookie theft from Cross-Site Scripting
(XSS) attacks.
Audit required: Exposure of sensitive headers RS-A1004
Security
Use of headers such as "Server", "X-Powered-By" and "X-AspNet-Version" can leak sensitive information of your application and server. Avoid using these headers if possible.
Found usage of cryptographically insecure algorithm RS-S1004
Security
Certain cryptographic algorithms are known to be cryptographically insecure and should be avoided.