rspec/rules/S5332/recommended.adoc

== Recommended Secure Coding Practices

* Make application data transit over a secure, authenticated and encrypted protocol like TLS or SSH. Here are a few alternatives to the most common clear-text protocols:
** Use ``++ssh++`` as an alternative to ``++telnet++``.
** Use ``++sftp++``, ``++scp++``, or ``++ftps++`` instead of ``++ftp++``.
** Use ``++https++`` instead of ``++http++``.
** Use ``++SMTP++`` over ``++SSL/TLS++`` or ``++SMTP++`` with ``++STARTTLS++`` instead of clear-text SMTP.
* Enable encryption of cloud components communications whenever it is possible.
* Configure your application to block mixed content when rendering web pages.
* If available, enforce OS-level deactivation of all clear-text traffic.


It is recommended to secure all transport channels, even on local networks, as it can take a single non-secure connection to compromise an entire application or system.
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`== Recommended Secure Coding Practices`

Modify rule S5332: Improve description (#474) 2021-10-14 16:12:59 +02:00			`* Make application data transit over a secure, authenticated and encrypted protocol like TLS or SSH. Here are a few alternatives to the most common clear-text protocols:`
Create rule S5332: Using clear-text protocols is security-sensitive (#1422) 2022-11-25 17:07:05 +01:00			** Use ``++ssh++`` as an alternative to ``++telnet++``.
			** Use ``++sftp++``, ``++scp++``, or ``++ftps++`` instead of ``++ftp++``.
			** Use ``++https++`` instead of ``++http++``.
			** Use ``++SMTP++`` over ``++SSL/TLS++`` or ``++SMTP++`` with ``++STARTTLS++`` instead of clear-text SMTP.
			`* Enable encryption of cloud components communications whenever it is possible.`
Modify rule S5332[java]: support Android WebView insecure mixed content policy (#458) 2021-10-12 09:21:31 +02:00			`* Configure your application to block mixed content when rendering web pages.`
Create rule S5332: Using clear-text protocols is security-sensitive (#1422) 2022-11-25 17:07:05 +01:00			`* If available, enforce OS-level deactivation of all clear-text traffic.`
Create rule S5332[xml] (#455) 2021-10-13 12:21:04 +02:00
Add rules 5000-5999 2020-06-30 12:50:28 +02:00
Create rule S5332: Using clear-text protocols is security-sensitive (#1422) 2022-11-25 17:07:05 +01:00			`It is recommended to secure all transport channels, even on local networks, as it can take a single non-secure connection to compromise an entire application or system.`