Update security rules: add OWASP Mobile Top 10 2024 security standard (APPSEC-2383) (#4660)

2025-02-19 17:19:00 +01:00 · 2025-02-19 17:19:00 +01:00 · e769e586c9
commit e769e586c9
parent c046fc94c4
171 changed files with 1571 additions and 366 deletions
--- a/rspec-tools/rspec_tools/validation/rule-metadata-schema.json
+++ b/rspec-tools/rspec_tools/validation/rule-metadata-schema.json
@ -156,6 +156,15 @@
          },
          "uniqueItems": true
        },
        "OWASP Mobile Top 10 2024": {
          "type": "array",
          "minItems": 0,
          "items": { 
            "type": "string",
            "pattern": "^M([1-9]|10)$"
          },
          "uniqueItems": true
        },
        "PCI DSS 3.2": {
          "type": "array",
          "minItems": 0,
--- a/rules/S2053/common/resources/standards-mobile.adoc
+++ b/rules/S2053/common/resources/standards-mobile.adoc
@ -0,0 +1,9 @@
 === Standards
 * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
 * OWASP - https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m10-insufficient-cryptography[Mobile Top 10 2024 Category M10 - Insufficient Cryptography]
 * CWE - https://cwe.mitre.org/data/definitions/759[CWE-759 - Use of a One-Way Hash without a Salt]
 * CWE - https://cwe.mitre.org/data/definitions/760[CWE-760 - Use of a One-Way Hash with a Predictable Salt]
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222542[Application Security and Development: V-222542] - The application must only store cryptographic representations of passwords.
--- a/rules/S2053/java/metadata.json
+++ b/rules/S2053/java/metadata.json
@ -1,3 +1,26 @@
 {
-  
+    "securityStandards": {
        "CWE": [
          759,
          760
        ],
        "OWASP": [
          "A3"
        ],
        "OWASP Top 10 2021": [
          "A2"
        ],
        "OWASP Mobile Top 10 2024": [
          "M10"
        ],
        "PCI DSS 3.2": [
          "6.5.10"
        ],
        "PCI DSS 4.0": [
          "6.2.4"
        ],
        "STIG ASD_V5R3": [
          "V-222542"
        ]
      } 
 }
--- a/rules/S2053/java/rule.adoc
+++ b/rules/S2053/java/rule.adoc
@ -14,7 +14,7 @@ include::how-to-fix-it/java-se.adoc[]
 == Resources
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S2053/kotlin/metadata.json
+++ b/rules/S2053/kotlin/metadata.json
@ -1,3 +1,26 @@
 {
-  
+  "securityStandards": {
    "CWE": [
      759,
      760
    ],
    "OWASP": [
      "A3"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
    "OWASP Mobile Top 10 2024": [
      "M10"
    ],
    "PCI DSS 3.2": [
      "6.5.10"
    ],
    "PCI DSS 4.0": [
      "6.2.4"
    ],
    "STIG ASD_V5R3": [
      "V-222542"
    ]
  }
 }
--- a/rules/S2053/kotlin/rule.adoc
+++ b/rules/S2053/kotlin/rule.adoc
@ -14,7 +14,7 @@ include::how-to-fix-it/java-se.adoc[]
 == Resources
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S2076/common/resources/standards-mobile.adoc
+++ b/rules/S2076/common/resources/standards-mobile.adoc
@ -0,0 +1,10 @@
 === Standards
 * OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation[Mobile Top 10 2024 Category M4 - Insufficient Input/Output Validation]
 * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation]
 * CWE - https://cwe.mitre.org/data/definitions/78[CWE-78 - Improper Neutralization of Special Elements used in an OS Command]
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222604[Application Security and Development: V-222604] - The application must protect from command injection.
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities.
--- a/rules/S2076/java/metadata.json
+++ b/rules/S2076/java/metadata.json
@ -1,3 +1,33 @@
 {
-  
+  "securityStandards": {
    "CWE": [
      20,
      78
    ],
    "OWASP": [
      "A1"
    ],
    "OWASP Top 10 2021": [
      "A3"
    ],
    "OWASP Mobile Top 10 2024": [
      "M4"
    ],
    "PCI DSS 3.2": [
      "6.5.1"
    ],
    "PCI DSS 4.0": [
      "6.2.4"
    ],
    "ASVS 4.0": [
      "12.3.5",
      "5.1.3",
      "5.1.4",
      "5.3.8"
    ],
    "STIG ASD_V5R3": [
      "V-222604",
      "V-222609"
    ]
  }  
 }
--- a/rules/S2076/java/rule.adoc
+++ b/rules/S2076/java/rule.adoc
@ -14,7 +14,7 @@ include::how-to-fix-it/java-se.adoc[]
 include::../common/resources/docs.adoc[]
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S2083/common/resources/standards-mobile.adoc
+++ b/rules/S2083/common/resources/standards-mobile.adoc
@ -0,0 +1,11 @@
 === Standards
 * OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control]
 * OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation[Mobile Top 10 2024 Category M4 - Insufficient Input/Output Validation]
 * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation]
 * CWE - https://cwe.mitre.org/data/definitions/22[CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')]
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities.
--- a/rules/S2083/java/metadata.json
+++ b/rules/S2083/java/metadata.json
@ -1,3 +1,33 @@
 {
-  
+  "securityStandards": {
    "CWE": [
      20,
      22
    ],
    "OWASP": [
      "A5",
      "A1"
    ],
    "OWASP Top 10 2021": [
      "A1",
      "A3"
    ],
    "OWASP Mobile Top 10 2024": [
      "M4"
    ],
    "PCI DSS 3.2": [
      "6.5.8"
    ],
    "PCI DSS 4.0": [
      "6.2.4"
    ],
    "ASVS 4.0": [
      "12.3.1",
      "5.1.3",
      "5.1.4"
    ],
    "STIG ASD_V5R3": [
      "V-222609"
    ]
  }  
 }
--- a/rules/S2083/java/rule.adoc
+++ b/rules/S2083/java/rule.adoc
@ -10,7 +10,7 @@ include::how-to-fix-it/java-se.adoc[]
 == Resources
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S2245/cfamily/metadata.json
+++ b/rules/S2245/cfamily/metadata.json
@ -18,12 +18,6 @@
    "OWASP": [
      "A3"
    ],
    "OWASP Mobile": [
      "M5"
    ],
    "MASVS": [
      "MSTG-CRYPTO-6"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
--- a/rules/S2245/cfamily/rule.adoc
+++ b/rules/S2245/cfamily/rule.adoc
@ -38,17 +38,8 @@ void f() {
 }
 ----
-== See
+include::../see.adoc[]
 * OWASP - https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#secure-random-number-generation[Secure Random Number Generation Cheat Sheet]
 * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
 * CWE - https://cwe.mitre.org/data/definitions/338[CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)]
 * CWE - https://cwe.mitre.org/data/definitions/330[CWE-330 - Use of Insufficiently Random Values]
 * CWE - https://cwe.mitre.org/data/definitions/326[CWE-326 - Inadequate Encryption Strength]
 * CWE - https://cwe.mitre.org/data/definitions/1241[CWE-1241 - Use of Predictable Algorithm in Random Number Generator]
 * https://wiki.sei.cmu.edu/confluence/x/UNcxBQ[CERT, MSC30-C.] - Do not use the rand() function for generating pseudorandom numbers
 * https://wiki.sei.cmu.edu/confluence/x/2ns-BQ[CERT, MSC50-CPP.] - Do not use std::rand() for generating pseudorandom numbers
 * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#PREDICTABLE_RANDOM[Predictable Pseudo Random Number Generator]
--- a/rules/S2245/java/metadata.json
+++ b/rules/S2245/java/metadata.json
@ -17,6 +17,9 @@
    "OWASP Mobile": [
      "M5"
    ],
    "OWASP Mobile Top 10 2024": [
      "M10"
    ],
    "MASVS": [
      "MSTG-CRYPTO-6"
    ],
--- a/rules/S2245/java/rule.adoc
+++ b/rules/S2245/java/rule.adoc
@ -27,19 +27,12 @@ byte bytes[] = new byte[20];
 random.nextBytes(bytes);
 ----
-== See
+include::../see.adoc[]
 * OWASP - https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#secure-random-number-generation[Secure Random Number Generation Cheat Sheet]
 * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
-* CWE - https://cwe.mitre.org/data/definitions/338[CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)]
+* OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m10-insufficient-cryptography[Mobile Top 10 2024 Category M10 - Insufficient Cryptography]
 * CWE - https://cwe.mitre.org/data/definitions/330[CWE-330 - Use of Insufficiently Random Values]
 * CWE - https://cwe.mitre.org/data/definitions/326[CWE-326 - Inadequate Encryption Strength]
 * CWE - https://cwe.mitre.org/data/definitions/1241[CWE-1241 - Use of Predictable Algorithm in Random Number Generator]
 * https://wiki.sei.cmu.edu/confluence/x/oTdGBQ[CERT, MSC02-J.] - Generate strong random numbers
 * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#PREDICTABLE_RANDOM[Predictable Pseudo Random Number Generator]
 ifdef::env-github,rspecator-view[]
--- a/rules/S2245/kotlin/metadata.json
+++ b/rules/S2245/kotlin/metadata.json
@ -1,3 +1,29 @@
 {
  "securityStandards": {
    "CWE": [
      326,
      330,
      338,
      1241
    ],
    "OWASP": [
      "A3"
    ],
    "OWASP Mobile": [
      "M5"
    ],
    "OWASP Mobile Top 10 2024": [
      "M10"
    ],
    "MASVS": [
      "MSTG-CRYPTO-6"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
    "ASVS 4.0": [
      "6.2.4"
    ]
  },
  "quickfix": "unknown"
 }
--- a/rules/S2245/kotlin/rule.adoc
+++ b/rules/S2245/kotlin/rule.adoc
@ -23,6 +23,10 @@ random.nextBytes(bytes)
 include::../see.adoc[]
 * OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m10-insufficient-cryptography[Mobile Top 10 2024 Category M10 - Insufficient Cryptography]
 ifdef::env-github,rspecator-view[]
 '''
--- a/rules/S2245/metadata.json
+++ b/rules/S2245/metadata.json
@ -37,12 +37,6 @@
    "OWASP": [
      "A3"
    ],
    "OWASP Mobile": [
      "M5"
    ],
    "MASVS": [
      "MSTG-CRYPTO-6"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
--- a/rules/S2245/see.adoc
+++ b/rules/S2245/see.adoc
@ -3,10 +3,7 @@
 * OWASP - https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#secure-random-number-generation[Secure Random Number Generation Cheat Sheet]
 * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
 * CWE - https://cwe.mitre.org/data/definitions/338[CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)]
 * CWE - https://cwe.mitre.org/data/definitions/330[CWE-330 - Use of Insufficiently Random Values]
 * CWE - https://cwe.mitre.org/data/definitions/326[CWE-326 - Inadequate Encryption Strength]
-* CWE - https://cwe.mitre.org/data/definitions/1241[CWE-1241 - Use of Predictable Algorithm in Random Number Generator]
+* CWE - https://cwe.mitre.org/data/definitions/1241[CWE-1241 - Use of Predictable Algorithm in Random Number Generator]
 * Derived from FindSecBugs rule https://h3xstream.github.io/find-sec-bugs/bugs.htm#PREDICTABLE_RANDOM[Predictable Pseudo Random Number Generator]
--- a/rules/S2755/common/resources/standards-mobile.adoc
+++ b/rules/S2755/common/resources/standards-mobile.adoc
@ -0,0 +1,10 @@
 === Standards
 * OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A4_2017-XML_External_Entities_(XXE)[Top 10 2017 Category A4 - XML External Entities (XXE)]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation[Mobile Top 10 2024 Category M4 - Insufficient Input/Output Validation]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m8-security-misconfiguration[Mobile Top 10 2024 Category M8 - Security Misconfiguration]
 * CWE - https://cwe.mitre.org/data/definitions/611[CWE-611 - Information Exposure Through XML External Entity Reference]
 * CWE - https://cwe.mitre.org/data/definitions/827[CWE-827 - Improper Control of Document Type Definition]
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222608[Application Security and Development: V-222608] - The application must not be vulnerable to XML-oriented attacks.
--- a/rules/S2755/java/metadata.json
+++ b/rules/S2755/java/metadata.json
@ -1,4 +1,32 @@
 {
  "securityStandards": {
    "CWE": [
      611,
      827
    ],
    "OWASP": [
      "A4"
    ],
    "OWASP Top 10 2021": [
      "A5"
    ],
    "OWASP Mobile Top 10 2024": [
      "M4",
      "M8"
    ],
    "PCI DSS 3.2": [
      "6.5.1"
    ],
    "PCI DSS 4.0": [
      "6.2.4"
    ],
    "ASVS 4.0": [
      "5.5.2"
    ],
    "STIG ASD_V5R3": [
      "V-222608"
    ]
  },
  "quickfix": "infeasible",
  "tags": [
  	"cwe",
--- a/rules/S2755/java/rule.adoc
+++ b/rules/S2755/java/rule.adoc
@ -18,7 +18,7 @@ include::how-to-fix-it/sax.adoc[]
 == Resources
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S3329/common/resources/standards-mobile.adoc
+++ b/rules/S3329/common/resources/standards-mobile.adoc
@ -0,0 +1,11 @@
 === Standards
 * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]
 * OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m10-insufficient-cryptography[Mobile Top 10 2024 Category M10 - Insufficient Cryptography]
 * CWE - https://cwe.mitre.org/data/definitions/329[CWE-329 - Not Using an Unpredictable IV with CBC Mode]
 * CWE - https://cwe.mitre.org/data/definitions/780[CWE-780 - Use of RSA Algorithm without OAEP]
 * https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf[NIST, SP-800-38A] - Recommendation for Block  Cipher Modes of Operation 
--- a/rules/S3329/java/metadata.json
+++ b/rules/S3329/java/metadata.json
@ -31,6 +31,9 @@
    "OWASP Mobile": [
      "M5"
    ],
    "OWASP Mobile Top 10 2024": [
      "M10"
    ],
    "MASVS": [
      "MSTG-CRYPTO-3"
    ]
--- a/rules/S3329/java/rule.adoc
+++ b/rules/S3329/java/rule.adoc
@ -19,10 +19,7 @@ include::../common/resources/articles.adoc[]
 include::../common/resources/presentations.adoc[]
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
 * OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
 ifdef::env-github,rspecator-view[]
--- a/rules/S3329/kotlin/metadata.json
+++ b/rules/S3329/kotlin/metadata.json
@ -31,6 +31,9 @@
    "OWASP Mobile": [
      "M5"
    ],
    "OWASP Mobile Top 10 2024": [
      "M10"
    ],
    "MASVS": [
      "MSTG-CRYPTO-3"
    ]
--- a/rules/S3329/kotlin/rule.adoc
+++ b/rules/S3329/kotlin/rule.adoc
@ -19,10 +19,7 @@ include::../common/resources/articles.adoc[]
 include::../common/resources/presentations.adoc[]
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
 * OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
 ifdef::env-github,rspecator-view[]
--- a/rules/S3649/common/resources/standards-mobile.adoc
+++ b/rules/S3649/common/resources/standards-mobile.adoc
@ -0,0 +1,11 @@
 === Standards
 * OWASP - https://owasp.org/Top10/A03_2021-Injection/[Top 10 2021 Category A3 - Injection]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A1_2017-Injection[Top 10 2017 Category A1 - Injection]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation[Mobile Top 10 2024 Category M4 - Insufficient Input/Output Validation]
 * CWE - https://cwe.mitre.org/data/definitions/20[CWE-20 - Improper Input Validation]
 * CWE - https://cwe.mitre.org/data/definitions/89[CWE-89 - Improper Neutralization of Special Elements used in an SQL Command]
 * https://wiki.sei.cmu.edu/confluence/x/ITdGBQ[CERT, IDS00-J.] - Prevent SQL injection
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222607[Application Security and Development: V-222607] - The application must not be vulnerable to SQL Injection.
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222609[Application Security and Development: V-222609] - The application must not be subject to input handling vulnerabilities.
--- a/rules/S3649/java/metadata.json
+++ b/rules/S3649/java/metadata.json
@ -1,7 +1,38 @@
 {
-    "tags": [
+  "securityStandards": {
-        "cwe",
+    "CWE": [
-        "sql",
+      20,
-        "android"
+      89
-      ]
+    ],
    "OWASP": [
      "A1"
    ],
    "OWASP Top 10 2021": [
      "A3"
    ],
    "OWASP Mobile Top 10 2024": [
      "M4"
    ],
    "PCI DSS 3.2": [
      "6.5.1"
    ],
    "PCI DSS 4.0": [
      "6.2.4"
    ],
    "ASVS 4.0": [
      "5.1.3",
      "5.1.4",
      "5.3.4",
      "5.3.5"
    ],
    "STIG ASD_V5R3": [
      "V-222607",
      "V-222609"
    ]
  },
  "tags": [
    "cwe",
    "sql",
    "android"
  ]
 }
--- a/rules/S3649/java/rule.adoc
+++ b/rules/S3649/java/rule.adoc
@ -26,7 +26,7 @@ include::../common/resources/articles.adoc[]
 include::../common/resources/presentations.adoc[]
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S4347/common/resources/standards-mobile.adoc
+++ b/rules/S4347/common/resources/standards-mobile.adoc
@ -0,0 +1,10 @@
 === Standards
 * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m10-insufficient-cryptography[Mobile Top 10 2024 Category M10 - Insufficient Cryptography]
 * CWE - https://cwe.mitre.org/data/definitions/330[CWE-330 - Use of Insufficiently Random Values]
 * CWE - https://cwe.mitre.org/data/definitions/332[CWE-332 - Insufficient Entropy in PRNG]
 * CWE - https://cwe.mitre.org/data/definitions/336[CWE-336 - Same Seed in Pseudo-Random Number Generator (PRNG)]
 * CWE - https://cwe.mitre.org/data/definitions/337[CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)]
 * https://wiki.sei.cmu.edu/confluence/display/java/MSC63-J.+Ensure+that+SecureRandom+is+properly+seeded[CERT, MSC63J.] - Ensure that SecureRandom is properly seeded
--- a/rules/S4347/java/metadata.json
+++ b/rules/S4347/java/metadata.json
@ -1 +1,24 @@
-{}
+{  
    "securityStandards": {
    "CWE": [
      330,
      332,
      336,
      337
    ],
    "OWASP": [
      "A6"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
    "OWASP Mobile Top 10 2024": [
      "M10"
    ],
    "ASVS 4.0": [
      "2.3.1",
      "2.6.2",
      "2.9.2"
    ]
  }
 }
--- a/rules/S4347/java/rule.adoc
+++ b/rules/S4347/java/rule.adoc
@ -20,7 +20,7 @@ include::../common/resources/articles.adoc[]
 include::../common/resources/presentations.adoc[]
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S4347/kotlin/metadata.json
+++ b/rules/S4347/kotlin/metadata.json
@ -1 +1,24 @@
-{}
+{  
    "securityStandards": {
    "CWE": [
      330,
      332,
      336,
      337
    ],
    "OWASP": [
      "A6"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
    "OWASP Mobile Top 10 2024": [
      "M10"
    ],
    "ASVS 4.0": [
      "2.3.1",
      "2.6.2",
      "2.9.2"
    ]
  }
 }
--- a/rules/S4347/kotlin/rule.adoc
+++ b/rules/S4347/kotlin/rule.adoc
@ -20,7 +20,7 @@ include::../common/resources/articles.adoc[]
 include::../common/resources/presentations.adoc[]
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S4423/azureresourcemanager/metadata.json
+++ b/rules/S4423/azureresourcemanager/metadata.json
@ -10,14 +10,6 @@
      326,
      295
    ],
    "OWASP": [
    ],
    "OWASP Mobile": [
    ],
    "MASVS": [
    ],
    "OWASP Top 10 2021": [
    ],
    "PCI DSS 3.2": [
      "4.1",
      "6.5.4"
@ -27,6 +19,10 @@
      "6.2.4"
    ],
    "ASVS 4.0": [
    ],
    "OWASP": [
    ],
    "OWASP Top 10 2021": [
    ]
  }
 }
--- a/rules/S4423/azureresourcemanager/rule.adoc
+++ b/rules/S4423/azureresourcemanager/rule.adoc
@ -20,7 +20,7 @@ include::../common/resources/articles.adoc[]
 include::../common/resources/presentations.adoc[]
-include::../common/resources/standards_iac.adoc[]
+include::../common/resources/standards-iac.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S4423/cloudformation/metadata.json
+++ b/rules/S4423/cloudformation/metadata.json
@ -10,14 +10,6 @@
      326,
      295
    ],
    "OWASP": [
    ],
    "OWASP Mobile": [
    ],
    "MASVS": [
    ],
    "OWASP Top 10 2021": [
    ],
    "PCI DSS 3.2": [
      "4.1",
      "6.5.4"
@ -27,6 +19,10 @@
      "6.2.4"
    ],
    "ASVS 4.0": [
    ],
    "OWASP": [
    ],
    "OWASP Top 10 2021": [
    ]
  }
 }
--- a/rules/S4423/cloudformation/rule.adoc
+++ b/rules/S4423/cloudformation/rule.adoc
@ -20,7 +20,7 @@ include::../common/resources/articles.adoc[]
 include::../common/resources/presentations.adoc[]
-include::../common/resources/standards_iac.adoc[]
+include::../common/resources/standards-iac.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S4423/common/resources/standards-iac.adoc
+++ b/rules/S4423/common/resources/standards-iac.adoc
--- a/rules/S4423/common/resources/standards-mobile.adoc
+++ b/rules/S4423/common/resources/standards-mobile.adoc
@ -0,0 +1,10 @@
 === Standards
 * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
 * OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]
 * OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m5-insecure-communication[Mobile Top 10 2024 Category M5 - Insecure Communication]
 * CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm]
--- a/rules/S4423/docker/metadata.json
+++ b/rules/S4423/docker/metadata.json
@ -1,30 +1,27 @@
 {
    "tags": [
-        "cwe",
+      "cwe",
-        "privacy"
+      "privacy"
    ],
-    "securityStandards": {
+  "securityStandards": {
-        "CWE": [
+    "CWE": [
-            327,
+      327,
-            326,
+      326,
-            295
+      295
-        ],
+    ],
-        "OWASP": [],
+    "PCI DSS 3.2": [
-        "OWASP Mobile": [],
+      "4.1",
-        "MASVS": [],
+      "6.5.4"
-        "OWASP Top 10 2021": [],
+    ],
-        "PCI DSS 3.2": [
+    "PCI DSS 4.0": [
-            "4.1",
+      "4.2.1",
-            "6.5.4"
+      "6.2.4"
-        ],
+    ],
-        "PCI DSS 4.0": [
+    "ASVS 4.0": [
-            "4.2.1",
+    ],
-            "6.2.4"
+    "OWASP": [
-        ],
+    ],
-        "ASVS 4.0": [
+    "OWASP Top 10 2021": [
-            "8.3.7",
+    ]
-            "9.1.2",
+  }
-            "9.1.3"
+}
        ]
    }
 }
--- a/rules/S4423/docker/rule.adoc
+++ b/rules/S4423/docker/rule.adoc
@ -20,7 +20,7 @@ include::../common/resources/articles.adoc[]
 include::../common/resources/presentations.adoc[]
-include::../common/resources/standards_iac.adoc[]
+include::../common/resources/standards-iac.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S4423/java/metadata.json
+++ b/rules/S4423/java/metadata.json
@ -1,3 +1,39 @@
 {
-  
+  "securityStandards": {
    "CWE": [
      327,
      326,
      295
    ],
    "OWASP": [
      "A3",
      "A6"
    ],
    "OWASP Mobile": [
      "M3"
    ],
    "OWASP Mobile Top 10 2024": [
      "M5"
    ],
    "MASVS": [
      "MSTG-NETWORK-2"
    ],
    "OWASP Top 10 2021": [
      "A2",
      "A7"
    ],
    "PCI DSS 3.2": [
      "4.1",
      "6.5.4"
    ],
    "PCI DSS 4.0": [
      "4.2.1",
      "6.2.4"
    ],
    "ASVS 4.0": [
      "8.3.7",
      "9.1.2",
      "9.1.3"
    ]
  }  
 }
--- a/rules/S4423/java/rule.adoc
+++ b/rules/S4423/java/rule.adoc
@ -21,11 +21,8 @@ include::../common/resources/articles.adoc[]
 include::../common/resources/presentations.adoc[]
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
 * OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
 * CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm]
 * https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms
 ifdef::env-github,rspecator-view[]
--- a/rules/S4423/kotlin/metadata.json
+++ b/rules/S4423/kotlin/metadata.json
@ -1,3 +1,39 @@
 {
-  
+  "securityStandards": {
    "CWE": [
      327,
      326,
      295
    ],
    "OWASP": [
      "A3",
      "A6"
    ],
    "OWASP Mobile": [
      "M3"
    ],
    "OWASP Mobile Top 10 2024": [
      "M5"
    ],
    "MASVS": [
      "MSTG-NETWORK-2"
    ],
    "OWASP Top 10 2021": [
      "A2",
      "A7"
    ],
    "PCI DSS 3.2": [
      "4.1",
      "6.5.4"
    ],
    "PCI DSS 4.0": [
      "4.2.1",
      "6.2.4"
    ],
    "ASVS 4.0": [
      "8.3.7",
      "9.1.2",
      "9.1.3"
    ]
  }  
 }
--- a/rules/S4423/kotlin/rule.adoc
+++ b/rules/S4423/kotlin/rule.adoc
@ -21,11 +21,8 @@ include::../common/resources/articles.adoc[]
 include::../common/resources/presentations.adoc[]
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
 * OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
 * CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm]
 * https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms
 ifdef::env-github,rspecator-view[]
--- a/rules/S4423/metadata.json
+++ b/rules/S4423/metadata.json
@ -38,12 +38,6 @@
      "A3",
      "A6"
    ],
    "OWASP Mobile": [
      "M3"
    ],
    "MASVS": [
      "MSTG-NETWORK-2"
    ],
    "OWASP Top 10 2021": [
      "A2",
      "A7"
--- a/rules/S4423/terraform/metadata.json
+++ b/rules/S4423/terraform/metadata.json
@ -12,14 +12,6 @@
      326,
      295
    ],
    "OWASP": [
    ],
    "OWASP Mobile": [
    ],
    "MASVS": [
    ],
    "OWASP Top 10 2021": [
    ],
    "PCI DSS 3.2": [
      "4.1",
      "6.5.4"
@ -29,6 +21,10 @@
      "6.2.4"
    ],
    "ASVS 4.0": [
    ],
    "OWASP": [
    ],
    "OWASP Top 10 2021": [
    ]
  }
 }
--- a/rules/S4423/terraform/rule.adoc
+++ b/rules/S4423/terraform/rule.adoc
@ -27,7 +27,7 @@ include::../common/resources/articles.adoc[]
 include::../common/resources/presentations.adoc[]
-include::../common/resources/standards_iac.adoc[]
+include::../common/resources/standards-iac.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S4426/common/resources/standards-mobile.adoc
+++ b/rules/S4426/common/resources/standards-mobile.adoc
@ -0,0 +1,12 @@
 === Standards
 * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
 * OWASP - https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]
 * OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m10-insufficient-cryptography[Mobile Top 10 2024 Category M10 - Insufficient Cryptography]
 * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf[NIST 800-131A] - Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
 * CWE - https://cwe.mitre.org/data/definitions/326[CWE-326 - Inadequate Encryption Strength]
 * CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm]
 * https://wiki.sei.cmu.edu/confluence/x/hDdGBQ[CERT, MSC61-J.] - Do not use insecure or weak cryptographic algorithms
--- a/rules/S4426/common/resources/standards.adoc
+++ b/rules/S4426/common/resources/standards.adoc
@ -3,8 +3,6 @@
 * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
 * OWASP - https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]
 * OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
 * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf[NIST 800-131A] - Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
 * CWE - https://cwe.mitre.org/data/definitions/326[CWE-326 - Inadequate Encryption Strength]
 * CWE - https://cwe.mitre.org/data/definitions/327[CWE-327 - Use of a Broken or Risky Cryptographic Algorithm]
--- a/rules/S4426/java/metadata.json
+++ b/rules/S4426/java/metadata.json
@ -1,4 +1,28 @@
 {
  "securityStandards": {
    "CWE": [
      326
    ],
    "OWASP": [
      "A3",
      "A6"
    ],
    "OWASP Mobile": [
      "M5"
    ],
    "OWASP Mobile Top 10 2024": [
      "M10"
    ],
    "MASVS": [
      "MSTG-CRYPTO-3"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
    "ASVS 4.0": [
      "6.2.3"
    ]
  },
  "tags": [
    "cwe",
    "privacy",
--- a/rules/S4426/java/rule.adoc
+++ b/rules/S4426/java/rule.adoc
@ -18,7 +18,7 @@ include::../common/resources/articles.adoc[]
 include::../common/resources/presentations.adoc[]
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
--- a/rules/S4426/kotlin/metadata.json
+++ b/rules/S4426/kotlin/metadata.json
@ -1,3 +1,26 @@
 {
-  
+    "securityStandards": {
    "CWE": [
      326
    ],
    "OWASP": [
      "A3",
      "A6"
    ],
    "OWASP Mobile": [
      "M5"
    ],
    "OWASP Mobile Top 10 2024": [
      "M10"
    ],
    "MASVS": [
      "MSTG-CRYPTO-3"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
    "ASVS 4.0": [
      "6.2.3"
    ]
  }
 }
--- a/rules/S4426/kotlin/rule.adoc
+++ b/rules/S4426/kotlin/rule.adoc
@ -18,7 +18,7 @@ include::../common/resources/articles.adoc[]
 include::../common/resources/presentations.adoc[]
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S4426/metadata.json
+++ b/rules/S4426/metadata.json
@ -36,12 +36,6 @@
      "A3",
      "A6"
    ],
    "OWASP Mobile": [
      "M5"
    ],
    "MASVS": [
      "MSTG-CRYPTO-3"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
--- a/rules/S4790/java/metadata.json
+++ b/rules/S4790/java/metadata.json
@ -1,3 +1,32 @@
 {
  "securityStandards": {
    "CWE": [
      1240
    ],
    "OWASP": [
      "A3",
      "A6"
    ],
    "OWASP Mobile": [
      "M5"
    ],
    "OWASP Mobile Top 10 2024": [
      "M10"
    ],
    "MASVS": [
      "MSTG-CRYPTO-4"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
    "PCI DSS 3.2": [
      "3.4",
      "6.5.3",
      "6.5.4"
    ],
    "PCI DSS 4.0": [
      "6.2.4"
    ]
  },
  "quickfix": "unknown"
 }
--- a/rules/S4790/java/rule.adoc
+++ b/rules/S4790/java/rule.adoc
@ -18,7 +18,7 @@ MessageDigest md2 = MessageDigest.getInstance("SHA1");  // Sensitive
 MessageDigest md1 = MessageDigest.getInstance("SHA-512"); // Compliant
 ----
-include::../see.adoc[]
+include::../see-mobile.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S4790/kotlin/metadata.json
+++ b/rules/S4790/kotlin/metadata.json
@ -1,3 +1,32 @@
 {
  "securityStandards": {
    "CWE": [
      1240
    ],
    "OWASP": [
      "A3",
      "A6"
    ],
    "OWASP Mobile": [
      "M5"
    ],
    "OWASP Mobile Top 10 2024": [
      "M10"
    ],
    "MASVS": [
      "MSTG-CRYPTO-4"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
    "PCI DSS 3.2": [
      "3.4",
      "6.5.3",
      "6.5.4"
    ],
    "PCI DSS 4.0": [
      "6.2.4"
    ]
  },
  "quickfix": "unknown"
 }
--- a/rules/S4790/kotlin/rule.adoc
+++ b/rules/S4790/kotlin/rule.adoc
@ -40,7 +40,7 @@ val md2: MessageDigest = MessageDigest.getInstance("SHA1");  // Sensitive
 val md1: MessageDigest = MessageDigest.getInstance("SHA-512"); // Compliant
 ----
-include::../see.adoc[]
+include::../see-mobile.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S4790/metadata.json
+++ b/rules/S4790/metadata.json
@ -31,12 +31,6 @@
      "A3",
      "A6"
    ],
    "OWASP Mobile": [
      "M5"
    ],
    "MASVS": [
      "MSTG-CRYPTO-4"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
--- a/rules/S4790/see-mobile.adoc
+++ b/rules/S4790/see-mobile.adoc
@ -0,0 +1,9 @@
 == See
 * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]
 * OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m10-insufficient-cryptography[Mobile Top 10 2024 Category M10 - Insufficient Cryptography]
 * CWE - https://cwe.mitre.org/data/definitions/1240[CWE-1240 - Use of a Risky Cryptographic Primitive]
--- a/rules/S4790/see.adoc
+++ b/rules/S4790/see.adoc
@ -3,6 +3,4 @@
 * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]
 * OWASP - https://mas.owasp.org/checklists/MASVS-CRYPTO/[Mobile AppSec Verification Standard - Cryptography Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m5-insufficient-cryptography[Mobile Top 10 2016 Category M5 - Insufficient Cryptography]
 * CWE - https://cwe.mitre.org/data/definitions/1240[CWE-1240 - Use of a Risky Cryptographic Primitive]
--- a/rules/S4790/swift/metadata.json
+++ b/rules/S4790/swift/metadata.json
@ -1,3 +1,31 @@
 {
-  
+  "securityStandards": {
    "CWE": [
      1240
    ],
    "OWASP": [
      "A3",
      "A6"
    ],
    "OWASP Mobile": [
      "M5"
    ],
    "OWASP Mobile Top 10 2024": [
      "M10"
    ],
    "MASVS": [
      "MSTG-CRYPTO-4"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
    "PCI DSS 3.2": [
      "3.4",
      "6.5.3",
      "6.5.4"
    ],
    "PCI DSS 4.0": [
      "6.2.4"
    ]
  }  
 }
--- a/rules/S4790/swift/rule.adoc
+++ b/rules/S4790/swift/rule.adoc
@ -23,7 +23,7 @@ let bytes:Array<UInt8> = [0x01, 0x02, 0x03]
 let digest = input.sha512() // Compliant
 ----
-include::../see.adoc[]
+include::../see-mobile.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S4830/cfamily/metadata.json
+++ b/rules/S4830/cfamily/metadata.json
@ -18,12 +18,6 @@
      "A6",
      "A3"
    ],
    "OWASP Mobile": [
      "M3"
    ],
    "MASVS": [
      "MSTG-NETWORK-3"
    ],
    "OWASP Top 10 2021": [
      "A2",
      "A5",
--- a/rules/S4830/common/resources/standards-mobile.adoc
+++ b/rules/S4830/common/resources/standards-mobile.adoc
@ -0,0 +1,13 @@
 === Standards
 * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
 * OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration]
 * OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m3-insecure-communication[Mobile Top 10 2016 Category M3 - Insecure Communication]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m5-insecure-communication[Mobile Top 10 2024 Category M5 - Insecure Communication]
 * OWASP - https://mas.owasp.org/checklists/MASVS-NETWORK/[Mobile AppSec Verification Standard - Network Communication Requirements]
 * CWE - https://cwe.mitre.org/data/definitions/295[CWE-295 - Improper Certificate Validation]
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222550[Application Security and Development: V-222550] - The application must validate certificates by constructing a certification path to an accepted trust anchor.
--- a/rules/S4830/common/resources/standards.adoc
+++ b/rules/S4830/common/resources/standards.adoc
@ -5,8 +5,6 @@
 * OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m3-insecure-communication[Mobile Top 10 2016 Category M3 - Insecure Communication]
 * OWASP - https://mas.owasp.org/checklists/MASVS-NETWORK/[Mobile AppSec Verification Standard - Network Communication Requirements]
 * CWE - https://cwe.mitre.org/data/definitions/295[CWE-295 - Improper Certificate Validation]
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222550[Application Security and Development: V-222550] - The application must validate certificates by constructing a certification path to an accepted trust anchor.
--- a/rules/S4830/java/metadata.json
+++ b/rules/S4830/java/metadata.json
@ -19,6 +19,9 @@
    "OWASP Mobile": [
      "M3"
    ],
    "OWASP Mobile Top 10 2024": [
      "M5"
    ],
    "MASVS": [
      "MSTG-NETWORK-3"
    ],
--- a/rules/S4830/java/rule.adoc
+++ b/rules/S4830/java/rule.adoc
@ -12,7 +12,7 @@ include::how-to-fix-it/java-cryptography-extension.adoc[]
 == Resources
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
 * https://wiki.sei.cmu.edu/confluence/display/java/MSC61-J.+Do+not+use+insecure+or+weak+cryptographic+algorithms
--- a/rules/S4830/kotlin/metadata.json
+++ b/rules/S4830/kotlin/metadata.json
@ -1,3 +1,41 @@
 {
-  
+  "securityStandards": {
    "CWE": [
      295
    ],
    "OWASP": [
      "A6",
      "A3"
    ],
    "OWASP Mobile": [
      "M3"
    ],
    "OWASP Mobile Top 10 2024": [
      "M5"
    ],
    "MASVS": [
      "MSTG-NETWORK-3"
    ],
    "OWASP Top 10 2021": [
      "A2",
      "A5",
      "A7"
    ],
    "PCI DSS 3.2": [
      "4.1",
      "6.5.4",
      "6.5.10"
    ],
    "PCI DSS 4.0": [
      "4.2.1",
      "6.2.4"
    ],
    "ASVS 4.0": [
      "1.9.2",
      "9.2.1"
    ],
    "STIG ASD_V5R3": [
      "V-222550"
    ]
  }  
 }
--- a/rules/S4830/kotlin/rule.adoc
+++ b/rules/S4830/kotlin/rule.adoc
@ -12,7 +12,7 @@ include::how-to-fix-it/java-cryptography-extension.adoc[]
 == Resources
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
 * https://wiki.sei.cmu.edu/confluence/display/java/MSC61-J.+Do+not+use+insecure+or+weak+cryptographic+algorithms
--- a/rules/S4830/metadata.json
+++ b/rules/S4830/metadata.json
@ -37,12 +37,6 @@
      "A6",
      "A3"
    ],
    "OWASP Mobile": [
      "M3"
    ],
    "MASVS": [
      "MSTG-NETWORK-3"
    ],
    "OWASP Top 10 2021": [
      "A2",
      "A5",
--- a/rules/S5320/metadata.json
+++ b/rules/S5320/metadata.json
@ -31,6 +31,10 @@
    "OWASP Mobile": [
      "M1"
    ],
    "OWASP Mobile Top 10 2024": [
      "M3",
      "M8"
    ],
    "MASVS": [
      "MSTG-PLATFORM-4"
    ],
--- a/rules/S5320/see.adoc
+++ b/rules/S5320/see.adoc
@ -2,5 +2,7 @@
 * OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design]
 * OWASP - https://mas.owasp.org/checklists/MASVS-PLATFORM/[Mobile AppSec Verification Standard - Platform Interaction Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[Mobile Top 10 2016 Category M1 - Improper Platform Usage]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m3-insecure-authentication-authorization[Mobile Top 10 2024 Category M3 - Insecure Authentication/Authorization]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m8-security-misconfiguration[Mobile Top 10 2024 Category M8 - Security Misconfiguration]
 * CWE - https://cwe.mitre.org/data/definitions/927[CWE-927 - Use of Implicit Intent for Sensitive Communication]
 * https://developer.android.com/guide/components/broadcasts.html#restricting_broadcasts_with_permissions[Android documentation] - Broadcast Overview - Security considerations and best practices
--- a/rules/S5322/metadata.json
+++ b/rules/S5322/metadata.json
@ -32,6 +32,10 @@
    "OWASP Mobile": [
      "M1"
    ],
    "OWASP Mobile Top 10 2024": [
      "M3",
      "M4"
    ],
    "MASVS": [
      "MSTG-PLATFORM-2"
    ]
--- a/rules/S5322/see.adoc
+++ b/rules/S5322/see.adoc
@ -2,6 +2,8 @@
 * OWASP - https://mas.owasp.org/checklists/MASVS-PLATFORM/[Mobile AppSec Verification Standard - Platform Interaction Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m1-improper-platform-usage[Mobile Top 10 2016 Category M1 - Improper Platform Usage]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m3-insecure-authentication-authorization[Mobile Top 10 2024 Category M3 - Insecure Authentication/Authorization]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m4-insufficient-input-output-validation[Mobile Top 10 2024 Category M4 - Insufficient Input/Output Validation]
 * CWE - https://cwe.mitre.org/data/definitions/925[CWE-925 - Improper Verification of Intent by Broadcast Receiver]
 * CWE - https://cwe.mitre.org/data/definitions/926[CWE-926 - Improper Export of Android Application Components]
 * https://developer.android.com/guide/components/broadcasts.html#restricting_broadcasts_with_permissions[Android documentation] - Broadcast Overview - Security considerations and best practices
--- a/rules/S5324/metadata.json
+++ b/rules/S5324/metadata.json
@ -31,6 +31,9 @@
    "OWASP Mobile": [
      "M2"
    ],
    "OWASP Mobile Top 10 2024": [
      "M9"
    ],
    "MASVS": [
      "MSTG-STORAGE-1"
    ],
--- a/rules/S5324/see.adoc
+++ b/rules/S5324/see.adoc
@ -4,4 +4,5 @@
 * https://developer.android.com/privacy-and-security/security-tips#ExternalStorage[Android Security tips on external file storage]
 * OWASP - https://mas.owasp.org/checklists/MASVS-STORAGE/[Mobile AppSec Verification Standard - Data Storage and Privacy Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m2-insecure-data-storage[Mobile Top 10 2016 Category M2 - Insecure Data Storage]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m9-insecure-data-storage[Mobile Top 10 2024 Category M9 - Insecure Data Storage]
 * CWE - https://cwe.mitre.org/data/definitions/312[CWE-312 - Cleartext Storage of Sensitive Information]
--- a/rules/S5332/ansible/metadata.json
+++ b/rules/S5332/ansible/metadata.json
@ -3,18 +3,6 @@
      "CWE": [
        200,
        319
      ],
      "OWASP": [
      ],
      "OWASP Mobile": [
      ],
      "MASVS": [
      ],
      "OWASP Top 10 2021": [
      ],
      "PCI DSS 3.2": [
        "4.1",
@ -23,9 +11,6 @@
      "PCI DSS 4.0": [
        "4.2.1",
        "6.2.4"
      ],
      "ASVS 4.0": [
      ],
      "STIG ASD_V5R3": [
        "V-222397",
@ -37,6 +22,12 @@
        "V-222597",
        "V-222598",
        "V-222599"
      ],
      "ASVS 4.0": [
      ],
      "OWASP": [
      ],
      "OWASP Top 10 2021": [
      ]
    }
  }
--- a/rules/S5332/azureresourcemanager/metadata.json
+++ b/rules/S5332/azureresourcemanager/metadata.json
@ -6,18 +6,6 @@
    "CWE": [
      200,
      319
    ],
    "OWASP": [
    ],
    "OWASP Mobile": [
    ],
    "MASVS": [
    ],
    "OWASP Top 10 2021": [
    ],
    "PCI DSS 3.2": [
      "4.1",
@ -26,9 +14,6 @@
    "PCI DSS 4.0": [
      "4.2.1",
      "6.2.4"
    ],
    "ASVS 4.0": [
    ],
    "STIG ASD_V5R3": [
      "V-222397",
@ -40,6 +25,12 @@
      "V-222597",
      "V-222598",
      "V-222599"
    ],
    "ASVS 4.0": [
    ],
    "OWASP": [
    ],
    "OWASP Top 10 2021": [
    ]
  }
 }
--- a/rules/S5332/cloudformation/metadata.json
+++ b/rules/S5332/cloudformation/metadata.json
@ -7,18 +7,6 @@
    "CWE": [
      200,
      319
    ],
    "OWASP": [
    ],
    "OWASP Mobile": [
    ],
    "MASVS": [
    ],
    "OWASP Top 10 2021": [
    ],
    "PCI DSS 3.2": [
      "4.1",
@ -27,9 +15,6 @@
    "PCI DSS 4.0": [
      "4.2.1",
      "6.2.4"
    ],
    "ASVS 4.0": [
    ],
    "STIG ASD_V5R3": [
      "V-222397",
@ -41,6 +26,12 @@
      "V-222597",
      "V-222598",
      "V-222599"
    ],
    "ASVS 4.0": [
    ],
    "OWASP": [
    ],
    "OWASP Top 10 2021": [
    ]
  }
 }
--- a/rules/S5332/common/resources/standards-mobile.adoc
+++ b/rules/S5332/common/resources/standards-mobile.adoc
@ -0,0 +1,18 @@
 === Standards
 * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
 * OWASP - https://mas.owasp.org/checklists/MASVS-NETWORK/[Mobile AppSec Verification Standard - Network Communication Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m3-insecure-communication[Mobile Top 10 2016 Category M3 - Insecure Communication]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m5-insecure-communication[Mobile Top 10 2024 Category M5 - Insecure Communication]
 * CWE - https://cwe.mitre.org/data/definitions/200[CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor]
 * CWE - https://cwe.mitre.org/data/definitions/319[CWE-319 - Cleartext Transmission of Sensitive Information]
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222397[Application Security and Development: V-222397] - The application must implement cryptographic mechanisms to protect the integrity of remote access sessions.
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222534[Application Security and Development: V-222534] - Service-Oriented Applications handling non-releasable data must authenticate endpoint devices via mutual SSL/TLS.
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222562[Application Security and Development: V-222562] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the integrity of maintenance and diagnostic communications.
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222563[Application Security and Development: V-222563] - Applications used for non-local maintenance must implement cryptographic mechanisms to protect the confidentiality of maintenance and diagnostic communications.
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222577[Application Security and Development: V-222577] - The application must not expose session IDs.
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222596[Application Security and Development: V-222596] - The application must protect the confidentiality and integrity of transmitted information.
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222597[Application Security and Development: V-222597] - The application must implement cryptographic mechanisms to prevent unauthorized disclosure of information and/or detect changes to information during transmission.
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222598[Application Security and Development: V-222598] - The application must maintain the confidentiality and integrity of information during preparation for transmission.
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222599[Application Security and Development: V-222599] - The application must maintain the confidentiality and integrity of information during reception.
--- a/rules/S5332/common/resources/standards.adoc
+++ b/rules/S5332/common/resources/standards.adoc
@ -2,8 +2,6 @@
 * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
 * OWASP - https://mas.owasp.org/checklists/MASVS-NETWORK/[Mobile AppSec Verification Standard - Network Communication Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m3-insecure-communication[Mobile Top 10 2016 Category M3 - Insecure Communication]
 * CWE - https://cwe.mitre.org/data/definitions/200[CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor]
 * CWE - https://cwe.mitre.org/data/definitions/319[CWE-319 - Cleartext Transmission of Sensitive Information]
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222397[Application Security and Development: V-222397] - The application must implement cryptographic mechanisms to protect the integrity of remote access sessions.
--- a/rules/S5332/docker/metadata.json
+++ b/rules/S5332/docker/metadata.json
@ -7,18 +7,6 @@
    "CWE": [
      200,
      319
    ],
    "OWASP": [
    ],
    "OWASP Mobile": [
    ],
    "MASVS": [
    ],
    "OWASP Top 10 2021": [
    ],
    "PCI DSS 3.2": [
      "4.1",
@ -27,9 +15,6 @@
    "PCI DSS 4.0": [
      "4.2.1",
      "6.2.4"
    ],
    "ASVS 4.0": [
    ],
    "STIG ASD_V5R3": [
      "V-222397",
@ -41,6 +26,12 @@
      "V-222597",
      "V-222598",
      "V-222599"
    ],
    "ASVS 4.0": [
    ],
    "OWASP": [
    ],
    "OWASP Top 10 2021": [
    ]
  }
 }
--- a/rules/S5332/java/metadata.json
+++ b/rules/S5332/java/metadata.json
@ -1,4 +1,49 @@
 {
  "securityStandards": {
    "CWE": [
      200,
      319
    ],
    "OWASP": [
      "A3"
    ],
    "OWASP Mobile": [
      "M3"
    ],
    "OWASP Mobile Top 10 2024": [
      "M5"
    ],
    "MASVS": [
      "MSTG-NETWORK-1"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
    "PCI DSS 3.2": [
      "4.1",
      "6.5.4"
    ],
    "PCI DSS 4.0": [
      "4.2.1",
      "6.2.4"
    ],
    "ASVS 4.0": [
      "1.9.1",
      "9.1.1",
      "9.2.2"
    ],
    "STIG ASD_V5R3": [
      "V-222397",
      "V-222534",
      "V-222562",
      "V-222563",
      "V-222577",
      "V-222596",
      "V-222597",
      "V-222598",
      "V-222599"
    ]
  },
  "quickfix": "unknown",
  "tags": [
    "cwe",
--- a/rules/S5332/java/rule.adoc
+++ b/rules/S5332/java/rule.adoc
@ -83,7 +83,13 @@ webView.getSettings().setMixedContentMode(MIXED_CONTENT_NEVER_ALLOW);
 include::../exceptions.adoc[]
-include::../see.adoc[]
+== See
 include::../common/resources/documentation.adoc[]
 include::../common/resources/articles.adoc[]
 include::../common/resources/standards-mobile.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S5332/kotlin/metadata.json
+++ b/rules/S5332/kotlin/metadata.json
@ -1,4 +1,49 @@
 {
  "securityStandards": {
    "CWE": [
      200,
      319
    ],
    "OWASP": [
      "A3"
    ],
    "OWASP Mobile": [
      "M3"
    ],
    "OWASP Mobile Top 10 2024": [
      "M5"
    ],
    "MASVS": [
      "MSTG-NETWORK-1"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
    "PCI DSS 3.2": [
      "4.1",
      "6.5.4"
    ],
    "PCI DSS 4.0": [
      "4.2.1",
      "6.2.4"
    ],
    "ASVS 4.0": [
      "1.9.1",
      "9.1.1",
      "9.2.2"
    ],
    "STIG ASD_V5R3": [
      "V-222397",
      "V-222534",
      "V-222562",
      "V-222563",
      "V-222577",
      "V-222596",
      "V-222597",
      "V-222598",
      "V-222599"
    ]
  },
  "quickfix": "unknown",
  "tags": [
    "cwe",
--- a/rules/S5332/kotlin/rule.adoc
+++ b/rules/S5332/kotlin/rule.adoc
@ -83,7 +83,13 @@ webView.getSettings().setMixedContentMode(MIXED_CONTENT_NEVER_ALLOW)
 include::../exceptions.adoc[]
-include::../see.adoc[]
+== See
 include::../common/resources/documentation.adoc[]
 include::../common/resources/articles.adoc[]
 include::../common/resources/standards-mobile.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S5332/kubernetes/metadata.json
+++ b/rules/S5332/kubernetes/metadata.json
@ -6,18 +6,6 @@
    "CWE": [
      200,
      319
    ],
    "OWASP": [
    ],
    "OWASP Mobile": [
    ],
    "MASVS": [
    ],
    "OWASP Top 10 2021": [
    ],
    "PCI DSS 3.2": [
      "4.1",
@ -26,9 +14,6 @@
    "PCI DSS 4.0": [
      "4.2.1",
      "6.2.4"
    ],
    "ASVS 4.0": [
    ],
    "STIG ASD_V5R3": [
      "V-222397",
@ -40,6 +25,12 @@
      "V-222597",
      "V-222598",
      "V-222599"
    ],
    "ASVS 4.0": [
    ],
    "OWASP": [
    ],
    "OWASP Top 10 2021": [
    ]
  }
 }
--- a/rules/S5332/metadata.json
+++ b/rules/S5332/metadata.json
@ -31,12 +31,6 @@
    "OWASP": [
      "A3"
    ],
    "OWASP Mobile": [
      "M3"
    ],
    "MASVS": [
      "MSTG-NETWORK-1"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
--- a/rules/S5332/terraform/metadata.json
+++ b/rules/S5332/terraform/metadata.json
@ -9,18 +9,6 @@
    "CWE": [
      200,
      319
    ],
    "OWASP": [
    ],
    "OWASP Mobile": [
    ],
    "MASVS": [
    ],
    "OWASP Top 10 2021": [
    ],
    "PCI DSS 3.2": [
      "4.1",
@ -29,9 +17,6 @@
    "PCI DSS 4.0": [
      "4.2.1",
      "6.2.4"
    ],
    "ASVS 4.0": [
    ],
    "STIG ASD_V5R3": [
      "V-222397",
@ -43,6 +28,12 @@
      "V-222597",
      "V-222598",
      "V-222599"
    ],
    "ASVS 4.0": [
    ],
    "OWASP": [
    ],
    "OWASP Top 10 2021": [
    ]
  }
 }
--- a/rules/S5332/xml/metadata.json
+++ b/rules/S5332/xml/metadata.json
@ -1,4 +1,49 @@
 {
  "securityStandards": {
    "CWE": [
      200,
      319
    ],
    "OWASP": [
      "A3"
    ],
    "OWASP Mobile": [
      "M3"
    ],
    "OWASP Mobile Top 10 2024": [
      "M5"
    ],
    "MASVS": [
      "MSTG-NETWORK-1"
    ],
    "OWASP Top 10 2021": [
      "A2"
    ],
    "PCI DSS 3.2": [
      "4.1",
      "6.5.4"
    ],
    "PCI DSS 4.0": [
      "4.2.1",
      "6.2.4"
    ],
    "ASVS 4.0": [
      "1.9.1",
      "9.1.1",
      "9.2.2"
    ],
    "STIG ASD_V5R3": [
      "V-222397",
      "V-222534",
      "V-222562",
      "V-222563",
      "V-222577",
      "V-222596",
      "V-222597",
      "V-222598",
      "V-222599"
    ]
  },
  "quickfix": "unknown",
  "tags": [
    "cwe",
--- a/rules/S5344/common/resources/standards-mobile.adoc
+++ b/rules/S5344/common/resources/standards-mobile.adoc
@ -0,0 +1,10 @@
 === Standards
 * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
 * OWASP - https://owasp.org/Top10/A04_2021-Insecure_Design/[Top 10 2021 Category A4 - Insecure Design]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m10-insufficient-cryptography[Mobile Top 10 2024 Category M10 - Insufficient Cryptography]
 * CWE - https://cwe.mitre.org/data/definitions/256[CWE-256 - Plaintext Storage of a Password]
 * CWE - https://cwe.mitre.org/data/definitions/916[CWE-916 - Use of Password Hash With Insufficient Computational Effort]
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222542[Application Security and Development: V-222542] - The application must only store cryptographic representations of passwords.
--- a/rules/S5344/java/metadata.json
+++ b/rules/S5344/java/metadata.json
@ -1,3 +1,35 @@
 {
-  
+  "securityStandards": {
    "CWE": [
      256,
      916
    ],
    "OWASP": [
      "A3"
    ],
    "OWASP Top 10 2021": [
      "A2",
      "A4"
    ],
    "OWASP Mobile Top 10 2024": [
      "M10"
    ],
    "PCI DSS 3.2": [
      "6.5.3"
    ],
    "PCI DSS 4.0": [
      "6.2.4"
    ],
    "ASVS 4.0": [
      "2.10.3",
      "2.4.1",
      "2.4.2",
      "2.4.3",
      "2.4.4",
      "2.4.5"
    ],
    "STIG ASD_V5R3": [
      "V-222542"
    ]
  }
 }
--- a/rules/S5344/java/rule.adoc
+++ b/rules/S5344/java/rule.adoc
@ -62,7 +62,7 @@ include::../common/pitfalls/pre-hashing.adoc[]
 * Spring Framework Security Documentation - https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.html[Class BCryptPasswordEncoder]
 * OWASP CheatSheet - https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html[Password Storage Cheat Sheet]
-include::../common/resources/standards.adoc[]
+include::../common/resources/standards-mobile.adoc[]
 ifdef::env-github,rspecator-view[]
--- a/rules/S5527/common/resources/standards-mobile.adoc
+++ b/rules/S5527/common/resources/standards-mobile.adoc
@ -0,0 +1,13 @@
 === Standards
 * OWASP - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/[Top 10 2021 Category A2 - Cryptographic Failures]
 * OWASP - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/[Top 10 2021 Category A5 - Security Misconfiguration]
 * OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]
 * OWASP - https://mas.owasp.org/checklists/MASVS-NETWORK/[Mobile AppSec Verification Standard - Network Communication Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m3-insecure-communication[Mobile Top 10 2016 Category M3 - Insecure Communication]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2023-risks/m5-insecure-communication[Mobile Top 10 2024 Category M5 - Insecure Communication]
 * CWE - https://cwe.mitre.org/data/definitions/297[CWE-297 - Improper Validation of Certificate with Host Mismatch]
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222550[Application Security and Development: V-222550] - The application must validate certificates by constructing a certification path to an accepted trust anchor.
--- a/rules/S5527/common/resources/standards.adoc
+++ b/rules/S5527/common/resources/standards.adoc
@ -5,8 +5,6 @@
 * OWASP - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/[Top 10 2021 Category A7 - Identification and Authentication Failures]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
 * OWASP - https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration[Top 10 2017 Category A6 - Security Misconfiguration]
 * OWASP - https://mas.owasp.org/checklists/MASVS-NETWORK/[Mobile AppSec Verification Standard - Network Communication Requirements]
 * OWASP - https://owasp.org/www-project-mobile-top-10/2016-risks/m3-insecure-communication[Mobile Top 10 2016 Category M3 - Insecure Communication]
 * CWE - https://cwe.mitre.org/data/definitions/297[CWE-297 - Improper Validation of Certificate with Host Mismatch]
 * STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222550[Application Security and Development: V-222550] - The application must validate certificates by constructing a certification path to an accepted trust anchor.
--- a/Show More
+++ b/Show More
`@ -18,7 +18,7 @@ include::../common/resources/articles.adoc[]`

	`include::../common/resources/presentations.adoc[]`	`include::../common/resources/presentations.adoc[]`

	`include::../common/resources/standards.adoc[]`	`include::../common/resources/standards-mobile.adoc[]`