The Rule Security Analyzer can find specific JavaScript or SQL coding patterns that might indicate a security vulnerability. The most effective way to search for vulnerabilities is to run the Rule Security Analyzer several times, each time matching against a different regular expression rule.
-
Click
Designer Studio > Org & Security > Tools > Security
> Rule Security Analyzer.
-
Complete the Search Criteria form, which is displayed in a new
window.
-
RuleSets – Select one or more rulesets to analyze.
- Optional:
Rule Types – Choose one or more rule types within the chosen
ruleset or rulesets to scan. If nothing is selected, the tool scans all rule
types.
-
Expression – Select the regular expression rule to
use.
- Optional:
RuleSet Version – If nothing is selected, the tool analyzes
all versions. To limit the analysis, enter the version information in one of the
following ways.
- Major version only (05)
- Major and minor version (05-05)
- Major version, minor version, and patch (05-05-05)
-
Highest Version Only – Select True to scan only the highest
version of each rule. Select False to scan all versions.
- Optional:
Updated Since – If nothing is selected the tool does not
analyze the result by date. To scan only rules updated after a certain date and time,
click the Calendar button and enter the date and time to use.
-
Also list activities that may start unauthenticated – If
selected, the scan analyzes activities that have Allow direct invocation
from the client or service selected and Require
authentication to run unselected on the Security
tab of the Activity rule form.
-
Choose how you want the search results to be displayed.
- Run – The summarized search statistics are displayed below
the filled Search Criteria form.
- Run and Export all to Excel – The summarized search
statistics are displayed in an Excel file.