# Security-Related Rules

## CodeScan Rules Related to Security

You can search for security-related rules using tags such as:

**Example**: sans-top25-insecure, sans-top25-porous, phishing, owasp-m4, owasp-a8, owasp-a6, owasp-a1, owasp-a2, owasp-m5, owasp-a5, owasp-m3, owasp-a7, owasp-a10, owasp-a4, owasp-a3, owasp-m2, owasp-a9, owasp-m1…

<figure><img src="/files/1Gx39aVpWCfNBPouSrnr" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/kcSuJgMVFdOP5G1c6O3t" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/KqlPwp9wjpmmh1AOfdkm" alt=""><figcaption></figcaption></figure>

Note: Tags are a way to categorize rules and issues.

### Types of Security Rules

CodeScan features four types of rules: **Bug** (reliability domain), **Code Smell** (maintainability), and **Vulnerability and Hotspot** (security domain). Given the importance of security, let's explore key concepts and how security rules differ from others.

* **Security-injection rules:** These rules address vulnerabilities arising when user-controlled inputs are not validated or sanitized. This can lead to dangerous flows from sources (user inputs) to sinks (sensitive functions). CodeScan employs taint analysis technology to detect issues.
* **Security-configuration rules:** These rules highlight security issues caused by incorrect parameters or the absence of essential checks when calling sensitive functions. Unlike injection rules, these problems are often encountered during execution without complex attacks.

### **Viewing Security Categories in CodeScan**

You can find the security category in the rules filter and related rules in the right-side panel, as shown in the images below.

<figure><img src="/files/ytCwO9Y5Ai58dnbjR1Fd" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/vWt9kZyQVozbC186vvaI" alt=""><figcaption></figcaption></figure>

These security issues are divided into two categories: vulnerabilities and hotspots (see the main differences on the [Security Hotspots](https://knowledgebase.autorabit.com/product-guides/codescan/issues/security-hotspots) page).

Security hotspots represent code locations that should be reviewed but are not necessarily real vulnerabilities.

For example, most injection rules are considered vulnerabilities. If an SQL injection is found, it is certain that a fix (input validation) is required, making it a vulnerability.

On the other hand, the absence of an HttpOnly flag when creating a cookie could be problematic, but it might not always be. Since it is not always possible to implement the HttpOnly flag, determining the true level of risk requires review by a developer. Therefore, this is categorized as a hotspot.

With hotspots, we aim to help you understand information security risks, threats, impacts, root causes of security issues, and the selection of relevant software protections. In short, we want to educate developers and assist you in creating secure, ethical, and privacy-friendly applications.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://knowledgebase.autorabit.com/product-guides/codescan/quality-rules/security-related-rules.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.