Posted: 2 Mar 2017 15:06 EST Last activity: 8 Mar 2017 14:50 EST
Documentation on Rule Security Analyzer
Is there any documentation available for Rule Analyzer Regular Expressions with its Risk's if we don't correct them. So far, my search is resulted to the same help page which doesn't cover majority of the regular expressions.
I do not know of that detailed level of documentation existing within the help for the tool itself. Since the regular expressions search for potential instances of well-known vulnerability types like cross-site scripting, SQL injection, and XML external entity and since the regular expressions have the vulnerability type in the name, a web search should provide you with what the risks of the vulnerabilities are. I would suggest searching on OWASP's site (https://www.owasp.org) as they tend to have good documentation on the vulnerabilities in terms of the risks and how to fix the potential instances in your code.