Why are some Assess rules disabled by default?

Updated August 16, 2023 18:51

Question

Answer

All Contrast rules are production ready. However for various reasons, some are disabled by default. This is a decision taken by the Contrast Security team around how valuable these rules are to the majority of customers. For example:

Automatic Escaping Disabled only applies to old Play! applications.
HTTP Header Injection is not a concern unless you're using extremely old application servers.
Regular Expression DoS adds a limited performance impact, which is why it's off by default.

Why are some Assess rules disabled by default?

Question

Answer

Was this article helpful?

<%= previousTitle %>

<%= nextTitle %>

In this article

<%= heading %>

<%= block.name %>

Latest Support Bulletins

Categories

Toggle navigation menu

Search

Question

Answer

Was this article helpful?

<%= previousTitle %>

<%= nextTitle %>

In this article

<%= heading %>

<%= block.name %>

Latest Support Bulletins

Categories

Toggle navigation menu

Categories

Categories