- Release Notes
- Getting Started
- Setup and Configuration
- Automation Projects
- Dependencies
- Types of Workflows
- File Comparison
- Automation Best Practices
- Source Control Integration
- Debugging
- The Diagnostic Tool
- Variables
- Arguments
- Imported Namespaces
- Trigger-based Attended Automation
- Recording
- UI Elements
- Control Flow
- Selectors
- Object Repository
- Data Scraping
- Image and Text Automation
- Automating Citrix Technologies
- RDP Automation
- Salesforce Automation
- SAP Automation
- VMware Horizon Automation
- Logging
- The ScreenScrapeJavaSupport Tool
- The WebDriver Protocol
- Test Suite - Studio
- Extensions
- Troubleshooting
- About troubleshooting
- Microsoft App-V support and limitations
- Internet Explorer X64 troubleshooting
- Microsoft Office issues
- Identifying UI elements in PDF with Accessibility options
- Repairing Active Accessibility support
- Automating Applications Running Under a Different Windows User
- Validation of large Windows-legacy projects takes longer than expected
ST-SEC-007 - SecureString Argument Usage
ST-SEC-007
Scope: Workflow
This rule checks whether SecureString type arguments are used in the workflow. This string type should be used for storing potentially sensitive strings.
Read more about SecureString here.
The SecureString type should not be used for any purpose other than the intended one. The scope of such variables should be very limited, ideally in the same scope where they were created. This means that arguments should not be used to pass credentials from one workflow to another. Variables containing credentials should be defined at the narrowest scope possible.
Once a SecureString is retrieved, it should be used to log into applications by using the Type Secure Text activity for regular applications, or the Send Keys Secure activity for terminals. Read more about SecureString here.