Hi fellows.
I have a doubt with some js files, that have business code. The problem is these files are outside of the security perimeter. For examples these functions are used when you log in.
So the question here is if the files meet this criteria " FIN.S.0075. Acceso no autorizado a archivos"
What do you mean that the files are outside the security perimeter?
Generally you should access js files that the web page uses, but they need to be obfuscated in order to prevent information leakages. This looks like:
FIN.H.0066. JavaScript code without obfuscation
Why FIN.S.0075? You can read sensitive data? If that so, what data?