Tag: owasp-top10

Insecure cookie

Insecure cookies can lead to unencrypted transmission of sensitive data.

Cryptographic key generator

Insufficient key sizes can lead to brute force attacks.

Weak pseudorandom number generation

Insufficiently random generators (or hardcoded seeds) can make pseudorandom sequences predictable.

Path traversal

Creating file paths from untrusted input might give a malicious actor access to sensitive files.

Cross-site scripting

Relying on potentially untrusted user inputs when constructing web application outputs can lead to cross-site scripting vulnerabilities.

Code Injection

Code injection occurs when an application executes untrusted code from an attacker.

Server-side request forgery

Server-side request forgery (SSRF) is a vulnerability that allows an attacker to manipulate a web application to make unintended requests from the server.

Cross-site request forgery

Insecure configuration can lead to a cross-site request forgery (CSRF) vulnerability.

Log injection

Using untrusted inputs in a log statement can enable attackers to break the log's format, forge log entries, and bypass log monitors.

Hardcoded credentials

Hardcoded credentials can be intercepted by malicious actors.

Insecure hashing

Obsolete, broken, or weak hashing algorithms can lead to security vulnerabilities.

Insecure connection using unencrypted protocol

Connections that use insecure protocols transmit data in cleartext, which can leak sensitive information.

OS Command Injection

Possible unintended system commands could be executed through user input.

Insecure Bean Validation

Passing user-controlled input directly to bean validation APIs can lead to code injection attacks.

SQL injection

Use of untrusted inputs in SQL database query can enable attackers to read, modify, or delete sensitive data in the database

Q

Detector Library

Kotlin detectors (23/23)

Tag: owasp-top10