Skip to main content

C-Sharp

Available solutions

  1. Asymmetric denial of service
  2. Symmetric denial of service
  3. SQL injection - C Sharp SQL API
  4. Remote command execution
  5. Privilege escalation
  6. Authentication mechanism absence or evasion
  7. Cross-site request forgery
  8. Reflected cross-site scripting (XSS)
  9. Stored cross-site scripting (XSS)
  10. Insecure object reference
  11. Insecure functionality
  12. Insecure authentication method - Basic
  13. Sensitive information sent insecurely
  14. Non-encrypted confidential information
  15. XPath injection
  16. Uncontrolled external site redirect - Host Header Injection
  17. User enumeration
  18. Insecure file upload
  19. Insecure temporary files
  20. Inadequate file size control
  21. Sensitive information sent via URL parameters
  22. Password change without identity check
  23. Insecure generation of random numbers
  24. Business information leak
  25. Improper authorization control for web services
  26. Exposed web services
  27. Enabled default credentials
  28. Insecurely generated cookies
  29. Insecure or unset HTTP headers - Content-Security-Policy
  30. Automatic information enumeration
  31. Guessed weak credentials
  32. Cracked weak credentials
  33. Insecure encryption algorithm
  34. Lack of protection against brute force attacks
  35. Asymmetric denial of service - Content length
  36. Sensitive information stored in logs
  37. Concurrent sessions
  38. Lack of data validation - Path Traversal
  39. Traceability loss - Server's clock
  40. Cached form fields
  41. Technical information leak - Console functions
  42. Improper resource allocation
  43. Insecure session expiration time
  44. Insecure or unset HTTP headers - Referrer-Policy
  45. Insecure session management
  46. Insecurely generated token
  47. Business information leak - Customers or providers
  48. Lack of multi-factor authentication
  49. XML injection (XXE)
  50. Account lockout
  51. Privacy violation
  52. Lack of data validation - Trust boundary violation
  53. CSV injection
  54. Log injection
  55. Insecure encryption algorithm - Anonymous cipher suites
  56. Hidden fields manipulation
  57. Insecure encryption algorithm - Cipher Block Chaining
  58. Data uniqueness not properly verified
  59. Insecure deserialization
  60. External control of file name or path
  61. Server-side request forgery (SSRF)
  62. Lack of protection against deletion
  63. Email uniqueness not properly verified
  64. NoSQL injection
  65. LDAP injection
  66. Improper control of interaction frequency
  67. Out-of-bounds read
  68. Improper type assignation
  69. Security controls bypass or absence
  70. Unverifiable files
  71. Regulation infringement
  72. Metadata with sensitive information
  73. HTTP parameter pollution
  74. Local file inclusion
  75. Race condition
  76. Lack of data validation - Type confusion
  77. Insecurely generated cookies - HttpOnly
  78. Insecurely generated cookies - SameSite
  79. Insecurely generated cookies - Secure
  80. Insecure or unset HTTP headers - Strict Transport Security
  81. Insecure or unset HTTP headers - X-Content-Type-Options
  82. Insecure encryption algorithm - Perfect Forward Secrecy
  83. Insecure or unset HTTP headers - CORS
  84. Insecure or unset HTTP headers - X-XSS Protection
  85. Insecure or unset HTTP headers - Cache Control
  86. Inappropriate coding practices
  87. Insecure exceptions - Empty or no catch
  88. Lack of data validation - URL
  89. Sensitive information in source code - API Key
  90. Inappropriate coding practices - Eval function
  91. Inappropriate coding practices - Cyclomatic complexity
  92. SQL injection
  93. Use of an insecure channel - FTP
  94. Use of an insecure channel - SMTP
  95. Use of an insecure channel - Telnet
  96. Insecure or unset HTTP headers - X-Frame Options
  97. Insecure or unset HTTP headers - Accept
  98. SQL Injection - Headers
  99. Uncontrolled external site redirect
  100. Excessive privileges - Temporary Files
  101. Insecure service configuration
  102. Debugging enabled in production
  103. Lack of data validation
  104. Lack of data validation - Header x-amzn-RequestId
  105. Lack of data validation - Web Service
  106. Lack of data validation - Source Code
  107. Lack of data validation - Session Cookie
  108. Lack of data validation - Responses
  109. Lack of data validation - Reflected Parameters
  110. Lack of data validation - Host Header Injection
  111. Lack of data validation - Input Length
  112. Lack of data validation - Headers
  113. Lack of data validation - Dates
  114. Lack of data validation - Numbers
  115. Lack of data validation - Out of range
  116. Lack of data validation - Emails
  117. Unauthorized access to files
  118. Insufficient data authenticity validation
  119. Asymmetric denial of service - ReDoS
  120. Business information leak - JWT
  121. Business information leak - Credentials
  122. Business information leak - Credit Cards
  123. Business information leak - Token
  124. Business information leak - Users
  125. Business information leak - Personal Information
  126. Business information leak - Analytics
  127. Message flooding
  128. Incomplete funcional code
  129. Technical information leak - Stacktrace
  130. Technical information leak - Headers
  131. Technical information leak - SourceMap
  132. Technical information leak - Print Functions
  133. Technical information leak - API
  134. Technical information leak - Errors
  135. Authentication mechanism absence or evasion - OTP
  136. Non-encrypted confidential information - Credit Cards
  137. Non-encrypted confidential information - LDAP
  138. Non-encrypted confidential information - Credentials
  139. Automatic information enumeration - Credit Cards
  140. Insecure functionality - Pass the hash
  141. Insecure encryption algorithm - DSA
  142. Insecure encryption algorithm - SHA1
  143. Insecure encryption algorithm - MD5
  144. Insecure encryption algorithm - TripleDES
  145. Insecure encryption algorithm - AES
  146. Insecure encryption algorithm - Blowfish
  147. Insecure functionality - File Creation
  148. Insecure functionality - Password management
  149. Insecure functionality - Masking
  150. Insecure functionality - Fingerprint
  151. Restricted fields manipulation
  152. Non-encrypted confidential information - Local data
  153. Sensitive information sent via URL parameters - Session
  154. Insecure exceptions - NullPointerException
  155. Session Fixation
  156. Insecure encryption algorithm - ECB
  157. Automatic information enumeration - Personal Information
  158. Non-encrypted confidential information - Base 64
  159. Insecure object reference - Personal information
  160. Insecure object reference - Corporate information
  161. Insecure object reference - Financial information
  162. Technical information leak - Logs
  163. Technical information leak - IPs
  164. Business information leak - Financial Information
  165. Insecure session management - Change Password
  166. Weak credential policy - Password Change Limit
  167. SQL injection - Code
  168. Authentication mechanism absence or evasion - Redirect
  169. Concurrent sessions control bypass
  170. Insecure functionality - Session management
  171. Security controls bypass or absence - Data creation
  172. Insecure object reference - Files
  173. Insecure object reference - Data
  174. Enabled default configuration
  175. Improper resource allocation - Buffer overflow
  176. Improper resource allocation - Memory leak
  177. Insecurely generated token - Validation
  178. Lack of data validation - HTML code
  179. Insecurely generated token - Lifespan
  180. Insecure functionality - User management
  181. Insecure object reference - Session management
  182. Insecure or unset HTTP headers - Content-Type
  183. Lack of protection against brute force attacks - Credentials
  184. Use of insecure channel - Source code
  185. Business information leak - Corporate information
  186. Insecure session management - CSRF Fixation
  187. Lack of data validation - Special Characters
  188. Lack of data validation - OTP
  189. Lack of data validation - Non Sanitized Variables
  190. Security controls bypass or absence - Session Invalidation
  191. Technical information leak - Credentials
  192. Insecure digital certificates - Chain of trust
  193. Automatic information enumeration - Corporate information
  194. Lack of data validation - Token
  195. Insecure file upload - Files Limit
  196. Insufficient data authenticity validation - Checksum verification
  197. Symmetric denial of service - SMTP
  198. Symmetric denial of service - FTP
  199. Sensitive information in source code - Credentials
  200. Weak credential policy - Password strength
  201. Weak credential policy - Temporary passwords
  202. Authentication mechanism absence or evasion - Response tampering
  203. Insecure object reference - User deletion
  204. DOM-Based cross-site scripting (XSS)
  205. Use of an insecure channel - HTTP
  206. Insufficient data authenticity validation - Device Binding
  207. Non-encrypted confidential information - Hexadecimal
  208. Inappropriate coding practices - Unnecessary imports
  209. Insufficient data authenticity validation - Front bypass
  210. Insecurely generated token - OTP
  211. Insecure authentication method - NTLM
  212. Inappropriate coding practices - Unused properties
  213. Use of software with known vulnerabilities in development
  214. Insecure generation of random numbers - Static IV
  215. OS Command Injection
  216. Excessive privileges - Access Mode
  217. Insecure encryption algorithm - Default encryption
  218. Insecure file upload - DLL Injection
  219. XAML injection
  220. Account Takeover
  221. Password reset poisoning
  222. Insecure encryption algorithm - Insecure Elliptic Curve
  223. Server side template injection
  224. Server side cross-site scripting
  225. Inappropriate coding practices - invalid file
  226. Inappropriate coding practices - relative path command
  227. Use of software with known vulnerabilities in environments
  228. Security controls bypass or absence - Fingerprint
  229. Sensitive data stored in client-side storage
Last updated on