Skip to main content

Dart

Available solutions

  1. XPath injection
  2. Symmetric denial of service
  3. Remote command execution
  4. Authentication mechanism absence or evasion
  5. Cross-site request forgery
  6. Sensitive information in source code
  7. Use of software with known vulnerabilities
  8. Insecure object reference
  9. Insecure functionality
  10. Sensitive information sent insecurely
  11. Non-encrypted confidential information
  12. Use of an insecure channel
  13. Insecure temporary files
  14. Password change without identity check
  15. Insecure generation of random numbers
  16. ViewState not encrypted
  17. Improper authorization control for web services
  18. Insecurely generated cookies
  19. Insecure or unset HTTP headers - Content-Security-Policy
  20. Insecure encryption algorithm
  21. Lack of protection against brute force attacks
  22. Sensitive information stored in logs
  23. Insecure service configuration - Host verification
  24. Technical information leak - Console functions
  25. Improper resource allocation
  26. Insecure session expiration time
  27. Insecure or unset HTTP headers - Referrer-Policy
  28. Insecure session management
  29. Insecurely generated token
  30. Non-upgradable dependencies
  31. Privacy violation
  32. Lack of data validation - Trust boundary violation
  33. Log injection
  34. Insecure encryption algorithm - Anonymous cipher suites
  35. Insecure encryption algorithm - Cipher Block Chaining
  36. Data uniqueness not properly verified
  37. Insecure deserialization
  38. External control of file name or path
  39. NoSQL injection
  40. Improper control of interaction frequency
  41. Improper type assignation
  42. Security controls bypass or absence
  43. Regulation infringement
  44. Metadata with sensitive information
  45. Improper dependency pinning
  46. Race condition
  47. Lack of data validation - Type confusion
  48. Insecurely generated cookies - HttpOnly
  49. Insecurely generated cookies - SameSite
  50. Insecurely generated cookies - Secure
  51. Insecure or unset HTTP headers - X-Content-Type-Options
  52. Insecure encryption algorithm - Perfect Forward Secrecy
  53. Insecure or unset HTTP headers - CORS
  54. Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies
  55. Inappropriate coding practices
  56. Insecure exceptions - Empty or no catch
  57. Lack of data validation - URL
  58. Sensitive information in source code - API Key
  59. Inappropriate coding practices - Eval function
  60. Inappropriate coding practices - Cyclomatic complexity
  61. Insecure encryption algorithm - SSLContext
  62. Use of an insecure channel - useSslProtocol()
  63. Insecure or unset HTTP headers - Accept
  64. Uncontrolled external site redirect
  65. Excessive privileges - Temporary Files
  66. Insecure service configuration
  67. Insecure service configuration - Keys
  68. Debugging enabled in production
  69. Lack of data validation
  70. Lack of data validation - Header x-amzn-RequestId
  71. Lack of data validation - Source Code
  72. Lack of data validation - Session Cookie
  73. Lack of data validation - Responses
  74. Lack of data validation - Reflected Parameters
  75. Lack of data validation - Input Length
  76. Lack of data validation - Headers
  77. Lack of data validation - Dates
  78. Lack of data validation - Numbers
  79. Lack of data validation - Emails
  80. Unauthorized access to files
  81. Insufficient data authenticity validation
  82. Asymmetric denial of service - ReDoS
  83. Business information leak - JWT
  84. Business information leak - Source Code
  85. Business information leak - Credit Cards
  86. Business information leak - Token
  87. Business information leak - DB
  88. Business information leak - Personal Information
  89. Business information leak - Firestore
  90. Incomplete funcional code
  91. Technical information leak - Stacktrace
  92. Technical information leak - SourceMap
  93. Technical information leak - Print Functions
  94. Authentication mechanism absence or evasion - OTP
  95. Authentication mechanism absence or evasion - Admin Console
  96. Non-encrypted confidential information - DB
  97. Non-encrypted confidential information - LDAP
  98. Non-encrypted confidential information - Credentials
  99. Email uniqueness not properly verified
  100. Automatic information enumeration - Credit Cards
  101. Insecure encryption algorithm - Blowfish
  102. Insecure functionality - File Creation
  103. Insecure functionality - Password management
  104. Insecure functionality - Masking
  105. Insecure functionality - Fingerprint
  106. Non-encrypted confidential information - Local data
  107. Sensitive information sent via URL parameters - Session
  108. Insecure exceptions - NullPointerException
  109. Insecure encryption algorithm - ECB
  110. Automatic information enumeration - Personal Information
  111. Insecure object reference - Personal information
  112. Insecure object reference - Financial information
  113. Insecure service configuration - OTP
  114. Insecure session management - Change Password
  115. Authentication mechanism absence or evasion - Redirect
  116. Insecure functionality - Session management
  117. Security controls bypass or absence - Data creation
  118. Insecure object reference - Files
  119. Insecure object reference - Data
  120. Enabled default configuration
  121. Insecurely generated token - JWT
  122. Insecure service configuration - Certificates
  123. Improper resource allocation - Memory leak
  124. Insecurely generated token - Validation
  125. Insecure service configuration - Roles
  126. Lack of data validation - HTML code
  127. Insecurely generated token - Lifespan
  128. Insecure functionality - User management
  129. Sensitive information in source code - Dependencies
  130. Insufficient data authenticity validation - Images
  131. Insecure object reference - Session management
  132. Insecure or unset HTTP headers - Content-Type
  133. Lack of protection against brute force attacks - Credentials
  134. Use of insecure channel - Source code
  135. Insecure session management - CSRF Fixation
  136. Insecure service configuration - Request Validation
  137. Lack of data validation - Special Characters
  138. Lack of data validation - OTP
  139. Lack of data validation - Non Sanitized Variables
  140. Security controls bypass or absence - Session Invalidation
  141. Lack of data validation - Token
  142. Insecure file upload - Files Limit
  143. Insufficient data authenticity validation - Checksum verification
  144. Sensitive information in source code - Credentials
  145. Authentication mechanism absence or evasion - Response tampering
  146. Insecure object reference - User deletion
  147. Use of an insecure channel - HTTP
  148. Non-encrypted confidential information - Hexadecimal
  149. Inappropriate coding practices - Unnecessary imports
  150. Insecurely generated token - OTP
  151. Inappropriate coding practices - Wildcard export
  152. Non-encrypted confidential information - Keys
  153. Insecure service configuration - Object Reutilization
  154. Inappropriate coding practices - Unused properties
  155. Use of software with known vulnerabilities in development
  156. Insecure generation of random numbers - Static IV
  157. Dependency Confusion
  158. Insecure service configuration - Header Checking
  159. Password reset poisoning
  160. Insecure encryption algorithm - Insecure Elliptic Curve
  161. Inappropriate coding practices - invalid file
  162. Use of software with known vulnerabilities in environments
Last updated on