Dart
Available solutions
- XPath injection
- Symmetric denial of service
- Remote command execution
- Authentication mechanism absence or evasion
- Cross-site request forgery
- Sensitive information in source code
- Use of software with known vulnerabilities
- Insecure object reference
- Insecure functionality
- Sensitive information sent insecurely
- Non-encrypted confidential information
- Use of an insecure channel
- Insecure temporary files
- Password change without identity check
- Insecure generation of random numbers
- ViewState not encrypted
- Improper authorization control for web services
- Insecurely generated cookies
- Insecure or unset HTTP headers - Content-Security-Policy
- Insecure encryption algorithm
- Lack of protection against brute force attacks
- Sensitive information stored in logs
- Insecure service configuration - Host verification
- Technical information leak - Console functions
- Improper resource allocation
- Insecure session expiration time
- Insecure or unset HTTP headers - Referrer-Policy
- Insecure session management
- Insecurely generated token
- Non-upgradable dependencies
- Privacy violation
- Lack of data validation - Trust boundary violation
- Log injection
- Insecure encryption algorithm - Anonymous cipher suites
- Insecure encryption algorithm - Cipher Block Chaining
- Data uniqueness not properly verified
- Insecure deserialization
- External control of file name or path
- NoSQL injection
- Improper control of interaction frequency
- Improper type assignation
- Security controls bypass or absence
- Regulation infringement
- Metadata with sensitive information
- Improper dependency pinning
- Race condition
- Lack of data validation - Type confusion
- Insecurely generated cookies - HttpOnly
- Insecurely generated cookies - SameSite
- Insecurely generated cookies - Secure
- Insecure or unset HTTP headers - X-Content-Type-Options
- Insecure encryption algorithm - Perfect Forward Secrecy
- Insecure or unset HTTP headers - CORS
- Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies
- Inappropriate coding practices
- Insecure exceptions - Empty or no catch
- Lack of data validation - URL
- Sensitive information in source code - API Key
- Inappropriate coding practices - Eval function
- Inappropriate coding practices - Cyclomatic complexity
- Insecure encryption algorithm - SSLContext
- Use of an insecure channel - useSslProtocol()
- Insecure or unset HTTP headers - Accept
- Uncontrolled external site redirect
- Excessive privileges - Temporary Files
- Insecure service configuration
- Insecure service configuration - Keys
- Debugging enabled in production
- Lack of data validation
- Lack of data validation - Header x-amzn-RequestId
- Lack of data validation - Source Code
- Lack of data validation - Session Cookie
- Lack of data validation - Responses
- Lack of data validation - Reflected Parameters
- Lack of data validation - Input Length
- Lack of data validation - Headers
- Lack of data validation - Dates
- Lack of data validation - Numbers
- Lack of data validation - Emails
- Unauthorized access to files
- Insufficient data authenticity validation
- Asymmetric denial of service - ReDoS
- Business information leak - JWT
- Business information leak - Source Code
- Business information leak - Credit Cards
- Business information leak - Token
- Business information leak - DB
- Business information leak - Personal Information
- Business information leak - Firestore
- Incomplete funcional code
- Technical information leak - Stacktrace
- Technical information leak - SourceMap
- Technical information leak - Print Functions
- Authentication mechanism absence or evasion - OTP
- Authentication mechanism absence or evasion - Admin Console
- Non-encrypted confidential information - DB
- Non-encrypted confidential information - LDAP
- Non-encrypted confidential information - Credentials
- Email uniqueness not properly verified
- Automatic information enumeration - Credit Cards
- Insecure encryption algorithm - Blowfish
- Insecure functionality - File Creation
- Insecure functionality - Password management
- Insecure functionality - Masking
- Insecure functionality - Fingerprint
- Non-encrypted confidential information - Local data
- Sensitive information sent via URL parameters - Session
- Insecure exceptions - NullPointerException
- Insecure encryption algorithm - ECB
- Automatic information enumeration - Personal Information
- Insecure object reference - Personal information
- Insecure object reference - Financial information
- Insecure service configuration - OTP
- Insecure session management - Change Password
- Authentication mechanism absence or evasion - Redirect
- Insecure functionality - Session management
- Security controls bypass or absence - Data creation
- Insecure object reference - Files
- Insecure object reference - Data
- Enabled default configuration
- Insecurely generated token - JWT
- Insecure service configuration - Certificates
- Improper resource allocation - Memory leak
- Insecurely generated token - Validation
- Insecure service configuration - Roles
- Lack of data validation - HTML code
- Insecurely generated token - Lifespan
- Insecure functionality - User management
- Sensitive information in source code - Dependencies
- Insufficient data authenticity validation - Images
- Insecure object reference - Session management
- Insecure or unset HTTP headers - Content-Type
- Lack of protection against brute force attacks - Credentials
- Use of insecure channel - Source code
- Insecure session management - CSRF Fixation
- Insecure service configuration - Request Validation
- Lack of data validation - Special Characters
- Lack of data validation - OTP
- Lack of data validation - Non Sanitized Variables
- Security controls bypass or absence - Session Invalidation
- Lack of data validation - Token
- Insecure file upload - Files Limit
- Insufficient data authenticity validation - Checksum verification
- Sensitive information in source code - Credentials
- Authentication mechanism absence or evasion - Response tampering
- Insecure object reference - User deletion
- Use of an insecure channel - HTTP
- Non-encrypted confidential information - Hexadecimal
- Inappropriate coding practices - Unnecessary imports
- Insecurely generated token - OTP
- Inappropriate coding practices - Wildcard export
- Non-encrypted confidential information - Keys
- Insecure service configuration - Object Reutilization
- Inappropriate coding practices - Unused properties
- Use of software with known vulnerabilities in development
- Insecure generation of random numbers - Static IV
- Dependency Confusion
- Insecure service configuration - Header Checking
- Password reset poisoning
- Insecure encryption algorithm - Insecure Elliptic Curve
- Inappropriate coding practices - invalid file
- Use of software with known vulnerabilities in environments