Skip to main content

Elixir

Available solutions

  1. LDAP Injection
  2. NoSQL Injection
  3. Server-side Request Forgery (SSRF)
  4. Insecure Encryption Algorithm - Cipher Block Chaining
  5. Hidden Fields Manipulation
  6. Insecure Encryption Algorithm - Anonymous Cipher Suites
  7. Business Information Leak - Customers or Providers
  8. Non-upgradable Dependencies
  9. Insecurely Generated Token
  10. Improper Resource Allocation
  11. Technical Information Leak - Console Functions
  12. Traceability Loss - Server's Clock
  13. Sensitive Information Stored in Logs
  14. Insecure Encryption Algorithm
  15. Cracked Weak Credentials
  16. Guessed Weak Credentials
  17. Insecurely Generated Cookies
  18. Enabled Default Credentials
  19. Improper Authorization Control for Web Services
  20. Business Information Leak
  21. Technical Information Leak
  22. Insecure Generation of Random Numbers
  23. Sensitive Information Sent Via URL Parameters
  24. Insecure Temporary Files
  25. User Enumeration Vulnerability
  26. Use of an Insecure Channel
  27. Non-encrypted Confidential Information
  28. Administrative Credentials Stored in Cache Memory
  29. Sensitive Information Sent Insecurely
  30. Insecure Encryption Algorithm - SSL/TLS
  31. Insecure Authentication Method - Basic
  32. Insecure Functionality
  33. Insecure Object Reference
  34. Use of Software with Known Vulnerabilities
  35. Sensitive Information in Source Code
  36. Authentication Mechanism Absence or Evasion Vulnerability
  37. Privilege Escalation Vulnerability
  38. Remote Command Execution Vulnerability
  39. Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies
  40. Insecure or unset HTTP headers - X-XSS Protection
  41. Insecure or unset HTTP headers - CORS
  42. Insecure or unset HTTP headers - X-Content-Type-Options
  43. Insecure or unset HTTP headers - Strict Transport Security
  44. Insecurely generated cookies - Secure
  45. Insecurely generated cookies - SameSite
  46. Insecurely generated cookies - HttpOnly
  47. Lack of data validation - Type confusion
  48. Race Condition
  49. Local File Inclusion
  50. HTTP Parameter Pollution
  51. Security Controls Bypass or Absence
  52. Improper Type Assignation
  53. Improper Control of Interaction Frequency
  54. Email Uniqueness Not Properly Verified
  55. External Control of File Name or Path
  56. Insecure Deserialization
  57. Data Uniqueness Not Properly Verified
  58. CSV injection
  59. Lack of data validation - Trust boundary violation
  60. Account Lockout
  61. XML injection (XXE)
  62. Insecure session management
  63. Insecure session expiration time
  64. Lack of data validation - Path Traversal
  65. Insecure or unset HTTP headers - Referrer-Policy
  66. Concurrent sessions
  67. Remote File Inclusion
  68. Asymmetric denial of service - Content length
  69. Insecure HTTP methods enabled
  70. Insecure or unset HTTP headers - Content-Security-Policy
  71. Password change without identity check
  72. Inadequate File Size Control
  73. Uncontrolled External Site Redirect - Host Header Injection
  74. Account Takeover
  75. Password Reset Poisoning
  76. OS Command Injection
  77. Insecure generation of random numbers - Static IV
  78. Insecure object reference - User deletion
  79. Security Controls Bypass or Absence - Session Invalidation
  80. Insecure Session Management - CSRF Fixation
  81. Insecure or Unset HTTP Headers - Content-Type
  82. Insecure Object Reference - Session Management
  83. Insecure Functionality - User Management
  84. Insecurely Generated Token - Lifespan
  85. Insecurely Generated Token - Validation
  86. Improper Resource Allocation - Memory Leak
  87. Insecurely Generated Token - JWT
  88. Insecure Object Reference - Data
  89. Insecure Object Reference - Files
  90. Security Controls Bypass or Absence - Data Creation
  91. Insecure Functionality - Session Management
  92. Concurrent Sessions Control Bypass
  93. Authentication Mechanism Absence or Evasion - Redirect
  94. Insecure Session Management After Password Change
  95. Insecure Object Reference in Credit Card Inquiry
  96. Insecure object reference - Corporate information
  97. Insecure object reference - Personal information
  98. Insecure functionality - Fingerprint
  99. Insecure functionality - Masking
  100. Insecure functionality - Password management
  101. Unauthorized File Creation
  102. Insufficient data authenticity validation
  103. Unauthorized access to files
  104. Time-based SQL Injection
  105. Insecure or unset HTTP headers - Accept
  106. Insecure or unset HTTP headers - X-Frame Options
  107. Lack of Data Validation - URL
  108. XPath Injection Vulnerability
  109. Stored Cross-Site Scripting (XSS)
  110. Reflected Cross-Site Scripting (XSS)
  111. Cross-Site Request Forgery
  112. Symmetric Denial of Service
  113. Asymmetric Denial of Service
  114. Metadata with Sensitive Information
  115. Improper Dependency Pinning
  116. Email Flooding
  117. Directory Listing
  118. Insecure or unset HTTP headers - Cache Control
  119. Sensitive information in source code - API Key
  120. Inappropriate coding practices - Cyclomatic complexity
  121. SQL Injection
  122. Use of Insecure SMTP Channel
  123. SQL Injection via Headers
  124. Uncontrolled External Site Redirect
  125. Insecure File Upload
  126. Lack of Protection Against Brute Force Attacks
  127. Log Injection
  128. Excessive Privileges in Applications
  129. Excessive Privileges in Temporary Files in Applications
  130. Use of Insecure Channel - FTP in Applications
  131. Debugging Enabled in Production
  132. Lack of Data Validation
  133. Lack of data validation - Header x-amzn-RequestId
  134. Lack of data validation - Web Service
  135. Lack of data validation - Source Code
  136. Lack of data validation - Content Spoofing
  137. Lack of data validation - Session Cookie
  138. Lack of data validation - Responses
  139. Lack of Data Validation - Reflected Parameters
  140. Lack of Data Validation - Host Header Injection
  141. Lack of Data Validation - Input Length
  142. Lack of Data Validation - Headers
  143. Lack of Data Validation - Dates
  144. Lack of Data Validation - Numbers
  145. Lack of Data Validation - Out of Range
  146. Lack of Data Validation - Emails
  147. Traceability Loss
  148. Asymmetric Denial of Service - ReDoS
  149. Business Information Leak - JWT
  150. Business Information Leak - Credentials
  151. Business Information Leak - Credit Cards
  152. Business Information Leak - Token
  153. Business Information Leak - Users
  154. Business Information Leak - DB
  155. Business Information Leak - Personal Information
  156. Business Information Leak - Analytics
  157. Message Flooding
  158. Technical Information Leak - Headers
  159. Technical Information Leak - API
  160. Technical Information Leak - Errors
  161. Authentication Mechanism Absence or Evasion - OTP
  162. Non-encrypted Confidential Information - Credit Cards
  163. Non-encrypted Confidential Information - Database
  164. Non-encrypted Confidential Information - LDAP
  165. Non-encrypted Confidential Information - Credentials
  166. Automatic Information Enumeration - Credit Cards
  167. Insecure Encryption Algorithm - DSA
  168. Insecure Encryption Algorithm - SHA1
  169. Insecure Encryption Algorithm - MD5
  170. Insecure Encryption Algorithm - TripleDES
  171. Insecure Encryption Algorithm - AES
  172. Restricted Fields Manipulation
  173. Sensitive Information Sent Via URL Parameters - Session
  174. Session Fixation
  175. Insecure encryption algorithm - ECB
  176. Automatic information enumeration - Personal Information
  177. Technical information leak - IPs
  178. Business information leak - Financial Information
  179. Weak credential policy - Password Change Limit
  180. SQL Injection - Code
  181. Lack of data validation - HTML code
  182. Lack of protection against brute force attacks - Credentials
  183. Use of insecure channel - Source code
  184. Non-encrypted confidential information - Base 64
  185. Lack of data validation - Special Characters
  186. Lack of data validation - OTP
  187. Lack of data validation - Token
  188. Insecure file upload - Files Limit
  189. Insufficient data authenticity validation - Checksum verification
  190. Technical information leak - Content response
  191. Weak credential policy - Password strength
  192. Weak credential policy - Temporary passwords
  193. Use of an insecure channel - HTTP
  194. Non-encrypted confidential information - Hexadecimal
  195. Insecurely generated token - OTP
  196. Insecure authentication method - LDAP
  197. Insecure encryption algorithm - Insecure Elliptic Curve