Elixir
Available solutions
- LDAP Injection
- NoSQL Injection
- Server-side Request Forgery (SSRF)
- Insecure Encryption Algorithm - Cipher Block Chaining
- Hidden Fields Manipulation
- Insecure Encryption Algorithm - Anonymous Cipher Suites
- Business Information Leak - Customers or Providers
- Non-upgradable Dependencies
- Insecurely Generated Token
- Improper Resource Allocation
- Technical Information Leak - Console Functions
- Traceability Loss - Server's Clock
- Sensitive Information Stored in Logs
- Insecure Encryption Algorithm
- Cracked Weak Credentials
- Guessed Weak Credentials
- Insecurely Generated Cookies
- Enabled Default Credentials
- Improper Authorization Control for Web Services
- Business Information Leak
- Technical Information Leak
- Insecure Generation of Random Numbers
- Sensitive Information Sent Via URL Parameters
- Insecure Temporary Files
- User Enumeration Vulnerability
- Use of an Insecure Channel
- Non-encrypted Confidential Information
- Administrative Credentials Stored in Cache Memory
- Sensitive Information Sent Insecurely
- Insecure Encryption Algorithm - SSL/TLS
- Insecure Authentication Method - Basic
- Insecure Functionality
- Insecure Object Reference
- Use of Software with Known Vulnerabilities
- Sensitive Information in Source Code
- Authentication Mechanism Absence or Evasion Vulnerability
- Privilege Escalation Vulnerability
- Remote Command Execution Vulnerability
- Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies
- Insecure or unset HTTP headers - X-XSS Protection
- Insecure or unset HTTP headers - CORS
- Insecure or unset HTTP headers - X-Content-Type-Options
- Insecure or unset HTTP headers - Strict Transport Security
- Insecurely generated cookies - Secure
- Insecurely generated cookies - SameSite
- Insecurely generated cookies - HttpOnly
- Lack of data validation - Type confusion
- Race Condition
- Local File Inclusion
- HTTP Parameter Pollution
- Security Controls Bypass or Absence
- Improper Type Assignation
- Improper Control of Interaction Frequency
- Email Uniqueness Not Properly Verified
- External Control of File Name or Path
- Insecure Deserialization
- Data Uniqueness Not Properly Verified
- CSV injection
- Lack of data validation - Trust boundary violation
- Account Lockout
- XML injection (XXE)
- Insecure session management
- Insecure session expiration time
- Lack of data validation - Path Traversal
- Insecure or unset HTTP headers - Referrer-Policy
- Concurrent sessions
- Remote File Inclusion
- Asymmetric denial of service - Content length
- Insecure HTTP methods enabled
- Insecure or unset HTTP headers - Content-Security-Policy
- Password change without identity check
- Inadequate File Size Control
- Uncontrolled External Site Redirect - Host Header Injection
- Account Takeover
- Password Reset Poisoning
- OS Command Injection
- Insecure generation of random numbers - Static IV
- Insecure object reference - User deletion
- Security Controls Bypass or Absence - Session Invalidation
- Insecure Session Management - CSRF Fixation
- Insecure or Unset HTTP Headers - Content-Type
- Insecure Object Reference - Session Management
- Insecure Functionality - User Management
- Insecurely Generated Token - Lifespan
- Insecurely Generated Token - Validation
- Improper Resource Allocation - Memory Leak
- Insecurely Generated Token - JWT
- Insecure Object Reference - Data
- Insecure Object Reference - Files
- Security Controls Bypass or Absence - Data Creation
- Insecure Functionality - Session Management
- Concurrent Sessions Control Bypass
- Authentication Mechanism Absence or Evasion - Redirect
- Insecure Session Management After Password Change
- Insecure Object Reference in Credit Card Inquiry
- Insecure object reference - Corporate information
- Insecure object reference - Personal information
- Insecure functionality - Fingerprint
- Insecure functionality - Masking
- Insecure functionality - Password management
- Unauthorized File Creation
- Insufficient data authenticity validation
- Unauthorized access to files
- Time-based SQL Injection
- Insecure or unset HTTP headers - Accept
- Insecure or unset HTTP headers - X-Frame Options
- Lack of Data Validation - URL
- XPath Injection Vulnerability
- Stored Cross-Site Scripting (XSS)
- Reflected Cross-Site Scripting (XSS)
- Cross-Site Request Forgery
- Symmetric Denial of Service
- Asymmetric Denial of Service
- Metadata with Sensitive Information
- Improper Dependency Pinning
- Email Flooding
- Directory Listing
- Insecure or unset HTTP headers - Cache Control
- Sensitive information in source code - API Key
- Inappropriate coding practices - Cyclomatic complexity
- SQL Injection
- Use of Insecure SMTP Channel
- SQL Injection via Headers
- Uncontrolled External Site Redirect
- Insecure File Upload
- Lack of Protection Against Brute Force Attacks
- Log Injection
- Excessive Privileges in Applications
- Excessive Privileges in Temporary Files in Applications
- Use of Insecure Channel - FTP in Applications
- Debugging Enabled in Production
- Lack of Data Validation
- Lack of data validation - Header x-amzn-RequestId
- Lack of data validation - Web Service
- Lack of data validation - Source Code
- Lack of data validation - Content Spoofing
- Lack of data validation - Session Cookie
- Lack of data validation - Responses
- Lack of Data Validation - Reflected Parameters
- Lack of Data Validation - Host Header Injection
- Lack of Data Validation - Input Length
- Lack of Data Validation - Headers
- Lack of Data Validation - Dates
- Lack of Data Validation - Numbers
- Lack of Data Validation - Out of Range
- Lack of Data Validation - Emails
- Traceability Loss
- Asymmetric Denial of Service - ReDoS
- Business Information Leak - JWT
- Business Information Leak - Credentials
- Business Information Leak - Credit Cards
- Business Information Leak - Token
- Business Information Leak - Users
- Business Information Leak - DB
- Business Information Leak - Personal Information
- Business Information Leak - Analytics
- Message Flooding
- Technical Information Leak - Headers
- Technical Information Leak - API
- Technical Information Leak - Errors
- Authentication Mechanism Absence or Evasion - OTP
- Non-encrypted Confidential Information - Credit Cards
- Non-encrypted Confidential Information - Database
- Non-encrypted Confidential Information - LDAP
- Non-encrypted Confidential Information - Credentials
- Automatic Information Enumeration - Credit Cards
- Insecure Encryption Algorithm - DSA
- Insecure Encryption Algorithm - SHA1
- Insecure Encryption Algorithm - MD5
- Insecure Encryption Algorithm - TripleDES
- Insecure Encryption Algorithm - AES
- Restricted Fields Manipulation
- Sensitive Information Sent Via URL Parameters - Session
- Session Fixation
- Insecure encryption algorithm - ECB
- Automatic information enumeration - Personal Information
- Technical information leak - IPs
- Business information leak - Financial Information
- Weak credential policy - Password Change Limit
- SQL Injection - Code
- Lack of data validation - HTML code
- Lack of protection against brute force attacks - Credentials
- Use of insecure channel - Source code
- Non-encrypted confidential information - Base 64
- Lack of data validation - Special Characters
- Lack of data validation - OTP
- Lack of data validation - Token
- Insecure file upload - Files Limit
- Insufficient data authenticity validation - Checksum verification
- Technical information leak - Content response
- Weak credential policy - Password strength
- Weak credential policy - Temporary passwords
- Use of an insecure channel - HTTP
- Non-encrypted confidential information - Hexadecimal
- Inappropriate coding practices - Unnecessary imports
- Insecurely generated token - OTP
- Insecure authentication method - LDAP
- Insecure encryption algorithm - Insecure Elliptic Curve