Skip to main content

Python

Available solutions

  1. Remote command execution
  2. Privilege escalation
  3. Authentication mechanism absence or evasion
  4. Cross-site request forgery
  5. Reflected cross-site scripting (XSS)
  6. Insecure object reference
  7. Insecure authentication method - Basic
  8. XPath injection
  9. Insecure file upload
  10. Inadequate file size control
  11. Password change without identity check
  12. Improper authorization control for web services
  13. Insecurely generated cookies
  14. Insecure or unset HTTP headers - Content-Security-Policy
  15. Cracked weak credentials
  16. Asymmetric denial of service - Content length
  17. Insecure service configuration - Host verification
  18. Concurrent sessions
  19. Lack of data validation - Path Traversal
  20. Insecure session expiration time
  21. Insecure or unset HTTP headers - Referrer-Policy
  22. Insecure session management
  23. XML injection (XXE)
  24. Lack of data validation - Trust boundary violation
  25. CSV injection
  26. Log injection
  27. Insecure deserialization
  28. External control of file name or path
  29. NoSQL injection
  30. LDAP injection
  31. Improper type assignation
  32. HTTP parameter pollution
  33. Local file inclusion
  34. Race condition
  35. Lack of data validation - Type confusion
  36. Insecurely generated cookies - HttpOnly
  37. Insecurely generated cookies - SameSite
  38. Insecurely generated cookies - Secure
  39. Insecure or unset HTTP headers - Strict Transport Security
  40. Insecure or unset HTTP headers - X-Content-Type-Options
  41. Insecure or unset HTTP headers - CORS
  42. Insecure or unset HTTP headers - X-XSS Protection
  43. Insecure or unset HTTP headers - Cache Control
  44. Insecure exceptions - Empty or no catch
  45. Inappropriate coding practices - Cyclomatic complexity
  46. Insecure or unset HTTP headers - X-Frame Options
  47. Insecure or unset HTTP headers - Accept
  48. Time-based SQL Injection
  49. SQL Injection - Headers
  50. Lack of data validation
  51. Lack of data validation - Header x-amzn-RequestId
  52. Lack of data validation - Web Service
  53. Lack of data validation - Source Code
  54. Lack of data validation - Session Cookie
  55. Lack of data validation - Responses
  56. Lack of data validation - Reflected Parameters
  57. Lack of data validation - Host Header Injection
  58. Lack of data validation - Input Length
  59. Lack of data validation - Headers
  60. Lack of data validation - Dates
  61. Lack of data validation - Numbers
  62. Lack of data validation - Out of range
  63. Lack of data validation - Emails
  64. Unauthorized access to files
  65. Insufficient data authenticity validation
  66. Security controls bypass or absence - Facial Recognition
  67. Authentication mechanism absence or evasion - OTP
  68. Authentication mechanism absence or evasion - Admin Console
  69. Insecure functionality - Fingerprint
  70. Restricted fields manipulation
  71. Session Fixation
  72. Insecure object reference - Personal information
  73. Insecure session management - Change Password
  74. SQL injection - Code
  75. Authentication mechanism absence or evasion - Redirect
  76. Insecure functionality - Session management
  77. Security controls bypass or absence - Data creation
  78. Insecure object reference - Files
  79. Insecure object reference - Data
  80. Unauthorized access to screen
  81. Lack of data validation - HTML code
  82. Insecure object reference - Session management
  83. Insecure or unset HTTP headers - Content-Type
  84. Insecure session management - CSRF Fixation
  85. Lack of data validation - Special Characters
  86. Lack of data validation - OTP
  87. Lack of data validation - Non Sanitized Variables
  88. Security controls bypass or absence - Session Invalidation
  89. Lack of data validation - Token
  90. Insecure file upload - Files Limit
  91. Insufficient data authenticity validation - Checksum verification
  92. Weak credential policy - Password strength
  93. Weak credential policy - Temporary passwords
  94. Authentication mechanism absence or evasion - Response tampering
  95. Insecure object reference - User deletion
  96. Insecurely generated token - OTP
  97. Insecure authentication method - NTLM
  98. OS Command Injection
  99. Server side template injection
  100. Server side cross-site scripting
  101. Inappropriate coding practices - invalid file
  102. Security controls bypass or absence - Fingerprint
  103. Asymmetric denial of service
  104. Symmetric denial of service
  105. Insecure functionality
  106. Insecure encryption algorithm - SSL/TLS
  107. Sensitive information sent insecurely
  108. Non-encrypted confidential information
  109. Use of an insecure channel
  110. Uncontrolled external site redirect - Host Header Injection
  111. User enumeration
  112. Insecure temporary files
  113. Sensitive information sent via URL parameters
  114. Insecure generation of random numbers
  115. Enabled default credentials
  116. Automatic information enumeration
  117. Guessed weak credentials
  118. Insecure encryption algorithm
  119. Lack of protection against brute force attacks
  120. Sensitive information stored in logs
  121. Remote File Inclusion
  122. Traceability loss - Server's clock
  123. Improper resource allocation
  124. Insecurely generated token
  125. Non-upgradable dependencies
  126. Business information leak - Customers or providers
  127. Insecurely deleted files
  128. Insecure encryption algorithm - Anonymous cipher suites
  129. Hidden fields manipulation
  130. Insecure encryption algorithm - Cipher Block Chaining
  131. Data uniqueness not properly verified
  132. Server-side request forgery (SSRF)
  133. Email uniqueness not properly verified
  134. Improper control of interaction frequency
  135. XS-Leaks
  136. Regulation infringement
  137. Metadata with sensitive information
  138. Improper dependency pinning
  139. Directory listing
  140. Inappropriate coding practices
  141. Sensitive information in source code - API Key
  142. Inappropriate coding practices - Eval function
  143. Insecure encryption algorithm - SSLContext
  144. Use of an insecure channel - FTP
  145. Use of an insecure channel - useSslProtocol()
  146. Use of an insecure channel - Telnet
  147. Uncontrolled external site redirect
  148. Insecure service configuration - SMB
  149. Insecure service configuration - SMTP
  150. Debugging enabled in production
  151. Traceability loss
  152. Asymmetric denial of service - ReDoS
  153. Business information leak - JWT
  154. Business information leak - Credentials
  155. Business information leak - Source Code
  156. Business information leak - Credit Cards
  157. Business information leak - Network Unit
  158. Business information leak - Token
  159. Business information leak - Users
  160. Business information leak - JFROG
  161. Business information leak - Personal Information
  162. Technical information leak - Headers
  163. Technical information leak - Print Functions
  164. Technical information leak - Errors
  165. Non-encrypted confidential information - Credit Cards
  166. Non-encrypted confidential information - DB
  167. Non-encrypted confidential information - AWS
  168. Non-encrypted confidential information - LDAP
  169. Non-encrypted confidential information - Credentials
  170. Automatic information enumeration - Credit Cards
  171. Insecure encryption algorithm - DSA
  172. Insecure encryption algorithm - SHA1
  173. Insecure encryption algorithm - MD5
  174. Insecure encryption algorithm - TripleDES
  175. Insecure encryption algorithm - AES
  176. Insecure encryption algorithm - Blowfish
  177. Insecure functionality - File Creation
  178. Insecure functionality - Password management
  179. Insecure functionality - Masking
  180. Non-encrypted confidential information - Local data
  181. Sensitive information sent via URL parameters - Session
  182. Insecure encryption algorithm - ECB
  183. Automatic information enumeration - Personal Information
  184. Non-encrypted confidential information - Base 64
  185. Technical information leak - Logs
  186. Insecure service configuration - OTP
  187. Weak credential policy - Password Change Limit
  188. Insecurely generated token - JWT
  189. Improper resource allocation - Memory leak
  190. Insecurely generated token - Validation
  191. Insecure service configuration - Roles
  192. Insecurely generated token - Lifespan
  193. Sensitive information in source code - Dependencies
  194. Lack of protection against brute force attacks - Credentials
  195. Use of insecure channel - Source code
  196. Business information leak - Corporate information
  197. Insecure service configuration - Salt
  198. Insecure service configuration - BREACH Attack
  199. Sensitive information in source code - Credentials
  200. Sensitive information in source code - Git history
  201. Use of an insecure channel - HTTP
  202. Non-encrypted confidential information - Hexadecimal
  203. Inappropriate coding practices - Unnecessary imports
  204. Inappropriate coding practices - Wildcard export
  205. Non-encrypted confidential information - Keys
  206. Inappropriate coding practices - Unused properties
  207. Use of software with known vulnerabilities in development
  208. Insecure generation of random numbers - Static IV
  209. Dependency Confusion
  210. Password reset poisoning
  211. Insecure encryption algorithm - Insecure Elliptic Curve
  212. Use of software with known vulnerabilities in environments
Last updated on