Skip to main content

Ruby

Available solutions

  1. Asymmetric denial of service
  2. Symmetric denial of service
  3. Remote command execution
  4. Privilege escalation
  5. Cross-site request forgery
  6. Reflected cross-site scripting (XSS)
  7. Sensitive information in source code
  8. Stored cross-site scripting (XSS)
  9. Use of software with known vulnerabilities
  10. Insecure object reference
  11. Insecure functionality
  12. Insecure authentication method - Basic
  13. Insecure encryption algorithm - SSL/TLS
  14. Sensitive information sent insecurely
  15. Administrative credentials stored in cache memory
  16. XPath injection
  17. Uncontrolled external site redirect - Host Header Injection
  18. User enumeration
  19. Insecure file upload
  20. Insecure temporary files
  21. Inadequate file size control
  22. Password change without identity check
  23. Insecure generation of random numbers
  24. Technical information leak
  25. Enabled default credentials
  26. Insecurely generated cookies
  27. Insecure or unset HTTP headers - Content-Security-Policy
  28. Insecure HTTP methods enabled
  29. HTML code injection
  30. Automatic information enumeration
  31. Guessed weak credentials
  32. Cracked weak credentials
  33. Insecure encryption algorithm
  34. Lack of protection against brute force attacks
  35. Anonymous connection
  36. Asymmetric denial of service - Content length
  37. Sensitive information stored in logs
  38. Remote File Inclusion
  39. Concurrent sessions
  40. Lack of data validation - Path Traversal
  41. Cached form fields
  42. Technical information leak - Console functions
  43. Improper resource allocation
  44. Insecure session expiration time
  45. Insecure or unset HTTP headers - Referrer-Policy
  46. Insecure session management
  47. Insecurely generated token
  48. Lack of multi-factor authentication
  49. Insecurely deleted files
  50. XML injection (XXE)
  51. Sensitive data stored in client-side storage
  52. Missing subresource integrity check
  53. Account lockout
  54. CSV injection
  55. Log injection
  56. Insecure encryption algorithm - Anonymous cipher suites
  57. Hidden fields manipulation
  58. Insecure encryption algorithm - Cipher Block Chaining
  59. Data uniqueness not properly verified
  60. Insecure deserialization
  61. External control of file name or path
  62. Server-side request forgery (SSRF)
  63. Email uniqueness not properly verified
  64. Apache lucene query injection
  65. NoSQL injection
  66. LDAP injection
  67. Improper control of interaction frequency
  68. Improper type assignation
  69. Security controls bypass or absence
  70. XS-Leaks
  71. Metadata with sensitive information
  72. Improper dependency pinning
  73. HTTP parameter pollution
  74. Local file inclusion
  75. Race condition
  76. Directory listing
  77. Lack of data validation - Type confusion
  78. Insecurely generated cookies - HttpOnly
  79. Insecurely generated cookies - SameSite
  80. Insecurely generated cookies - Secure
  81. Insecure or unset HTTP headers - Strict Transport Security
  82. Insecure or unset HTTP headers - X-Content-Type-Options
  83. Insecure encryption algorithm - Perfect Forward Secrecy
  84. Insecure or unset HTTP headers - CORS
  85. Insecure or unset HTTP headers - X-XSS Protection
  86. Insecure or unset HTTP headers - Cache Control
  87. Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies
  88. Inappropriate coding practices
  89. Insecure exceptions - Empty or no catch
  90. Lack of data validation - URL
  91. Sensitive information in source code - API Key
  92. Inappropriate coding practices - Cyclomatic complexity
  93. SQL injection
  94. Insecure encryption algorithm - SSLContext
  95. Use of an insecure channel - FTP
  96. Use of an insecure channel - SMTP
  97. Use of an insecure channel - Telnet
  98. Insecure or unset HTTP headers - X-Frame Options
  99. Insecure or unset HTTP headers - Accept
  100. Time-based SQL Injection
  101. SQL Injection - Headers
  102. Uncontrolled external site redirect
  103. Excessive privileges
  104. Excessive privileges - Temporary Files
  105. Debugging enabled in production
  106. Lack of data validation
  107. Lack of data validation - Header x-amzn-RequestId
  108. Lack of data validation - Web Service
  109. Lack of data validation - Source Code
  110. Lack of data validation - Modify DOM Elements
  111. Lack of data validation - Session Cookie
  112. Lack of data validation - Responses
  113. Lack of data validation - Reflected Parameters
  114. Lack of data validation - Host Header Injection
  115. Lack of data validation - Input Length
  116. Lack of data validation - Headers
  117. Lack of data validation - Dates
  118. Lack of data validation - Numbers
  119. Lack of data validation - Out of range
  120. Lack of data validation - Emails
  121. Traceability loss
  122. Unauthorized access to files
  123. Insufficient data authenticity validation
  124. Asymmetric denial of service - ReDoS
  125. Incomplete funcional code
  126. Technical information leak - Stacktrace
  127. Technical information leak - Headers
  128. Technical information leak - SourceMap
  129. Technical information leak - Print Functions
  130. Technical information leak - API
  131. Technical information leak - Errors
  132. Automatic information enumeration - Open ports
  133. Automatic information enumeration - Credit Cards
  134. Insecure functionality - Pass the hash
  135. Insecure encryption algorithm - DSA
  136. Insecure encryption algorithm - SHA1
  137. Insecure encryption algorithm - MD5
  138. Insecure encryption algorithm - TripleDES
  139. Insecure encryption algorithm - AES
  140. Insecure encryption algorithm - Blowfish
  141. Insecure functionality - File Creation
  142. Insecure functionality - Password management
  143. Insecure functionality - Masking
  144. Insecure functionality - Fingerprint
  145. Restricted fields manipulation
  146. Sensitive information sent via URL parameters - Session
  147. Weak credential policy - Password Expiration
  148. Insecure exceptions - NullPointerException
  149. Session Fixation
  150. Automatic information enumeration - Personal Information
  151. Insecure object reference - Personal information
  152. Insecure object reference - Corporate information
  153. Insecure object reference - Financial information
  154. Technical information leak - Logs
  155. Technical information leak - IPs
  156. Insecure session management - Change Password
  157. Weak credential policy - Password Change Limit
  158. SQL injection - Code
  159. Concurrent sessions control bypass
  160. Insecure functionality - Session management
  161. Security controls bypass or absence - Data creation
  162. Insecure object reference - Files
  163. Insecure object reference - Data
  164. Enabled default configuration
  165. Insecurely generated token - JWT
  166. Unauthorized access to screen
  167. Improper resource allocation - Memory leak
  168. Insecurely generated token - Validation
  169. Lack of data validation - HTML code
  170. Insecurely generated token - Lifespan
  171. Insecure functionality - User management
  172. Sensitive information in source code - Dependencies
  173. Insecure object reference - Session management
  174. Insecure or unset HTTP headers - Content-Type
  175. Lack of protection against brute force attacks - Credentials
  176. Insecure session management - CSRF Fixation
  177. Lack of data validation - Special Characters
  178. Lack of data validation - OTP
  179. Lack of data validation - Non Sanitized Variables
  180. Security controls bypass or absence - Session Invalidation
  181. Technical information leak - Credentials
  182. Automatic information enumeration - Corporate information
  183. Lack of data validation - Token
  184. Insecure file upload - Files Limit
  185. Insufficient data authenticity validation - Checksum verification
  186. Sensitive information in source code - Credentials
  187. Technical information leak - Content response
  188. Weak credential policy - Password strength
  189. Weak credential policy - Temporary passwords
  190. Insecure object reference - User deletion
  191. DOM-Based cross-site scripting (XSS)
  192. Use of an insecure channel - HTTP
  193. Security controls bypass or absence - Tampering Protection
  194. Security controls bypass or absence - Reversing Protection
  195. Insufficient data authenticity validation - Front bypass
  196. Insecurely generated token - OTP
  197. Insecure authentication method - NTLM
  198. Inappropriate coding practices - Unused properties
  199. Use of software with known vulnerabilities in development
  200. Insecure generation of random numbers - Static IV
  201. Insecure authentication method - LDAP
  202. OS Command Injection
  203. Insecure encryption algorithm - Default encryption
  204. Password reset poisoning
  205. Insecure encryption algorithm - Insecure Elliptic Curve
  206. Server side template injection
  207. Inappropriate coding practices - System exit
  208. Inappropriate coding practices - invalid file
  209. Universal cross-site scripting (UXSS)
  210. Inappropriate coding practices - relative path command
  211. Client-side template injection
  212. Use of software with known vulnerabilities in environments
  213. Security controls bypass or absence - Fingerprint