Skip to main content

Scala

Available solutions

  1. Asymmetric denial of service
  2. Symmetric denial of service
  3. Remote command execution
  4. Privilege escalation
  5. Authentication mechanism absence or evasion
  6. Cross-site request forgery
  7. Sensitive information in source code
  8. Stored cross-site scripting (XSS)
  9. Use of software with known vulnerabilities
  10. Insecure object reference
  11. Insecure functionality
  12. Insecure authentication method - Basic
  13. Insecure encryption algorithm - SSL/TLS
  14. Sensitive information sent insecurely
  15. Administrative credentials stored in cache memory
  16. Non-encrypted confidential information
  17. XPath injection
  18. Use of an insecure channel
  19. Uncontrolled external site redirect - Host Header Injection
  20. User enumeration
  21. Insecure file upload
  22. Insecure temporary files
  23. Inadequate file size control
  24. Sensitive information sent via URL parameters
  25. Password change without identity check
  26. Insecure generation of random numbers
  27. Technical information leak
  28. Business information leak
  29. Improper authorization control for web services
  30. Enabled default credentials
  31. Insecurely generated cookies
  32. Insecure HTTP methods enabled
  33. Automatic information enumeration
  34. Guessed weak credentials
  35. Cracked weak credentials
  36. Insecure encryption algorithm
  37. Lack of protection against brute force attacks
  38. Asymmetric denial of service - Content length
  39. Sensitive information stored in logs
  40. Remote File Inclusion
  41. Concurrent sessions
  42. Lack of data validation - Path Traversal
  43. Traceability loss - Server's clock
  44. Technical information leak - Console functions
  45. Improper resource allocation
  46. Insecure session expiration time
  47. Weak CAPTCHA
  48. Insecure or unset HTTP headers - Referrer-Policy
  49. Improper authorization control for web services - RDS
  50. Insecure session management
  51. Insecurely generated token
  52. Non-upgradable dependencies
  53. Business information leak - Customers or providers
  54. Lack of multi-factor authentication
  55. Insecurely deleted files
  56. Account lockout
  57. Privacy violation
  58. Lack of data validation - Trust boundary violation
  59. CSV injection
  60. Log injection
  61. Insecure encryption algorithm - Anonymous cipher suites
  62. Hidden fields manipulation
  63. Insecure encryption algorithm - Cipher Block Chaining
  64. Data uniqueness not properly verified
  65. Insecure deserialization
  66. External control of file name or path
  67. Server-side request forgery (SSRF)
  68. Lack of protection against deletion
  69. Email uniqueness not properly verified
  70. NoSQL injection
  71. LDAP injection
  72. Improper control of interaction frequency
  73. HTTP request smuggling
  74. Out-of-bounds read
  75. Improper type assignation
  76. Phishing
  77. Security controls bypass or absence
  78. Unverifiable files
  79. Regulation infringement
  80. Improper dependency pinning
  81. HTTP parameter pollution
  82. Email flooding
  83. Local file inclusion
  84. Race condition
  85. Directory listing
  86. Lack of isolation methods
  87. Lack of data validation - Type confusion
  88. Insecurely generated cookies - HttpOnly
  89. Insecurely generated cookies - SameSite
  90. Insecurely generated cookies - Secure
  91. Insecure or unset HTTP headers - Strict Transport Security
  92. Insecure or unset HTTP headers - X-Content-Type-Options
  93. Insecure encryption algorithm - Perfect Forward Secrecy
  94. Insecure or unset HTTP headers - CORS
  95. Insecure or unset HTTP headers - X-XSS Protection
  96. Insecure or unset HTTP headers - Cache Control
  97. Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies
  98. Inappropriate coding practices
  99. Insecure exceptions - Empty or no catch
  100. Lack of data validation - URL
  101. Inappropriate coding practices - Eval function
  102. Inappropriate coding practices - Cyclomatic complexity
  103. SQL injection
  104. Insecure encryption algorithm - SSLContext
  105. Use of an insecure channel - FTP
  106. Use of an insecure channel - SMTP
  107. Use of an insecure channel - Telnet
  108. Insecure or unset HTTP headers - X-Frame Options
  109. Insecure or unset HTTP headers - Accept
  110. Time-based SQL Injection
  111. SQL Injection - Headers
  112. Uncontrolled external site redirect
  113. Unrestricted access between network segments
  114. Excessive privileges
  115. Excessive privileges - Temporary Files
  116. Email spoofing
  117. Debugging enabled in production
  118. Lack of data validation
  119. Lack of data validation - Header x-amzn-RequestId
  120. Lack of data validation - Web Service
  121. Lack of data validation - Source Code
  122. Lack of data validation - Content Spoofing
  123. Lack of data validation - Session Cookie
  124. Lack of data validation - Responses
  125. Lack of data validation - Reflected Parameters
  126. Lack of data validation - Host Header Injection
  127. Lack of data validation - Input Length
  128. Lack of data validation - Headers
  129. Lack of data validation - Dates
  130. Lack of data validation - Numbers
  131. Lack of data validation - Out of range
  132. Lack of data validation - Emails
  133. Traceability loss
  134. Unauthorized access to files
  135. Unauthorized access to files - S3 Bucket
  136. Insufficient data authenticity validation
  137. Security controls bypass or absence - Antivirus
  138. Security controls bypass or absence - Facial Recognition
  139. Security controls bypass or absence - Cloudflare
  140. Business information leak - JWT
  141. Business information leak - Credentials
  142. Business information leak - Source Code
  143. Business information leak - Credit Cards
  144. Business information leak - Network Unit
  145. Business information leak - Token
  146. Business information leak - Users
  147. Business information leak - DB
  148. Business information leak - Personal Information
  149. Business information leak - Analytics
  150. Message flooding
  151. Technical information leak - Stacktrace
  152. Technical information leak - Headers
  153. Technical information leak - SourceMap
  154. Technical information leak - Print Functions
  155. Technical information leak - API
  156. Technical information leak - Errors
  157. Authentication mechanism absence or evasion - OTP
  158. Authentication mechanism absence or evasion - Admin Console
  159. Non-encrypted confidential information - Credit Cards
  160. Non-encrypted confidential information - DB
  161. Non-encrypted confidential information - LDAP
  162. Non-encrypted confidential information - Credentials
  163. Non-encrypted hard drives
  164. Automatic information enumeration - Credit Cards
  165. Insecure functionality - Pass the hash
  166. Insecure encryption algorithm - DSA
  167. Insecure encryption algorithm - SHA1
  168. Insecure encryption algorithm - MD5
  169. Insecure encryption algorithm - TripleDES
  170. Insecure encryption algorithm - AES
  171. Insecure encryption algorithm - Blowfish
  172. Insecure functionality - File Creation
  173. Insecure functionality - Password management
  174. Insecure functionality - Masking
  175. Insecure functionality - Fingerprint
  176. Restricted fields manipulation
  177. Sensitive information sent via URL parameters - Session
  178. Weak credential policy - Password Expiration
  179. Session Fixation
  180. Insecure encryption algorithm - ECB
  181. Automatic information enumeration - Personal Information
  182. Non-encrypted confidential information - Base 64
  183. Insecure object reference - Personal information
  184. Insecure object reference - Corporate information
  185. Insecure object reference - Financial information
  186. Technical information leak - Logs
  187. Technical information leak - IPs
  188. Business information leak - Financial Information
  189. Insecure session management - Change Password
  190. SQL injection - Code
  191. Authentication mechanism absence or evasion - Redirect
  192. Concurrent sessions control bypass
  193. Insecure functionality - Session management
  194. Security controls bypass or absence - Data creation
  195. Insecure object reference - Files
  196. Insecure object reference - Data
  197. Enabled default configuration
  198. Insecurely generated token - JWT
  199. Improper resource allocation - Memory leak
  200. Insecurely generated token - Validation
  201. Lack of data validation - HTML code
  202. Insecurely generated token - Lifespan
  203. Insecure functionality - User management
  204. Insecure object reference - Session management
  205. Insecure or unset HTTP headers - Content-Type
  206. Lack of protection against brute force attacks - Credentials
  207. Use of insecure channel - Source code
  208. Business information leak - Corporate information
  209. Insecure session management - CSRF Fixation
  210. Lack of data validation - Special Characters
  211. Lack of data validation - OTP
  212. Security controls bypass or absence - Session Invalidation
  213. Technical information leak - Credentials
  214. Lack of data validation - Token
  215. Insecure file upload - Files Limit
  216. Insufficient data authenticity validation - Checksum verification
  217. Sensitive information in source code - Credentials
  218. Technical information leak - Content response
  219. Weak credential policy - Password strength
  220. Weak credential policy - Temporary passwords
  221. Authentication mechanism absence or evasion - Response tampering
  222. Insecure object reference - User deletion
  223. Use of an insecure channel - HTTP
  224. Security controls bypass or absence - Tampering Protection
  225. Non-encrypted confidential information - Hexadecimal
  226. Insecurely generated token - OTP
  227. Inappropriate coding practices - Wildcard export
  228. Insecure authentication method - NTLM
  229. Inappropriate coding practices - Unused properties
  230. Use of software with known vulnerabilities in development
  231. Insecure generation of random numbers - Static IV
  232. Insecure authentication method - LDAP
  233. OS Command Injection
  234. Excessive privileges - Access Mode
  235. Insecure encryption algorithm - Default encryption
  236. Account Takeover
  237. Password reset poisoning
  238. Insecure encryption algorithm - Insecure Elliptic Curve
  239. Server side template injection
  240. Server side cross-site scripting
  241. Inappropriate coding practices - invalid file
  242. Inappropriate coding practices - relative path command
  243. Use of software with known vulnerabilities in environments
  244. Security controls bypass or absence - Fingerprint