Skip to main content

TypeScript

Available solutions

  1. Reflected cross-site scripting (XSS)
  2. Sensitive information in source code
  3. Insecure object reference
  4. Use of an insecure channel
  5. Uncontrolled external site redirect - Host Header Injection
  6. User enumeration
  7. Insecure temporary files
  8. Password change without identity check
  9. Insecure generation of random numbers
  10. Improper authorization control for web services
  11. Enabled default credentials
  12. Insecure or unset HTTP headers - Content-Security-Policy
  13. Insecure HTTP methods enabled
  14. Automatic information enumeration
  15. Guessed weak credentials
  16. Cracked weak credentials
  17. Insecure encryption algorithm
  18. Lack of protection against brute force attacks
  19. Asymmetric denial of service - Content length
  20. Sensitive information stored in logs
  21. Concurrent sessions
  22. Traceability loss - Server's clock
  23. Insecure or unset HTTP headers - Referrer-Policy
  24. Insecure session management
  25. Non-upgradable dependencies
  26. Business information leak - Customers or providers
  27. CSV injection
  28. Insecure encryption algorithm - Anonymous cipher suites
  29. Insecure encryption algorithm - Cipher Block Chaining
  30. Insecure deserialization
  31. Email uniqueness not properly verified
  32. Improper control of interaction frequency
  33. Improper type assignation
  34. Metadata with sensitive information
  35. Improper dependency pinning
  36. Directory listing
  37. Insecurely generated cookies - HttpOnly
  38. Insecurely generated cookies - SameSite
  39. Insecurely generated cookies - Secure
  40. Insecure or unset HTTP headers - CORS
  41. Insecure or unset HTTP headers - X-XSS Protection
  42. Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies
  43. Lack of data validation - URL
  44. Sensitive information in source code - API Key
  45. Inappropriate coding practices - Cyclomatic complexity
  46. Insecure encryption algorithm - SSLContext
  47. Use of an insecure channel - FTP
  48. Use of an insecure channel - SMTP
  49. Insecure or unset HTTP headers - X-Frame Options
  50. Excessive privileges
  51. Excessive privileges - Temporary Files
  52. Lack of data validation - Header x-amzn-RequestId
  53. Lack of data validation - Content Spoofing
  54. Lack of data validation - Reflected Parameters
  55. Lack of data validation - Headers
  56. Lack of data validation - Emails
  57. Business information leak - Credentials
  58. Business information leak - Source Code
  59. Business information leak - Token
  60. Business information leak - Analytics
  61. Incomplete funcional code
  62. Technical information leak - Headers
  63. Technical information leak - SourceMap
  64. Technical information leak - API
  65. Non-encrypted confidential information - DB
  66. Non-encrypted confidential information - LDAP
  67. Insecure encryption algorithm - SHA1
  68. Insecure encryption algorithm - MD5
  69. Insecure encryption algorithm - TripleDES
  70. Insecure encryption algorithm - AES
  71. Insecure encryption algorithm - Blowfish
  72. Insecure encryption algorithm - ECB
  73. Insecure object reference - Corporate information
  74. Business information leak - Financial Information
  75. Insecure session management - Change Password
  76. Insecurely generated token - JWT
  77. Improper resource allocation - Memory leak
  78. Insecure functionality - User management
  79. Insecure or unset HTTP headers - Content-Type
  80. Lack of protection against brute force attacks - Credentials
  81. Use of insecure channel - Source code
  82. Business information leak - Corporate information
  83. Insecure session management - CSRF Fixation
  84. Technical information leak - Credentials
  85. Lack of data validation - Token
  86. Insecure file upload - Files Limit
  87. Insufficient data authenticity validation - Checksum verification
  88. Sensitive information in source code - Credentials
  89. Weak credential policy - Password strength
  90. Weak credential policy - Temporary passwords
  91. Authentication mechanism absence or evasion - Response tampering
  92. Use of an insecure channel - HTTP
  93. Inappropriate coding practices - Wildcard export
  94. Insecure authentication method - NTLM
  95. Insecure generation of random numbers - Static IV
  96. Excessive privileges - Access Mode
  97. Password reset poisoning
  98. Server side cross-site scripting
  99. Inappropriate coding practices - relative path command
  100. Use of software with known vulnerabilities in environments
  101. Asymmetric denial of service
  102. Symmetric denial of service
  103. Remote command execution
  104. Privilege escalation
  105. Authentication mechanism absence or evasion
  106. Cross-site request forgery
  107. Stored cross-site scripting (XSS)
  108. Insecure authentication method - Basic
  109. Sensitive information sent insecurely
  110. Administrative credentials stored in cache memory
  111. XPath injection
  112. Insecure file upload
  113. Inadequate file size control
  114. Sensitive information sent via URL parameters
  115. Technical information leak
  116. Business information leak
  117. Insecurely generated cookies
  118. Remote File Inclusion
  119. Lack of data validation - Path Traversal
  120. Technical information leak - Console functions
  121. Improper resource allocation
  122. Insecure session expiration time
  123. Weak CAPTCHA
  124. Insecurely generated token
  125. XML injection (XXE)
  126. Lack of data validation - Trust boundary violation
  127. Log injection
  128. Hidden fields manipulation
  129. Data uniqueness not properly verified
  130. External control of file name or path
  131. Server-side request forgery (SSRF)
  132. NoSQL injection
  133. LDAP injection
  134. Out-of-bounds read
  135. Security controls bypass or absence
  136. HTTP parameter pollution
  137. Local file inclusion
  138. Race condition
  139. Lack of data validation - Type confusion
  140. Insecure or unset HTTP headers - Strict Transport Security
  141. Insecure encryption algorithm - Perfect Forward Secrecy
  142. Insecure or unset HTTP headers - Cache Control
  143. Inappropriate coding practices
  144. Insecure exceptions - Empty or no catch
  145. Inappropriate coding practices - Eval function
  146. SQL injection
  147. Insecure or unset HTTP headers - Accept
  148. Time-based SQL Injection
  149. SQL Injection - Headers
  150. Uncontrolled external site redirect
  151. Lack of data validation
  152. Lack of data validation - Source Code
  153. Lack of data validation - Session Cookie
  154. Lack of data validation - Responses
  155. Lack of data validation - Host Header Injection
  156. Lack of data validation - Input Length
  157. Lack of data validation - Dates
  158. Lack of data validation - Numbers
  159. Traceability loss
  160. Unauthorized access to files
  161. Insufficient data authenticity validation
  162. Asymmetric denial of service - ReDoS
  163. Business information leak - JWT
  164. Business information leak - Credit Cards
  165. Business information leak - Users
  166. Business information leak - Personal Information
  167. Technical information leak - Print Functions
  168. Technical information leak - Errors
  169. Authentication mechanism absence or evasion - OTP
  170. Non-encrypted confidential information - Credit Cards
  171. Non-encrypted confidential information - Credentials
  172. Automatic information enumeration - Credit Cards
  173. Insecure encryption algorithm - DSA
  174. Insecure functionality - File Creation
  175. Insecure functionality - Password management
  176. Insecure functionality - Masking
  177. Insecure functionality - Fingerprint
  178. Restricted fields manipulation
  179. Sensitive information sent via URL parameters - Session
  180. Session Fixation
  181. Automatic information enumeration - Personal Information
  182. Non-encrypted confidential information - Base 64
  183. Insecure object reference - Personal information
  184. Insecure object reference - Financial information
  185. Technical information leak - Logs
  186. Weak credential policy - Password Change Limit
  187. SQL injection - Code
  188. Authentication mechanism absence or evasion - Redirect
  189. Concurrent sessions control bypass
  190. Insecure functionality - Session management
  191. Security controls bypass or absence - Data creation
  192. Insecure object reference - Files
  193. Insecure object reference - Data
  194. Enabled default configuration
  195. Insecurely generated token - Validation
  196. Lack of data validation - HTML code
  197. Insecurely generated token - Lifespan
  198. Insecure object reference - Session management
  199. Lack of data validation - Special Characters
  200. Lack of data validation - OTP
  201. Lack of data validation - Non Sanitized Variables
  202. Security controls bypass or absence - Session Invalidation
  203. Technical information leak - Content response
  204. Insecure object reference - User deletion
  205. DOM-Based cross-site scripting (XSS)
  206. Non-encrypted confidential information - Hexadecimal
  207. Inappropriate coding practices - Unnecessary imports
  208. Insecurely generated token - OTP
  209. Inappropriate coding practices - Unused properties
  210. OS Command Injection
  211. Account Takeover
  212. Insecure encryption algorithm - Insecure Elliptic Curve
  213. Server side template injection
Last updated on