Security Vulnerabilities

In-depth reports with detailed fix information and code examples

OWASP Top 10

  • SQL Injection
  • Cross Site Scripting (XSS)
  • Broken Authentication and Session Management
  • Insecure Direct Object References
  • Cross Site Request Forgery (CSRF)
  • Security Misconfiguration
  • Insecure Cryptographic Storage
  • Failure to Restrict URL Access
  • Insufficient Transport Layer Protection
  • Invalidated Redirects and Forwards

Business Logic Issues

  • Abuse of functionality
  • Insufficient Process Validation
  • Information Leakage
  • Predictable Resource Location and Insufficient Authorization
  • Transaction details manipulation
  • Bypass payment process validation
  • Weak password recovery validation
  • User Account Hijack
  • Escalation of user privilege

Insecure Configuration

  • SSL configuration
  • Directory Listing Enabled
  • Directories with executable permission enabled
  • Directories with write permissions enabled
  • Insecure (TRACE / DELETE / PUT / HTTP) Method Enabled

Authentication

  • Password guessing
  • Password cracking
  • Bypass authentication
  • Session Id prediction
  • Cryptographic strength validation
  • Cookie tampering

Other Vulnerabilities

  • Server/service fingerprinting
  • Default passwords
  • Backup / Sensitive files Security Vulnerability
  • Code execution Vulnerability
  • Directory Traversal
  • Local / Remote File inclusion
  • Path disclosure
  • Possible sensitive files
  • Sensitive data not encrypted
  • Source code disclosure

WASC Classification

  • Brute Force
  • Buffer Overflow
  • Credential / Session Prediction
  • Fingerprinting
  • HTTP Response Splitting
  • Integer Overflows
  • Null Byte Injection
  • Session Fixation
  • Server Misconfiguration