Continuous Dynamic SAST Vulnerability Classes
WhiteHat Vulnerability Classes | Description |
---|---|
Access.Administration.Interface |
Application Misconfiguration: Exposed Axis Administration Servlet |
Access.Analysis.Enabled |
Binary Protection: Missing PT_DENY_ATTACH |
Access.Bypass.Data |
Insufficient Authorization: Autobinding |
Access.Bypass.Method |
Insufficient Authorization: Bypass Method |
Access.Device.Id |
Information Leakage: Unique Device ID |
Access.Directory.Listing |
Directory Indexing |
Access.Directory.Traversal |
Path Traversal |
Access.Environment.Permission |
Application Misconfiguration: Excessive Permissions |
Access.Environment.Permission.Excessive |
Application Misconfiguration: Excessive Permissions |
Access.Html.Cors.Bypass |
Code Quality: CORS Bypass |
Access.Html.Cors.Permissive |
Insufficient Authorization: CORS Policy |
Access.Native.Unsafe |
Unsafe Code Usage |
Access.Native.Win32 |
Application Code Execution: PHP Win32 Usage |
Access.Role.Manipulation |
Insufficient Authorization: Role Manipulation |
Access.Strategy.None |
Missing Access Strategy |
Access.Verb.Tampering |
Insufficient Authorization: HTTP Verb Tampering |
Accountability.Logging.Insufficient |
Insufficient Logging & Monitoring |
Accountability.Logging.SensitiveData |
Information Leakage: Logging |
App.Cache.Leak |
Information Leakage: NSURL Cache |
Authentication.Impersonation.Ui.Redressing |
UI Redressing: Clickjacking/Tapjacking |
Authentication.Password.ClearText |
Disclosure: Cleartext Password |
Authentication.Password.Cleartext |
Disclosure: Cleartext Password |
Authentication.Password.Disclosure |
Information Leakage: Password |
Authentication.Password.HardCoded |
Disclosure: Hardcoded Password |
Authentication.Strategy.BasicAuthentication |
Insufficient Authentication: Basic Authentication Usage |
Availability.Regex.Dos |
Denial of Service: Regex |
Availability.Stream.ReadFile |
Denial of Service: ReadFile |
Availability.Stream.ReadLine |
Denial of Service: ReadLine |
CodeQuality.AutoCorrect.Information.Disclosure |
Information Leakage: Keyboard Caching |
CodeQuality.Conditional.Assignment |
Code Quality: Conditional Assignment |
CodeQuality.Conditional.Comparison |
Code Quality: Conditional Comparison |
CodeQuality.CopyPaste.Information.Disclosure |
Information Leakage: Copy Paste |
CodeQuality.Deprecated.Api |
Code Quality: Depricated API |
CodeQuality.IpAddress.HardCoded |
Code Quality: Hardcoded IP Address |
CodeQuality.Memory.Overflow |
Code Quality: Memory Overflow |
CodeQuality.Project.Setting |
Application Misconfiguration: GDPR Cookie Policy Missing |
CodeQuality.Screenshot.Information.Disclosure |
Information Leakage: Application Snapshots (Backgrounding) |
Compliance.GDPR.CookiePolicy.Missing |
Application Misconfiguration: GDPR Cookie Policy Missing |
Cryptography.Algorithm.Asymmetric |
Cryptography algorithm asymmetric |
Cryptography.Algorithm.Custom |
Cryptography: Custom Algorithm |
Cryptography.Algorithm.KeySize |
Cryptography algorithm keysize |
Cryptography.Algorithm.Symmetric |
Cryptography algorithm symmetric |
Cryptography.Certificate.Expiration |
Cryptography: Improper Certificate Expiration |
Cryptography.Certificate.Validation |
Cryptography: Improper Certificate Validation |
Cryptography.Cipher.Insecure |
Cryptography: Insecure Cipher |
Cryptography.Cipher.Mode.Insecure |
Cryptography: Insecure Cipher Mode |
Cryptography.Cipher.Padding.Insecure |
Cryptography: Insecure Cipher Padding |
Cryptography.Cipher.Transformation.Insecure |
Cryptography: Cipher Transformation Insecure |
Cryptography.Digest.Insecure |
Cryptography: Insecure Digest |
Cryptography.Hash.Unsalted |
Cryptography: Unsalted Hash |
Cryptography.Iv.HardCoded |
Cryptography: Hardcoded IV |
Cryptography.Key.Cleartext |
Cryptography: Cleartext Key |
Cryptography.Key.HardCoded |
Cryptography: Hardcoded Key |
Cryptography.KeyLength.Insufficient |
Cryptography keylength insufficient |
Cryptography.Mac.Insecure |
Cryptography: Insecure MAC |
Cryptography.Persist.Ccn.Unencrypted |
Insecure Data Storage: Unencrypted CCN |
Cryptography.Persist.Cvv.Unencrypted |
Insecure Data Storage: Unencrypted CVV |
Cryptography.Persist.Password.Unhashed |
Insecure Data Storage: Clear Text Password |
Cryptography.Persist.Ssn.Unencrypted |
Insecure Data Storage: Unencrypted SSN |
Cryptography.Persist.Sso.Unencrypted |
Insecure Data Storage: Unencrypted SSO Token |
Cryptography.Prng.Insecure |
Cryptography: Improper Pseudo-Random Number Generator Usage |
Cryptography.Protocol.Insecure |
Insufficient Transport Layer Protection |
Cryptography.Provider.Undefined |
Cryptography: Provider Undefined |
Cryptography.Salt.HardCoded |
Cryptography: Hardcoded Salt |
Cryptography.Seed.HardCoded |
Cryptography: Hardcoded Seed |
Cryptography.Transit.Tls |
Insufficient Transport Layer Protection |
Dynamic.Compilation.Components |
Dynamic compilation components |
Error.Debug.Enabled |
Application Misconfiguration: Debug |
Error.Handler.Global |
Application Misconfiguration: Global Error Handling Disabled |
Error.Information.Disclosure |
Information Leakage |
Injection.Apple.Plist |
Injection: Apple plist |
Injection.Database.Hql |
Injection: Hibernate Query Language |
Injection.Database.Nosql.Mongodb |
Injection: NoSQL Database |
Injection.Database.Sql |
SQL Injection |
Injection.Database.SQLite |
SQL Injection |
Injection.Directory.Ldap |
LDAP Injection |
Injection.Environment.Reflection |
Injection: Environment Reflection |
Injection.Environment.Variable |
Injection: Environment Variable |
Injection.General |
Injection: Unknown Interpreter |
Injection.Net.File.Inclusion |
Remote File Inclusion |
Injection.Net.Ftp.Command |
Injection: FTP Command |
Injection.Net.Ftp.Url |
Injection: FTP URL |
Injection.Net.Http.Body |
Cross Site Scripting |
Injection.Net.Http.Header |
Injection: HTTP Header |
Injection.Net.Http.Header.Request |
Injection: HTTP Request Splitting |
Injection.Net.Http.Header.Response |
Injection: HTTP Response Splitting |
Injection.Net.Http.Request |
Server Side Request Forgery |
Injection.Net.Http.Session |
Trust Boundary Violation: Session |
Injection.Net.Http.Url |
URL Redirector Abuse |
Injection.Net.Mail |
Mail Command Injection |
Injection.Net.Sms |
Injection: SMS |
Injection.Net.Socket |
Injection: Socket |
Injection.Net.WebService.Body |
Injection: Web Service |
Injection.Os.Shell |
OS Command Injection |
Injection.Script.Eval |
Injection: Code Execution |
Injection.Xml.Entity.External |
XML External Entity Injection |
Injection.Xml.XPath |
Injection: XPath |
Insecure.Key.Derivation |
Cryptography: Insecure Key Derivation |
Insufficient.Session.Invalidation |
Insufficient Session Expiration |
MaliciousCode.Compilation.Source |
Malicious Code: Compilation Source |
MaliciousCode.Injection.ByteCode |
Malicious Code: Injection Bytecode |
MaliciousCode.Malware.Url |
Malicious Code: Malware URL |
Mobile.Access.IPC.InsecureActivity |
Interprocess Communication: Insecure Activity |
Mobile.BinaryProtection.InsufficientCodeObfuscation |
Binary Protection: Insufficient Code Obfuscation |
Mobile.BinaryProtection.JailbreakRoot.Detection |
Binary Protection: Insufficient Jailbreak / Root Detection |
Mobile.Injection.Database.SQL |
SQL Injection - Client-Side |
Mobile.iOS.NSCoding |
Insecure NSCoding |
Mobile.Platform.Configuration.DebugAttribute |
Application Misconfiguration: Debug |
Mobile.SensitiveData.Cache |
Information Leakage: Application Cache |
Mobile.SensitiveData.Plist.Storage |
Insecure Data Storage: Plist |
Non.Unique.Keys |
Cryptography: Non-Unique Keys |
Platform.Configuration.Android.BackupAllowed |
Application Misconfiguration: Backup Allowed |
Platform.Configuration.DotNet.AspNet.EnableHeaderChecking |
Application Misconfiguration: Header Checking Disabled |
Platform.Configuration.Php.CodeIgnite.CsrfProtectionDisabled |
Application Misconfiguration: CSRF Protection Disabled |
Platform.Configuration.Php.CodeIgnite.XssFilteringDisabled |
Application Misconfiguration: XSS Filtering Disabled |
Platform.Configuration.Php.Symfony.CsrfProtectionDisabled |
Application Misconfiguration: CSRF Protection Disabled |
Platform.Configuration.Php.Yii.CookieValidationDisabled |
Application Misconfiguration: Cookie Validation Disabled |
Platform.Configuration.Php.Yii.CsrfProtectionDisabled |
Application Misconfiguration: CSRF Protection Disabled |
Platform.Configuration.Xcode.ARC.Disabled |
Application Misconfiguration: ARC Disabled |
Platform.Configuration.Xcode.Position.Independent.Execution |
Platform configuration xcode position independent execution |
Platform.Configuration.Xcode.Symbols.Enabled |
Application Misconfiguration: Debug |
Platform.Deserialization.Unsafe |
Unsafe Deserialization: Remote Code Execution |
Platform.Library.Execution |
Unvalidated Automatic Library Activation |
Platform.Sanitization.Bypass |
Platform sanitization bypass |
Platform.UnpatchedLibrary |
Unpatched Library |
Rails.SessionStore.Insecure |
Rails sessionstore insecure |
SensitiveData.Ccn.Disclosure |
Information Leakage: CCN |
SensitiveData.Cvv.Disclosure |
Information Leakage: CVV |
SensitiveData.DeviceId.Disclosure |
Information Leakage: Device ID |
SensitiveData.InternalEnv.Disclosure |
Information Leakage: Internal Environment |
SensitiveData.Keychain.Storage |
Insecure Data Storage: Keychain |
SensitiveData.Location.Disclosure |
Information Leakage: Location Disclosure |
SensitiveData.Ssn.Disclosure |
Information Leakage: SSN |
SensitiveData.Sso.Disclosure |
Information Leakage: SSO |
SensitiveData.TransportLayer.Insecure |
Insufficient Transport Layer Protection |
Session.Flag.HttpOnly |
Non-HttpOnly Session Cookie |
Session.Flag.Secure |
Unsecured Session Cookie |
Session.Id.Disclosure |
Information Leakage: Session ID |
Session.Ssl.Unverified.Host |
Insufficient Transport Layer Protection: Unverified SSL Host |
Session.State.Disclosure |
Information Leakage: Client Side Session State |
Session.Timeout.Expiration |
Insufficient Session Expiration |
Session.Url.Rewriting |
Information Leakage: Session ID |
Stack.Smashing.Prot |
Application Misconfiguration: Stack Smashing Protection Disabled |
Technology.Apple.Xcode.Project.Settings |
Application Misconfiguration: Xcode Settings |
Validation.Mvc.Csrf.Missing |
Validation mvc csrf missing |
Validation.Url.Redirect |
URL Redirector Abuse |
WebService.AbuseOfFunc |
Abuse of Functionality |
WebService.Access.PRL |
Predictable Resource Location |
WebService.Crypto.TLS.HSTS |
Insufficient Transport Layer Protection: HSTS |
WebService.SensitiveData.BigIP.Disclosure |
Information Leakage: BIG-IP |
WebService.SensitiveData.GETRequest.Disclosure |
Information Leakage: Sensitive Data Over GET |
WebService.SensitiveData.Information.Leakage |
Information Leakage: Sensitive Data |
WebService.SensitiveData.IPAddress.Disclosure |
Information Leakage: IP Address |
WebService.SensitiveData.ServerVersion.Disclosure |
Information Leakage: Server Version |
WebServices.SensitiveData.Information.Disclosure |
WebServices SensitiveData Information Disclosure |
WebServices.SensitiveData.Information.Leakage |
Information Leakage |
Technical Vulnerabilities Covered by SAST - OWASP 2021 Top 10 | |
---|---|
Vulnerabilities |
Description |
A01 |
Broken Access Control |
A02 |
Cryptographic Failures |
A03 |
Injection |
A04 |
Insecure Design |
A05 |
Security Misconfiguration |
A06 |
Vulnerable and Outdated Components |
A07 |
Identification and Authentication Failures |
A08 |
Software and Data Integrity Failures |
A09 |
Security Logging and Monitoring Failures |
A10 |
Server-Side Request Forgery |