Continuous Dynamic SAST Vulnerability Classes

WhiteHat Vulnerability Classes Description

Access.Administration.Interface

Application Misconfiguration: Exposed Axis Administration Servlet

Access.Analysis.Enabled

Binary Protection: Missing PT_DENY_ATTACH

Access.Bypass.Data

Insufficient Authorization: Autobinding

Access.Bypass.Method

Insufficient Authorization: Bypass Method

Access.Device.Id

Information Leakage: Unique Device ID

Access.Directory.Listing

Directory Indexing

Access.Directory.Traversal

Path Traversal

Access.Environment.Permission

Application Misconfiguration: Excessive Permissions

Access.Environment.Permission.Excessive

Application Misconfiguration: Excessive Permissions

Access.Html.Cors.Bypass

Code Quality: CORS Bypass

Access.Html.Cors.Permissive

Insufficient Authorization: CORS Policy

Access.Native.Unsafe

Unsafe Code Usage

Access.Native.Win32

Application Code Execution: PHP Win32 Usage

Access.Role.Manipulation

Insufficient Authorization: Role Manipulation

Access.Strategy.None

Missing Access Strategy

Access.Verb.Tampering

Insufficient Authorization: HTTP Verb Tampering

Accountability.Logging.Insufficient

Insufficient Logging & Monitoring

Accountability.Logging.SensitiveData

Information Leakage: Logging

App.Cache.Leak

Information Leakage: NSURL Cache

Authentication.Impersonation.Ui.Redressing

UI Redressing: Clickjacking/Tapjacking

Authentication.Password.ClearText

Disclosure: Cleartext Password

Authentication.Password.Cleartext

Disclosure: Cleartext Password

Authentication.Password.Disclosure

Information Leakage: Password

Authentication.Password.HardCoded

Disclosure: Hardcoded Password

Authentication.Strategy.BasicAuthentication

Insufficient Authentication: Basic Authentication Usage

Availability.Regex.Dos

Denial of Service: Regex

Availability.Stream.ReadFile

Denial of Service: ReadFile

Availability.Stream.ReadLine

Denial of Service: ReadLine

CodeQuality.AutoCorrect.Information.Disclosure

Information Leakage: Keyboard Caching

CodeQuality.Conditional.Assignment

Code Quality: Conditional Assignment

CodeQuality.Conditional.Comparison

Code Quality: Conditional Comparison

CodeQuality.CopyPaste.Information.Disclosure

Information Leakage: Copy Paste

CodeQuality.Deprecated.Api

Code Quality: Depricated API

CodeQuality.IpAddress.HardCoded

Code Quality: Hardcoded IP Address

CodeQuality.Memory.Overflow

Code Quality: Memory Overflow

CodeQuality.Project.Setting

Application Misconfiguration: GDPR Cookie Policy Missing

CodeQuality.Screenshot.Information.Disclosure

Information Leakage: Application Snapshots (Backgrounding)

Compliance.GDPR.CookiePolicy.Missing

Application Misconfiguration: GDPR Cookie Policy Missing

Cryptography.Algorithm.Asymmetric

Cryptography algorithm asymmetric

Cryptography.Algorithm.Custom

Cryptography: Custom Algorithm

Cryptography.Algorithm.KeySize

Cryptography algorithm keysize

Cryptography.Algorithm.Symmetric

Cryptography algorithm symmetric

Cryptography.Certificate.Expiration

Cryptography: Improper Certificate Expiration

Cryptography.Certificate.Validation

Cryptography: Improper Certificate Validation

Cryptography.Cipher.Insecure

Cryptography: Insecure Cipher

Cryptography.Cipher.Mode.Insecure

Cryptography: Insecure Cipher Mode

Cryptography.Cipher.Padding.Insecure

Cryptography: Insecure Cipher Padding

Cryptography.Cipher.Transformation.Insecure

Cryptography: Cipher Transformation Insecure

Cryptography.Digest.Insecure

Cryptography: Insecure Digest

Cryptography.Hash.Unsalted

Cryptography: Unsalted Hash

Cryptography.Iv.HardCoded

Cryptography: Hardcoded IV

Cryptography.Key.Cleartext

Cryptography: Cleartext Key

Cryptography.Key.HardCoded

Cryptography: Hardcoded Key

Cryptography.KeyLength.Insufficient

Cryptography keylength insufficient

Cryptography.Mac.Insecure

Cryptography: Insecure MAC

Cryptography.Persist.Ccn.Unencrypted

Insecure Data Storage: Unencrypted CCN

Cryptography.Persist.Cvv.Unencrypted

Insecure Data Storage: Unencrypted CVV

Cryptography.Persist.Password.Unhashed

Insecure Data Storage: Clear Text Password

Cryptography.Persist.Ssn.Unencrypted

Insecure Data Storage: Unencrypted SSN

Cryptography.Persist.Sso.Unencrypted

Insecure Data Storage: Unencrypted SSO Token

Cryptography.Prng.Insecure

Cryptography: Improper Pseudo-Random Number Generator Usage

Cryptography.Protocol.Insecure

Insufficient Transport Layer Protection

Cryptography.Provider.Undefined

Cryptography: Provider Undefined

Cryptography.Salt.HardCoded

Cryptography: Hardcoded Salt

Cryptography.Seed.HardCoded

Cryptography: Hardcoded Seed

Cryptography.Transit.Tls

Insufficient Transport Layer Protection

Dynamic.Compilation.Components

Dynamic compilation components

Error.Debug.Enabled

Application Misconfiguration: Debug

Error.Handler.Global

Application Misconfiguration: Global Error Handling Disabled

Error.Information.Disclosure

Information Leakage

Injection.Apple.Plist

Injection: Apple plist

Injection.Database.Hql

Injection: Hibernate Query Language

Injection.Database.Nosql.Mongodb

Injection: NoSQL Database

Injection.Database.Sql

SQL Injection

Injection.Database.SQLite

SQL Injection

Injection.Directory.Ldap

LDAP Injection

Injection.Environment.Reflection

Injection: Environment Reflection

Injection.Environment.Variable

Injection: Environment Variable

Injection.General

Injection: Unknown Interpreter

Injection.Net.File.Inclusion

Remote File Inclusion

Injection.Net.Ftp.Command

Injection: FTP Command

Injection.Net.Ftp.Url

Injection: FTP URL

Injection.Net.Http.Body

Cross Site Scripting

Injection.Net.Http.Header

Injection: HTTP Header

Injection.Net.Http.Header.Request

Injection: HTTP Request Splitting

Injection.Net.Http.Header.Response

Injection: HTTP Response Splitting

Injection.Net.Http.Request

Server Side Request Forgery

Injection.Net.Http.Session

Trust Boundary Violation: Session

Injection.Net.Http.Url

URL Redirector Abuse

Injection.Net.Mail

Mail Command Injection

Injection.Net.Sms

Injection: SMS

Injection.Net.Socket

Injection: Socket

Injection.Net.WebService.Body

Injection: Web Service

Injection.Os.Shell

OS Command Injection

Injection.Script.Eval

Injection: Code Execution

Injection.Xml.Entity.External

XML External Entity Injection

Injection.Xml.XPath

Injection: XPath

Insecure.Key.Derivation

Cryptography: Insecure Key Derivation

Insufficient.Session.Invalidation

Insufficient Session Expiration

MaliciousCode.Compilation.Source

Malicious Code: Compilation Source

MaliciousCode.Injection.ByteCode

Malicious Code: Injection Bytecode

MaliciousCode.Malware.Url

Malicious Code: Malware URL

Mobile.Access.IPC.InsecureActivity

Interprocess Communication: Insecure Activity

Mobile.BinaryProtection.InsufficientCodeObfuscation

Binary Protection: Insufficient Code Obfuscation

Mobile.BinaryProtection.JailbreakRoot.Detection

Binary Protection: Insufficient Jailbreak / Root Detection

Mobile.Injection.Database.SQL

SQL Injection - Client-Side

Mobile.iOS.NSCoding

Insecure NSCoding

Mobile.Platform.Configuration.DebugAttribute

Application Misconfiguration: Debug

Mobile.SensitiveData.Cache

Information Leakage: Application Cache

Mobile.SensitiveData.Plist.Storage

Insecure Data Storage: Plist

Non.Unique.Keys

Cryptography: Non-Unique Keys

Platform.Configuration.Android.BackupAllowed

Application Misconfiguration: Backup Allowed

Platform.Configuration.DotNet.AspNet.EnableHeaderChecking

Application Misconfiguration: Header Checking Disabled

Platform.Configuration.Php.CodeIgnite.CsrfProtectionDisabled

Application Misconfiguration: CSRF Protection Disabled

Platform.Configuration.Php.CodeIgnite.XssFilteringDisabled

Application Misconfiguration: XSS Filtering Disabled

Platform.Configuration.Php.Symfony.CsrfProtectionDisabled

Application Misconfiguration: CSRF Protection Disabled

Platform.Configuration.Php.Yii.CookieValidationDisabled

Application Misconfiguration: Cookie Validation Disabled

Platform.Configuration.Php.Yii.CsrfProtectionDisabled

Application Misconfiguration: CSRF Protection Disabled

Platform.Configuration.Xcode.ARC.Disabled

Application Misconfiguration: ARC Disabled

Platform.Configuration.Xcode.Position.Independent.Execution

Platform configuration xcode position independent execution

Platform.Configuration.Xcode.Symbols.Enabled

Application Misconfiguration: Debug

Platform.Deserialization.Unsafe

Unsafe Deserialization: Remote Code Execution

Platform.Library.Execution

Unvalidated Automatic Library Activation

Platform.Sanitization.Bypass

Platform sanitization bypass

Platform.UnpatchedLibrary

Unpatched Library

Rails.SessionStore.Insecure

Rails sessionstore insecure

SensitiveData.Ccn.Disclosure

Information Leakage: CCN

SensitiveData.Cvv.Disclosure

Information Leakage: CVV

SensitiveData.DeviceId.Disclosure

Information Leakage: Device ID

SensitiveData.InternalEnv.Disclosure

Information Leakage: Internal Environment

SensitiveData.Keychain.Storage

Insecure Data Storage: Keychain

SensitiveData.Location.Disclosure

Information Leakage: Location Disclosure

SensitiveData.Ssn.Disclosure

Information Leakage: SSN

SensitiveData.Sso.Disclosure

Information Leakage: SSO

SensitiveData.TransportLayer.Insecure

Insufficient Transport Layer Protection

Session.Flag.HttpOnly

Non-HttpOnly Session Cookie

Session.Flag.Secure

Unsecured Session Cookie

Session.Id.Disclosure

Information Leakage: Session ID

Session.Ssl.Unverified.Host

Insufficient Transport Layer Protection: Unverified SSL Host

Session.State.Disclosure

Information Leakage: Client Side Session State

Session.Timeout.Expiration

Insufficient Session Expiration

Session.Url.Rewriting

Information Leakage: Session ID

Stack.Smashing.Prot

Application Misconfiguration: Stack Smashing Protection Disabled

Technology.Apple.Xcode.Project.Settings

Application Misconfiguration: Xcode Settings

Validation.Mvc.Csrf.Missing

Validation mvc csrf missing

Validation.Url.Redirect

URL Redirector Abuse

WebService.AbuseOfFunc

Abuse of Functionality

WebService.Access.PRL

Predictable Resource Location

WebService.Crypto.TLS.HSTS

Insufficient Transport Layer Protection: HSTS

WebService.SensitiveData.BigIP.Disclosure

Information Leakage: BIG-IP

WebService.SensitiveData.GETRequest.Disclosure

Information Leakage: Sensitive Data Over GET

WebService.SensitiveData.Information.Leakage

Information Leakage: Sensitive Data

WebService.SensitiveData.IPAddress.Disclosure

Information Leakage: IP Address

WebService.SensitiveData.ServerVersion.Disclosure

Information Leakage: Server Version

WebServices.SensitiveData.Information.Disclosure

WebServices SensitiveData Information Disclosure

WebServices.SensitiveData.Information.Leakage

Information Leakage

Technical Vulnerabilities Covered by SAST - OWASP 2021 Top 10

Vulnerabilities

Description

A01

Broken Access Control

A02

Cryptographic Failures

A03

Injection

A04

Insecure Design

A05

Security Misconfiguration

A06

Vulnerable and Outdated Components

A07

Identification and Authentication Failures

A08

Software and Data Integrity Failures

A09

Security Logging and Monitoring Failures

A10

Server-Side Request Forgery