C# detectors
Showing all detectors for the C# language.
Browse by tags
Browse all detectors by tags.
Browse by severity
Browse all detectors by severity.
Browse by category
Browse all detectors by category.
Browse all detectors
ASP.NET input validation disabled
Weak password requirements
Improper restriction of XML external entity reference ('XXE')
Out-of-bounds read due to improper length check
Potential Cross-Site Request Forgery (CSRF)
Potential use of top-level wildcard bindings
Incorrect verification of signature for data.
Use of obsolete cryptographic algorithm
Regular expression Denial of Service attack.
Do not use Double.Epsilon to test equality of two non-zero Double values.
Unrestricted upload of file whose type is dangerous.
Use of cache containing sensitive information
Improper restriction of XML external entity reference
Improper neutralization of input during web page generation ('Cross-site Scripting')
Use of a broken or risky cryptographic algorithm.
Expose sensitive information through stack trace.
Improper neutralization of data within XPath expressions ('XPathInjection').
Thread safety violation can lead to race condition.
Improper neutralization of special elements used in an OS command ('OS Command Injection')
URL redirection to untrusted site 'open redirect'
Integer Overflow or Wraparound.
Persistent cookies are vulnerable to attacks.
Deserialization of potentially untrusted data
Improper neutralization of special elements used in an LDAP query ('LDAP Injection')
Use of cryptographically weak Pseudo-Random Number Generator (PRNG)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Improper limitation of a pathname to a restricted directory ('Path Traversal')
Debugging messages can help attacker to form some sort of attack on system.
Sensitive information should not be exposed through log files or stack traces.
Net Webconfig Trace Enabled.
Instantiating a RegionInfo object by using only a region code.
Generation of code using external input without validation.
Insufficient Session Expiration.
Improper encoding or escaping can allow attackers to change the commands that are sent to another component.
Potential Server-Side Request Forgery.
Improper Restriction of Excessive Authentication Attempts.
Your code doesn't sufficiently authenticate identities provided by its users.
Certificate validation disabled.
Use of risky or broken cryptographic algorithm
Improper Output Neutralization for Logs.
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Sensitive cookie in HTTPS session without 'Secure' attribute