Security detectors

Method Input Validation

ASP.NET input validation disabled

Password Complexity

Weak password requirements

Xml External Entity

Improper restriction of XML external entity reference ('XXE')

Memory Marshal CreateSpan

Out-of-bounds read due to improper length check

Cross-Site Request Forgery (CSRF)

Potential Cross-Site Request Forgery (CSRF)

Module Injection

Potential use of top-level wildcard bindings

Improper Cryptographic Signature Verification

Incorrect verification of signature for data.

Obsolete Cryptography

Use of obsolete cryptographic algorithm

Inefficient Regular Expression

Regular expression Denial of Service attack.

Unrestricted File Upload

Unrestricted upload of file whose type is dangerous.

Output Cache Conflicts

Use of cache containing sensitive information

Unsafe XSLT Setting Used

Improper restriction of XML external entity reference

Cross Site Scripting (XSS)

Improper neutralization of input during web page generation ('Cross-site Scripting')

Weak Cipher Algorithm

Use of a broken or risky cryptographic algorithm.

Stack Trace Exposure

Expose sensitive information through stack trace.

XPath Injection

Improper neutralization of data within XPath expressions ('XPathInjection').

Thread Safety Violation

Thread safety violation can lead to race condition.

OS Command Injection

Improper neutralization of special elements used in an OS command ('OS Command Injection')

Unvalidated Redirect

URL redirection to untrusted site 'open redirect'

Integer Overflow

Integer Overflow or Wraparound.

Avoid Persistent Cookies

Persistent cookies are vulnerable to attacks.

Cookie Without Http Only Flag

Sensitive cookie without 'HttpOnly' flag

Untrusted Deserialization

Deserialization of potentially untrusted data

LDAP Injection

Improper neutralization of special elements used in an LDAP query ('LDAP Injection')

Weak Random Number Generation

Use of cryptographically weak Pseudo-Random Number Generator (PRNG)

SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Path Traversal

Improper limitation of a pathname to a restricted directory ('Path Traversal')

Debug Binary

Debugging messages can help attacker to form some sort of attack on system.

Sensitive Information Leak

Sensitive information should not be exposed through log files or stack traces.

Webconfig Trace Enabled

Net Webconfig Trace Enabled.

Code Injection

Generation of code using external input without validation.

Missing Authorization

Improper Access Control.

JWT TokenValidationParameters No Expiry

Insufficient Session Expiration.

Razor Use of html string

Improper encoding or escaping can allow attackers to change the commands that are sent to another component.

Server-Side Request Forgery (SSRF)

Potential Server-Side Request Forgery.

Prevent Excessive Authentication

Improper Restriction of Excessive Authentication Attempts.

Improper Authentication

Your code doesn't sufficiently authenticate identities provided by its users.

Certificate Validation Disabled

Certificate validation disabled.

Insecure Cryptography

Use of risky or broken cryptographic algorithm

Mass Assignment

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Cookie Without SSL Flag

Sensitive cookie in HTTPS session without 'Secure' attribute