High

Showing all detectors for the C# language with high severity.

Method Input Validation

ASP.NET input validation disabled

Password Complexity

Weak password requirements

Xml External Entity

Improper restriction of XML external entity reference ('XXE')

Cross-Site Request Forgery (CSRF)

Potential Cross-Site Request Forgery (CSRF)

Module Injection

Potential use of top-level wildcard bindings

Improper Cryptographic Signature Verification

Incorrect verification of signature for data.

Inefficient Regular Expression

Regular expression Denial of Service attack.

Unrestricted File Upload

Unrestricted upload of file whose type is dangerous.

Output Cache Conflicts

Use of cache containing sensitive information

Unsafe XSLT Setting Used

Improper restriction of XML external entity reference

Cross Site Scripting (XSS)

Improper neutralization of input during web page generation ('Cross-site Scripting')

Weak Cipher Algorithm

Use of a broken or risky cryptographic algorithm.

Stack Trace Exposure

Expose sensitive information through stack trace.

XPath Injection

Improper neutralization of data within XPath expressions ('XPathInjection').

Thread Safety Violation

Thread safety violation can lead to race condition.

OS Command Injection

Improper neutralization of special elements used in an OS command ('OS Command Injection')

Unvalidated Redirect

URL redirection to untrusted site 'open redirect'

Integer Overflow

Integer Overflow or Wraparound.

Avoid Persistent Cookies

Persistent cookies are vulnerable to attacks.

Untrusted Deserialization

Deserialization of potentially untrusted data

LDAP Injection

Improper neutralization of special elements used in an LDAP query ('LDAP Injection')

Weak Random Number Generation

Use of cryptographically weak Pseudo-Random Number Generator (PRNG)

SQL Injection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Path Traversal

Improper limitation of a pathname to a restricted directory ('Path Traversal')

Debug Binary

Debugging messages can help attacker to form some sort of attack on system.

Sensitive Information Leak

Sensitive information should not be exposed through log files or stack traces.

Webconfig Trace Enabled

Net Webconfig Trace Enabled.

Missing Authorization

Improper Access Control.

JWT TokenValidationParameters No Expiry

Insufficient Session Expiration.

Server-Side Request Forgery (SSRF)

Potential Server-Side Request Forgery.

Prevent Excessive Authentication

Improper Restriction of Excessive Authentication Attempts.

Improper Authentication

Your code doesn't sufficiently authenticate identities provided by its users.

Certificate Validation Disabled

Certificate validation disabled.

Log Injection

Improper Output Neutralization for Logs.

Mass Assignment

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Cookie Without SSL Flag

Sensitive cookie in HTTPS session without 'Secure' attribute