Tag: owasp-top10

Improper Certificate Validation

Disabled TLS certificate validation

Resource Leak

Improper resource handling leading to resource exhaustion or arbitrary code execution

Insecure Cookie

Cookies created without HttpOnly and Secure flags

Weak Random Number Generation

Use of insecure math/rand for random number generation

Insecure Ignore Host Key

Disabling SSH host key validation

Unsafe Reflection

Use of adversary-controlled input in reflection

Os Command Injection

OS command injection from untrusted input

Log Injection

Log injection from untrusted input

Httptrace FileServer As Handler

Using http.FileServer as handler

Cross Site Scripting (XSS)

XSS from untrusted input in web outputs

Channel Accessible By Non Endpoint

Insecure gRPC client and server connections in Go enable data tampering

Decompression Bomb

Decompression of untrusted data without size limits

Cross-Site Request Forgery (CSRF)

Insecure validation and lack of restrictions enable cross-site request forgery

Insecure Connection

Plain HTTP traffic enables eavesdropping and tampering

SQL Injection

Improper Neutralization of Special Elements used in an SQL Command

Deprecated Key Generator

Use of weak RSA key generation function

Server Side Request Forgery (SSRF)

User input used unsanitized in outbound requests

Sensitive Information Leak

Unprotected sensitive data in network services and client alerts

Insecure Cryptography

Use of insecure cryptography

Protection Mechanism Failure

Disabled or incorrectly used protection mechanism can lead to security vulnerabilities

XML External Entity

XXE vulnerability from XML

Insecure File Permissions

Overly permissive file permissions

Code Injection

Code injection from untrusted input

Improper authentication

Improper authentication from insufficient identity verification

Path Traversal

Path traversal from untrusted input