Tag: owasp-top10
Disabled TLS certificate validation
Improper resource handling leading to resource exhaustion or arbitrary code execution
Cookies created without HttpOnly and Secure flags
Use of insecure math/rand for random number generation
Disabling SSH host key validation
Use of adversary-controlled input in reflection
OS command injection from untrusted input
Log injection from untrusted input
Using http.FileServer as handler
XSS from untrusted input in web outputs
Insecure gRPC client and server connections in Go enable data tampering
Decompression of untrusted data without size limits
Insecure validation and lack of restrictions enable cross-site request forgery
Plain HTTP traffic enables eavesdropping and tampering
Improper Neutralization of Special Elements used in an SQL Command
Use of weak RSA key generation function
User input used unsanitized in outbound requests
Unprotected sensitive data in network services and client alerts
Use of insecure cryptography
Disabled or incorrectly used protection mechanism can lead to security vulnerabilities
XXE vulnerability from XML
Overly permissive file permissions
Code injection from untrusted input
Improper authentication from insufficient identity verification
Path traversal from untrusted input