This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Category | Finding Name | Description | Severity | Reference |
---|---|---|---|---|
Server-Side Injection | Remote Code Execution (RCE) | Ensure that the application will not process operating system commands from the user. | P1 | |
Server Misconfiguration | Using Default Credentials | Ensure that the applciation is not using the default credentials | P1 | |
Server-Side Injection | SQL Injection | P1 | ||
Server-Side Injection | XML External Entity Injection (XXE) | P1 | ||
Server-Side Injection | Authentication Bypass | P1 | ||
Server Misconfiguration | Subdomain Takeover | P2 | ||
Server Misconfiguration | Account Takeover (OAuth Misconfiguration) | P2 | ||
Authorization | Cross-Site Request Forgery | P2 | ||
Session Fixation | P3 | |||
Server misconfiguration | Clickjacking | P4 | ||
Server Misconfiguration | No Rate Limiting | P4 | ||
Weak Password Policy | P5 | |||
Broken Access Control | Username Enumeration (Login Page) | P4 | ||
Broken Access Control | Username Enumeration (Password Reset Page) | P4 | ||
Cross Site Scripting (XSS) | ||||
Stored Cross Site Scripting (XSS) | ||||
XML External Entity (XXE) | ||||
Directory Traversal | ||||
Remote file inclusion (RFI) | ||||
Local File Inclusion (LFI) | ||||
Directory listing | ||||
ASP. NET Tracing Enabled | ||||
XPath Injection | ||||
HTTP request smuggling | ||||
Web cache poisoning | ||||
DOM Cross Site Scripting (DOM XSS) | ||||
Java deserialization | ||||
Open Redirection | ||||
Session Cookie without http flag | ||||
Session Cookie without secure flag | ||||
Private IP disclosure | ||||
Application not using HTTPS | ||||
Sensitive Data Exposure (EXIF Data) | ||||
Account Takeover | ||||
OTP Bypass | ||||
2FA Bypass | ||||
Insecure direct object references (IDOR) | ||||
CORS Misconfiguration | ||||
Privilege Escalation | ||||
Unsafe HTTP Method Enabled | ||||
JWT Misconfiguration | ||||
HTML Injection | ||||
Host-Header Injection | ||||
Server-Side Template Injection | ||||
Parameter pollution |